diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java index c39f2a1d2c..de50e7563a 100644 --- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java +++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java @@ -49,7 +49,7 @@ import org.springframework.util.Assert; public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private final GrantedAuthority gaGeneralChanges; diff --git a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java index 9ad106d7af..dfa62c610e 100644 --- a/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java +++ b/acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java @@ -110,9 +110,9 @@ public class EhCacheBasedAclCache implements AclCache { if (this.aclAuthorizationStrategy == null) { if (acl instanceof AclImpl) { this.aclAuthorizationStrategy = (AclAuthorizationStrategy) FieldUtils - .getProtectedFieldValue("aclAuthorizationStrategy", acl); + .getProtectedFieldValue("aclAuthorizationStrategy", acl); this.permissionGrantingStrategy = (PermissionGrantingStrategy) FieldUtils - .getProtectedFieldValue("permissionGrantingStrategy", acl); + .getProtectedFieldValue("permissionGrantingStrategy", acl); } } if ((acl.getParentAcl() != null) && (acl.getParentAcl() instanceof MutableAcl)) { diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java index 92e0e6a224..d6f47ecd64 100644 --- a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java +++ b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java @@ -54,7 +54,7 @@ public class SidRetrievalStrategyImpl implements SidRetrievalStrategy { @Override public List getSids(Authentication authentication) { Collection authorities = this.roleHierarchy - .getReachableGrantedAuthorities(authentication.getAuthorities()); + .getReachableGrantedAuthorities(authentication.getAuthorities()); List sids = new ArrayList<>(authorities.size() + 1); sids.add(new PrincipalSid(authentication)); for (GrantedAuthority authority : authorities) { diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java index e49fdb5876..18f93d0fd8 100644 --- a/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java +++ b/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java @@ -579,7 +579,7 @@ public class BasicLookupStrategy implements LookupStrategy { Serializable identifier = (Serializable) rs.getObject("object_id_identity"); identifier = BasicLookupStrategy.this.aclClassIdUtils.identifierFrom(identifier, rs); ObjectIdentity objectIdentity = BasicLookupStrategy.this.objectIdentityGenerator - .createObjectIdentity(identifier, rs.getString("class")); + .createObjectIdentity(identifier, rs.getString("class")); Acl parentAcl = null; long parentAclId = rs.getLong("parent_object"); diff --git a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java index ff27aea99c..93f68dd3e7 100644 --- a/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java +++ b/acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java @@ -66,7 +66,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS private static final String DEFAULT_INSERT_INTO_ACL_CLASS_WITH_ID = "insert into acl_class (class, class_id_type) values (?, ?)"; private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private boolean foreignKeysInDatabase = true; diff --git a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java index 8879c3f000..d74710b0c1 100644 --- a/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java +++ b/acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java @@ -37,7 +37,7 @@ public class AclFormattingUtilsTests { assertThatIllegalArgumentException().isThrownBy(() -> AclFormattingUtils.demergePatterns(null, "SOME STRING")); assertThatIllegalArgumentException().isThrownBy(() -> AclFormattingUtils.demergePatterns("SOME STRING", null)); assertThatIllegalArgumentException() - .isThrownBy(() -> AclFormattingUtils.demergePatterns("SOME STRING", "LONGER SOME STRING")); + .isThrownBy(() -> AclFormattingUtils.demergePatterns("SOME STRING", "LONGER SOME STRING")); assertThatNoException().isThrownBy(() -> AclFormattingUtils.demergePatterns("SOME STRING", "SAME LENGTH")); } @@ -46,7 +46,7 @@ public class AclFormattingUtilsTests { String original = "...........................A...R"; String removeBits = "...............................R"; assertThat(AclFormattingUtils.demergePatterns(original, removeBits)) - .isEqualTo("...........................A...."); + .isEqualTo("...........................A...."); assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "......")).isEqualTo("ABCDEF"); assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "GHIJKL")).isEqualTo("......"); } @@ -56,7 +56,7 @@ public class AclFormattingUtilsTests { assertThatIllegalArgumentException().isThrownBy(() -> AclFormattingUtils.mergePatterns(null, "SOME STRING")); assertThatIllegalArgumentException().isThrownBy(() -> AclFormattingUtils.mergePatterns("SOME STRING", null)); assertThatIllegalArgumentException() - .isThrownBy(() -> AclFormattingUtils.mergePatterns("SOME STRING", "LONGER SOME STRING")); + .isThrownBy(() -> AclFormattingUtils.mergePatterns("SOME STRING", "LONGER SOME STRING")); assertThatNoException().isThrownBy(() -> AclFormattingUtils.mergePatterns("SOME STRING", "SAME LENGTH")); } @@ -73,9 +73,9 @@ public class AclFormattingUtilsTests { public final void testBinaryPrints() { assertThat(AclFormattingUtils.printBinary(15)).isEqualTo("............................****"); assertThatIllegalArgumentException() - .isThrownBy(() -> AclFormattingUtils.printBinary(15, Permission.RESERVED_ON)); + .isThrownBy(() -> AclFormattingUtils.printBinary(15, Permission.RESERVED_ON)); assertThatIllegalArgumentException() - .isThrownBy(() -> AclFormattingUtils.printBinary(15, Permission.RESERVED_OFF)); + .isThrownBy(() -> AclFormattingUtils.printBinary(15, Permission.RESERVED_OFF)); assertThat(AclFormattingUtils.printBinary(15, 'x')).isEqualTo("............................xxxx"); } diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java index 1322758589..bc8a965565 100644 --- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java +++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java @@ -85,7 +85,8 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests { AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider( service, Arrays.asList(mock(Permission.class))); assertThat(provider.decide(mock(Authentication.class), new Object(), - SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)).isNull(); + SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)) + .isNull(); verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class)); } diff --git a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java index d8f4f491b0..00f61d0a54 100644 --- a/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java +++ b/acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java @@ -54,7 +54,7 @@ public class AclEntryAfterInvocationProviderTests { @Test public void rejectsMissingPermissions() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AclEntryAfterInvocationProvider(mock(AclService.class), null)); + .isThrownBy(() -> new AclEntryAfterInvocationProvider(mock(AclService.class), null)); assertThatIllegalArgumentException().isThrownBy( () -> new AclEntryAfterInvocationProvider(mock(AclService.class), Collections.emptyList())); } @@ -112,12 +112,12 @@ public class AclEntryAfterInvocationProviderTests { provider.setProcessDomainObjectClass(Object.class); provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> provider.decide(mock(Authentication.class), new Object(), - SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object())); + .isThrownBy(() -> provider.decide(mock(Authentication.class), new Object(), + SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object())); // Second scenario with no acls found assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> provider.decide(mock(Authentication.class), new Object(), - SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object())); + .isThrownBy(() -> provider.decide(mock(Authentication.class), new Object(), + SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object())); } @Test @@ -126,7 +126,8 @@ public class AclEntryAfterInvocationProviderTests { AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(service, Arrays.asList(mock(Permission.class))); assertThat(provider.decide(mock(Authentication.class), new Object(), - SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)).isNull(); + SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)) + .isNull(); verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class)); } diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java index 2433c797d8..5816a45b63 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java @@ -77,14 +77,14 @@ public class AccessControlImplEntryTests { assertThat(ace).isNotNull(); assertThat(ace).isNotEqualTo(100L); assertThat(ace).isEqualTo(ace); - assertThat(ace).isEqualTo( - new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true)); + assertThat(ace) + .isEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true)); assertThat(ace).isNotEqualTo( new AccessControlEntryImpl(2L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true)); assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, new PrincipalSid("scott"), BasePermission.ADMINISTRATION, true, true, true)); assertThat(ace) - .isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.WRITE, true, true, true)); + .isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.WRITE, true, true, true)); assertThat(ace).isNotEqualTo( new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, false, true, true)); assertThat(ace).isNotEqualTo( diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java index f39de060fc..396d8f41b1 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java @@ -103,7 +103,7 @@ public class AclImplTests { assertThatIllegalArgumentException().isThrownBy( () -> new AclImpl(null, 1, this.authzStrategy, this.pgs, null, null, true, new PrincipalSid("joe"))); assertThatIllegalArgumentException() - .isThrownBy(() -> new AclImpl(null, 1, this.authzStrategy, this.mockAuditLogger)); + .isThrownBy(() -> new AclImpl(null, 1, this.authzStrategy, this.mockAuditLogger)); } @Test @@ -111,7 +111,7 @@ public class AclImplTests { assertThatIllegalArgumentException().isThrownBy(() -> new AclImpl(this.objectIdentity, null, this.authzStrategy, this.pgs, null, null, true, new PrincipalSid("joe"))); assertThatIllegalArgumentException() - .isThrownBy(() -> new AclImpl(this.objectIdentity, null, this.authzStrategy, this.mockAuditLogger)); + .isThrownBy(() -> new AclImpl(this.objectIdentity, null, this.authzStrategy, this.mockAuditLogger)); } @Test @@ -120,7 +120,7 @@ public class AclImplTests { new DefaultPermissionGrantingStrategy(this.mockAuditLogger), null, null, true, new PrincipalSid("joe"))); assertThatIllegalArgumentException() - .isThrownBy(() -> new AclImpl(this.objectIdentity, 1, null, this.mockAuditLogger)); + .isThrownBy(() -> new AclImpl(this.objectIdentity, 1, null, this.mockAuditLogger)); } @Test @@ -128,7 +128,7 @@ public class AclImplTests { MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true, new PrincipalSid("joe")); assertThatIllegalArgumentException() - .isThrownBy(() -> acl.insertAce(0, null, new GrantedAuthoritySid("ROLE_IGNORED"), true)); + .isThrownBy(() -> acl.insertAce(0, null, new GrantedAuthoritySid("ROLE_IGNORED"), true)); assertThatIllegalArgumentException().isThrownBy(() -> acl.insertAce(0, BasePermission.READ, null, true)); } @@ -175,7 +175,7 @@ public class AclImplTests { acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true); service.updateAcl(acl); assertThatExceptionOfType(NotFoundException.class) - .isThrownBy(() -> acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true)); + .isThrownBy(() -> acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true)); } @Test @@ -223,7 +223,7 @@ public class AclImplTests { new PrincipalSid("joe")); Sid ben = new PrincipalSid("ben"); assertThatIllegalArgumentException() - .isThrownBy(() -> acl.isGranted(new ArrayList<>(0), Arrays.asList(ben), false)); + .isThrownBy(() -> acl.isGranted(new ArrayList<>(0), Arrays.asList(ben), false)); assertThatIllegalArgumentException().isThrownBy(() -> acl.isGranted(READ, new ArrayList<>(0), false)); } @@ -246,12 +246,14 @@ public class AclImplTests { List sids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_GUEST")); assertThat(rootAcl.isGranted(permissions, sids, false)).isFalse(); assertThatExceptionOfType(NotFoundException.class) - .isThrownBy(() -> rootAcl.isGranted(permissions, SCOTT, false)); + .isThrownBy(() -> rootAcl.isGranted(permissions, SCOTT, false)); assertThat(rootAcl.isGranted(WRITE, SCOTT, false)).isTrue(); assertThat(rootAcl.isGranted(WRITE, - Arrays.asList(new PrincipalSid("rod"), new GrantedAuthoritySid("WRITE_ACCESS_ROLE")), false)).isFalse(); + Arrays.asList(new PrincipalSid("rod"), new GrantedAuthoritySid("WRITE_ACCESS_ROLE")), false)) + .isFalse(); assertThat(rootAcl.isGranted(WRITE, - Arrays.asList(new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), new PrincipalSid("rod")), false)).isTrue(); + Arrays.asList(new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), new PrincipalSid("rod")), false)) + .isTrue(); // Change the type of the Sid and check the granting process assertThatExceptionOfType(NotFoundException.class).isThrownBy(() -> rootAcl.isGranted(WRITE, Arrays.asList(new GrantedAuthoritySid("rod"), new PrincipalSid("WRITE_ACCESS_ROLE")), false)); @@ -292,7 +294,7 @@ public class AclImplTests { // Check granting process for parent1 assertThat(parentAcl1.isGranted(READ, SCOTT, false)).isTrue(); assertThat(parentAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false)) - .isTrue(); + .isTrue(); assertThat(parentAcl1.isGranted(WRITE, BEN, false)).isTrue(); assertThat(parentAcl1.isGranted(DELETE, BEN, false)).isFalse(); assertThat(parentAcl1.isGranted(DELETE, SCOTT, false)).isFalse(); @@ -303,13 +305,13 @@ public class AclImplTests { // Check granting process for child1 assertThat(childAcl1.isGranted(CREATE, SCOTT, false)).isTrue(); assertThat(childAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false)) - .isTrue(); + .isTrue(); assertThat(childAcl1.isGranted(DELETE, BEN, false)).isFalse(); // Check granting process for child2 (doesn't inherit the permissions from its // parent) assertThatExceptionOfType(NotFoundException.class).isThrownBy(() -> childAcl2.isGranted(CREATE, SCOTT, false)); assertThatExceptionOfType(NotFoundException.class) - .isThrownBy(() -> childAcl2.isGranted(CREATE, Arrays.asList((Sid) new PrincipalSid("joe")), false)); + .isThrownBy(() -> childAcl2.isGranted(CREATE, Arrays.asList((Sid) new PrincipalSid("joe")), false)); } @Test @@ -396,20 +398,20 @@ public class AclImplTests { new PrincipalSid("joe")); assertThat(acl.isSidLoaded(loadedSids)).isTrue(); assertThat(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new PrincipalSid("ben")))) - .isTrue(); + .isTrue(); assertThat(acl.isSidLoaded(Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_IGNORED")))).isTrue(); assertThat(acl.isSidLoaded(BEN)).isTrue(); assertThat(acl.isSidLoaded(null)).isTrue(); assertThat(acl.isSidLoaded(new ArrayList<>(0))).isTrue(); assertThat(acl.isSidLoaded( Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_IGNORED")))) - .isTrue(); + .isTrue(); assertThat(acl.isSidLoaded( Arrays.asList(new GrantedAuthoritySid("ROLE_GENERAL"), new GrantedAuthoritySid("ROLE_IGNORED")))) - .isFalse(); + .isFalse(); assertThat(acl.isSidLoaded( Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_GENERAL")))) - .isFalse(); + .isFalse(); } @Test @@ -417,7 +419,7 @@ public class AclImplTests { AclImpl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true, new PrincipalSid("joe")); assertThatExceptionOfType(NotFoundException.class) - .isThrownBy(() -> acl.insertAce(-1, mock(Permission.class), mock(Sid.class), true)); + .isThrownBy(() -> acl.insertAce(-1, mock(Permission.class), mock(Sid.class), true)); } @Test @@ -435,7 +437,7 @@ public class AclImplTests { acl.insertAce(0, mock(Permission.class), mock(Sid.class), true); // Size is now 1 assertThatExceptionOfType(NotFoundException.class) - .isThrownBy(() -> acl.insertAce(2, mock(Permission.class), mock(Sid.class), true)); + .isThrownBy(() -> acl.insertAce(2, mock(Permission.class), mock(Sid.class), true)); } // SEC-1151 @@ -466,7 +468,7 @@ public class AclImplTests { AclImpl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, maskPgs, null, null, true, new PrincipalSid("joe")); Permission permission = this.permissionFactory - .buildFromMask(BasePermission.READ.getMask() | BasePermission.WRITE.getMask()); + .buildFromMask(BasePermission.READ.getMask() | BasePermission.WRITE.getMask()); Sid sid = new PrincipalSid("ben"); acl.insertAce(0, permission, sid, true); service.updateAcl(acl); diff --git a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java index 175fa6a0e5..a17dbac8f8 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java @@ -73,12 +73,12 @@ public class AclImplementationSecurityCheckTests { new SimpleGrantedAuthority("ROLE_THREE")); Acl acl2 = new AclImpl(identity, 1L, aclAuthorizationStrategy2, new ConsoleAuditLogger()); // Check access in case the principal has no authorization rights - assertThatExceptionOfType(NotFoundException.class).isThrownBy( - () -> aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_GENERAL)); - assertThatExceptionOfType(NotFoundException.class).isThrownBy( - () -> aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_AUDITING)); - assertThatExceptionOfType(NotFoundException.class).isThrownBy( - () -> aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_OWNERSHIP)); + assertThatExceptionOfType(NotFoundException.class) + .isThrownBy(() -> aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_GENERAL)); + assertThatExceptionOfType(NotFoundException.class) + .isThrownBy(() -> aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_AUDITING)); + assertThatExceptionOfType(NotFoundException.class) + .isThrownBy(() -> aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_OWNERSHIP)); } @Test @@ -181,11 +181,11 @@ public class AclImplementationSecurityCheckTests { new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()), null, null, false, new PrincipalSid(auth)); assertThatNoException() - .isThrownBy(() -> aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL)); - assertThatExceptionOfType(NotFoundException.class).isThrownBy( - () -> aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING)); - assertThatNoException().isThrownBy( - () -> aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP)); + .isThrownBy(() -> aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL)); + assertThatExceptionOfType(NotFoundException.class) + .isThrownBy(() -> aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING)); + assertThatNoException() + .isThrownBy(() -> aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP)); } } diff --git a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java index a363ecdecc..3992ce2861 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java @@ -60,7 +60,7 @@ public class ObjectIdentityImplTests { public void testGetIdMethodConstraints() { // Check the getId() method is present assertThatExceptionOfType(IdentityUnavailableException.class) - .isThrownBy(() -> new ObjectIdentityImpl("A_STRING_OBJECT")); + .isThrownBy(() -> new ObjectIdentityImpl("A_STRING_OBJECT")); // getId() should return a non-null value MockIdDomainObject mockId = new MockIdDomainObject(); assertThatIllegalArgumentException().isThrownBy(() -> new ObjectIdentityImpl(mockId)); diff --git a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java index 76394ed679..6a1d6eaff4 100644 --- a/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java +++ b/acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java @@ -47,10 +47,12 @@ public class PermissionTests { public void expectedIntegerValues() { assertThat(BasePermission.READ.getMask()).isEqualTo(1); assertThat(BasePermission.ADMINISTRATION.getMask()).isEqualTo(16); - assertThat(new CumulativePermission().set(BasePermission.READ).set(BasePermission.WRITE) - .set(BasePermission.CREATE).getMask()).isEqualTo(7); + assertThat(new CumulativePermission().set(BasePermission.READ) + .set(BasePermission.WRITE) + .set(BasePermission.CREATE) + .getMask()).isEqualTo(7); assertThat(new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION).getMask()) - .isEqualTo(17); + .isEqualTo(17); } @Test @@ -64,20 +66,23 @@ public class PermissionTests { this.permissionFactory.registerPublicPermissions(SpecialPermission.class); assertThat(BasePermission.READ.toString()).isEqualTo("BasePermission[...............................R=1]"); assertThat(BasePermission.ADMINISTRATION.toString()) - .isEqualTo("BasePermission[...........................A....=16]"); + .isEqualTo("BasePermission[...........................A....=16]"); assertThat(new CumulativePermission().set(BasePermission.READ).toString()) - .isEqualTo("CumulativePermission[...............................R=1]"); + .isEqualTo("CumulativePermission[...............................R=1]"); assertThat( new CumulativePermission().set(SpecialPermission.ENTER).set(BasePermission.ADMINISTRATION).toString()) - .isEqualTo("CumulativePermission[..........................EA....=48]"); + .isEqualTo("CumulativePermission[..........................EA....=48]"); assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ).toString()) - .isEqualTo("CumulativePermission[...........................A...R=17]"); - assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ) - .clear(BasePermission.ADMINISTRATION).toString()) - .isEqualTo("CumulativePermission[...............................R=1]"); - assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ) - .clear(BasePermission.ADMINISTRATION).clear(BasePermission.READ).toString()) - .isEqualTo("CumulativePermission[................................=0]"); + .isEqualTo("CumulativePermission[...........................A...R=17]"); + assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION) + .set(BasePermission.READ) + .clear(BasePermission.ADMINISTRATION) + .toString()).isEqualTo("CumulativePermission[...............................R=1]"); + assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION) + .set(BasePermission.READ) + .clear(BasePermission.ADMINISTRATION) + .clear(BasePermission.READ) + .toString()).isEqualTo("CumulativePermission[................................=0]"); } } diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java index e1be44924d..3986a7a158 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java @@ -147,7 +147,7 @@ public abstract class AbstractBasicLookupStrategyTests { // Deliberately use an integer for the child, to reproduce bug report in SEC-819 ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102); Map map = this.strategy - .readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null); + .readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null); checkEntries(topParentOid, middleParentOid, childOid, map); } @@ -161,7 +161,7 @@ public abstract class AbstractBasicLookupStrategyTests { // Let's empty the database to force acls retrieval from cache emptyDatabase(); Map map = this.strategy - .readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null); + .readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null); checkEntries(topParentOid, middleParentOid, childOid, map); } @@ -174,7 +174,7 @@ public abstract class AbstractBasicLookupStrategyTests { // acls this.strategy.setBatchSize(1); Map map = this.strategy - .readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null); + .readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null); checkEntries(topParentOid, middleParentOid, childOid, map); } @@ -301,7 +301,7 @@ public abstract class AbstractBasicLookupStrategyTests { getJdbcTemplate().execute(query); ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 104L); assertThatIllegalArgumentException() - .isThrownBy(() -> this.strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID))); + .isThrownBy(() -> this.strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID))); } @Test diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java index 2817c1023c..8f4b85ba50 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java @@ -116,7 +116,7 @@ public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBasicLooku public void testReadObjectIdentityUsingNonUuidInDatabase() { ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, OBJECT_IDENTITY_LONG_AS_UUID); assertThatExceptionOfType(ConversionFailedException.class) - .isThrownBy(() -> this.uuidEnabledStrategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID))); + .isThrownBy(() -> this.uuidEnabledStrategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID))); } } diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java index cd91ae1745..b817d33c1e 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java @@ -101,7 +101,7 @@ public class JdbcAclServiceTests { ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 1); List sids = Arrays.asList(new PrincipalSid("user")); assertThatExceptionOfType(NotFoundException.class) - .isThrownBy(() -> this.aclService.readAclById(objectIdentity, sids)); + .isThrownBy(() -> this.aclService.readAclById(objectIdentity, sids)); } @Test @@ -168,20 +168,20 @@ public class JdbcAclServiceTests { assertThat(objectIdentities.size()).isEqualTo(1); assertThat(objectIdentities.get(0).getType()).isEqualTo("costcenter"); assertThat(objectIdentities.get(0).getIdentifier()) - .isEqualTo(UUID.fromString("25d93b3f-c3aa-4814-9d5e-c7c96ced7762")); + .isEqualTo(UUID.fromString("25d93b3f-c3aa-4814-9d5e-c7c96ced7762")); } @Test public void setObjectIdentityGeneratorWhenNullThenThrowsIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.aclServiceIntegration.setObjectIdentityGenerator(null)) - .withMessage("objectIdentityGenerator cannot be null"); + .isThrownBy(() -> this.aclServiceIntegration.setObjectIdentityGenerator(null)) + .withMessage("objectIdentityGenerator cannot be null"); } @Test public void findChildrenWhenObjectIdentityGeneratorSetThenUsed() { this.aclServiceIntegration - .setObjectIdentityGenerator((id, type) -> new ObjectIdentityImpl(type, "prefix:" + id)); + .setObjectIdentityGenerator((id, type) -> new ObjectIdentityImpl(type, "prefix:" + id)); ObjectIdentity objectIdentity = new ObjectIdentityImpl("location", "US"); this.aclServiceIntegration.setAclClassIdSupported(true); diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java index 3480ef84c1..f7f69d19e4 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java @@ -168,7 +168,7 @@ public class JdbcMutableAclServiceTests { this.jdbcMutableAclService.updateAcl(child); // Let's check if we can read them back correctly Map map = this.jdbcMutableAclService - .readAclsById(Arrays.asList(getTopParentOid(), getMiddleParentOid(), getChildOid())); + .readAclsById(Arrays.asList(getTopParentOid(), getMiddleParentOid(), getChildOid())); assertThat(map).hasSize(3); // Get the retrieved versions MutableAcl retrievedTopParent = (MutableAcl) map.get(getTopParentOid()); @@ -196,7 +196,7 @@ public class JdbcMutableAclServiceTests { assertThat(retrievedMiddleParent.isGranted(delete, pSid, false)).isTrue(); assertThat(retrievedChild.isGranted(delete, pSid, false)).isFalse(); assertThatExceptionOfType(NotFoundException.class) - .isThrownBy(() -> retrievedChild.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), pSid, false)); + .isThrownBy(() -> retrievedChild.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), pSid, false)); // Now check the inherited rights (when not explicitly overridden) also look OK assertThat(retrievedChild.isGranted(read, pSid, false)).isTrue(); assertThat(retrievedChild.isGranted(write, pSid, false)).isFalse(); @@ -209,9 +209,9 @@ public class JdbcMutableAclServiceTests { // Check the child permissions no longer inherit assertThat(nonInheritingChild.isGranted(delete, pSid, true)).isFalse(); assertThatExceptionOfType(NotFoundException.class) - .isThrownBy(() -> nonInheritingChild.isGranted(read, pSid, true)); + .isThrownBy(() -> nonInheritingChild.isGranted(read, pSid, true)); assertThatExceptionOfType(NotFoundException.class) - .isThrownBy(() -> nonInheritingChild.isGranted(write, pSid, true)); + .isThrownBy(() -> nonInheritingChild.isGranted(write, pSid, true)); // Let's add an identical permission to the child, but it'll appear AFTER the // current permission, so has no impact nonInheritingChild.insertAce(1, BasePermission.DELETE, new PrincipalSid(this.auth), true); @@ -266,9 +266,9 @@ public class JdbcMutableAclServiceTests { // Delete the mid-parent and test if the child was deleted, as well this.jdbcMutableAclService.deleteAcl(getMiddleParentOid(), true); assertThatExceptionOfType(NotFoundException.class) - .isThrownBy(() -> this.jdbcMutableAclService.readAclById(getMiddleParentOid())); + .isThrownBy(() -> this.jdbcMutableAclService.readAclById(getMiddleParentOid())); assertThatExceptionOfType(NotFoundException.class) - .isThrownBy(() -> this.jdbcMutableAclService.readAclById(getChildOid())); + .isThrownBy(() -> this.jdbcMutableAclService.readAclById(getChildOid())); Acl acl = this.jdbcMutableAclService.readAclById(getTopParentOid()); assertThat(acl).isNotNull(); assertThat(getTopParentOid()).isEqualTo(acl.getObjectIdentity()); @@ -277,11 +277,11 @@ public class JdbcMutableAclServiceTests { @Test public void constructorRejectsNullParameters() { assertThatIllegalArgumentException() - .isThrownBy(() -> new JdbcMutableAclService(null, this.lookupStrategy, this.aclCache)); + .isThrownBy(() -> new JdbcMutableAclService(null, this.lookupStrategy, this.aclCache)); assertThatIllegalArgumentException() - .isThrownBy(() -> new JdbcMutableAclService(this.dataSource, null, this.aclCache)); + .isThrownBy(() -> new JdbcMutableAclService(this.dataSource, null, this.aclCache)); assertThatIllegalArgumentException() - .isThrownBy(() -> new JdbcMutableAclService(this.dataSource, this.lookupStrategy, null)); + .isThrownBy(() -> new JdbcMutableAclService(this.dataSource, this.lookupStrategy, null)); } @Test @@ -297,7 +297,7 @@ public class JdbcMutableAclServiceTests { this.jdbcMutableAclService.createAcl(duplicateOid); // Try to add the same object second time assertThatExceptionOfType(AlreadyExistsException.class) - .isThrownBy(() -> this.jdbcMutableAclService.createAcl(duplicateOid)); + .isThrownBy(() -> this.jdbcMutableAclService.createAcl(duplicateOid)); } @Test @@ -320,7 +320,7 @@ public class JdbcMutableAclServiceTests { try { // checking in the class, not database assertThatExceptionOfType(ChildrenExistException.class) - .isThrownBy(() -> this.jdbcMutableAclService.deleteAcl(getTopParentOid(), false)); + .isThrownBy(() -> this.jdbcMutableAclService.deleteAcl(getTopParentOid(), false)); } finally { // restore to the default @@ -392,7 +392,7 @@ public class JdbcMutableAclServiceTests { child = (MutableAcl) this.jdbcMutableAclService.readAclById(childOid); parent = (MutableAcl) child.getParentAcl(); assertThat(parent.getEntries()).hasSize(2) - .withFailMessage("Fails because child has a stale reference to its parent"); + .withFailMessage("Fails because child has a stale reference to its parent"); assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(1); assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new PrincipalSid("ben")); assertThat(parent.getEntries().get(1).getPermission().getMask()).isEqualTo(1); diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java index bd82ab4fa5..b8475ce39a 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java @@ -79,7 +79,7 @@ public class JdbcMutableAclServiceTestsWithAclClassId extends JdbcMutableAclServ ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, id); getJdbcMutableAclService().createAcl(oid); assertThat(getJdbcMutableAclService().readAclById(new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, id))) - .isNotNull(); + .isNotNull(); } } diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java index 50c1ba685b..d52d6980fd 100644 --- a/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java +++ b/acl/src/test/java/org/springframework/security/acls/sid/SidTests.java @@ -46,9 +46,9 @@ public class SidTests { // Check one Authentication-argument constructor assertThatIllegalArgumentException().isThrownBy(() -> new PrincipalSid((Authentication) null)); assertThatIllegalArgumentException() - .isThrownBy(() -> new PrincipalSid(new TestingAuthenticationToken(null, "password"))); + .isThrownBy(() -> new PrincipalSid(new TestingAuthenticationToken(null, "password"))); assertThatNoException() - .isThrownBy(() -> new PrincipalSid(new TestingAuthenticationToken("johndoe", "password"))); + .isThrownBy(() -> new PrincipalSid(new TestingAuthenticationToken("johndoe", "password"))); } @Test @@ -60,7 +60,7 @@ public class SidTests { // Check one GrantedAuthority-argument constructor assertThatIllegalArgumentException().isThrownBy(() -> new GrantedAuthoritySid((GrantedAuthority) null)); assertThatIllegalArgumentException() - .isThrownBy(() -> new GrantedAuthoritySid(new SimpleGrantedAuthority(null))); + .isThrownBy(() -> new GrantedAuthoritySid(new SimpleGrantedAuthority(null))); assertThatNoException().isThrownBy(() -> new GrantedAuthoritySid(new SimpleGrantedAuthority("ROLE_TEST"))); } @@ -100,7 +100,7 @@ public class SidTests { assertThat(principalSid.hashCode()).isEqualTo(new PrincipalSid("johndoe").hashCode()); assertThat(principalSid.hashCode()).isNotEqualTo(new PrincipalSid("scott").hashCode()); assertThat(principalSid.hashCode()) - .isNotEqualTo(new PrincipalSid(new TestingAuthenticationToken("scott", "password")).hashCode()); + .isNotEqualTo(new PrincipalSid(new TestingAuthenticationToken("scott", "password")).hashCode()); } @Test @@ -111,7 +111,7 @@ public class SidTests { assertThat(gaSid.hashCode()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST").hashCode()); assertThat(gaSid.hashCode()).isNotEqualTo(new GrantedAuthoritySid("ROLE_TEST_2").hashCode()); assertThat(gaSid.hashCode()) - .isNotEqualTo(new GrantedAuthoritySid(new SimpleGrantedAuthority("ROLE_TEST_2")).hashCode()); + .isNotEqualTo(new GrantedAuthoritySid(new SimpleGrantedAuthority("ROLE_TEST_2")).hashCode()); } @Test diff --git a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java index c749614815..778268a5a3 100644 --- a/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java +++ b/aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java @@ -101,7 +101,7 @@ public class AnnotationSecurityAspectTests { @Test public void securedClassMethodDeniesUnauthenticatedAccess() { assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> this.secured.securedClassMethod()); + .isThrownBy(() -> this.secured.securedClassMethod()); } @Test diff --git a/aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PostAuthorizeAspectTests.java b/aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PostAuthorizeAspectTests.java index b8613217e4..a58dd4888f 100644 --- a/aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PostAuthorizeAspectTests.java +++ b/aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PostAuthorizeAspectTests.java @@ -68,7 +68,7 @@ public class PostAuthorizeAspectTests { @Test public void securedClassMethodDeniesUnauthenticatedAccess() { assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> this.secured.securedClassMethod()); + .isThrownBy(() -> this.secured.securedClassMethod()); } @Test diff --git a/aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PreAuthorizeAspectTests.java b/aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PreAuthorizeAspectTests.java index 9e268f0fe7..ce3bd383e9 100644 --- a/aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PreAuthorizeAspectTests.java +++ b/aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PreAuthorizeAspectTests.java @@ -68,7 +68,7 @@ public class PreAuthorizeAspectTests { @Test public void securedClassMethodDeniesUnauthenticatedAccess() { assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> this.secured.securedClassMethod()); + .isThrownBy(() -> this.secured.securedClassMethod()); } @Test diff --git a/aspects/src/test/java/org/springframework/security/authorization/method/aspectj/SecuredAspectTests.java b/aspects/src/test/java/org/springframework/security/authorization/method/aspectj/SecuredAspectTests.java index 0099c28edc..c175aa72e6 100644 --- a/aspects/src/test/java/org/springframework/security/authorization/method/aspectj/SecuredAspectTests.java +++ b/aspects/src/test/java/org/springframework/security/authorization/method/aspectj/SecuredAspectTests.java @@ -66,7 +66,7 @@ public class SecuredAspectTests { @Test public void securedClassMethodDeniesUnauthenticatedAccess() { assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> this.secured.securedClassMethod()); + .isThrownBy(() -> this.secured.securedClassMethod()); } @Test diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java index 3a84c2109a..968026d71d 100644 --- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java +++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java @@ -98,7 +98,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia if (authentication instanceof UsernamePasswordAuthenticationToken && (!CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER.equals(authentication.getPrincipal().toString()) && !CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER - .equals(authentication.getPrincipal().toString()))) { + .equals(authentication.getPrincipal().toString()))) { // UsernamePasswordAuthenticationToken not CAS related return null; } diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java index b469d73af5..e9955c291f 100644 --- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java +++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java @@ -88,7 +88,7 @@ public class CasAuthenticationProviderTests { cap.setTicketValidator(new MockTicketValidator(true)); cap.afterPropertiesSet(); UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken - .unauthenticated(CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER, "ST-123"); + .unauthenticated(CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER, "ST-123"); token.setDetails("details"); Authentication result = cap.authenticate(token); // Confirm ST-123 was NOT added to the cache @@ -121,7 +121,7 @@ public class CasAuthenticationProviderTests { cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken - .unauthenticated(CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, "ST-456"); + .unauthenticated(CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, "ST-456"); token.setDetails("details"); Authentication result = cap.authenticate(token); // Confirm ST-456 was added to the cache @@ -158,7 +158,7 @@ public class CasAuthenticationProviderTests { cap.afterPropertiesSet(); String ticket = "ST-456"; UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken - .unauthenticated(CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, ticket); + .unauthenticated(CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, ticket); Authentication result = cap.authenticate(token); } @@ -179,7 +179,7 @@ public class CasAuthenticationProviderTests { cap.afterPropertiesSet(); String ticket = "ST-456"; UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken - .unauthenticated(CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, ticket); + .unauthenticated(CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, ticket); Authentication result = cap.authenticate(token); verify(validator).validate(ticket, serviceProperties.getService()); serviceProperties.setAuthenticateAllArtifacts(true); @@ -212,7 +212,7 @@ public class CasAuthenticationProviderTests { cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken - .unauthenticated(CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER, ""); + .unauthenticated(CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER, ""); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> cap.authenticate(token)); } @@ -315,7 +315,7 @@ public class CasAuthenticationProviderTests { cap.setServiceProperties(makeServiceProperties()); cap.afterPropertiesSet(); UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken - .authenticated("some_normal_user", "password", AuthorityUtils.createAuthorityList("ROLE_A")); + .authenticated("some_normal_user", "password", AuthorityUtils.createAuthorityList("ROLE_A")); assertThat(cap.authenticate(token)).isNull(); } diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java index 364240a3a9..ea8d6f8c21 100644 --- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java +++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java @@ -103,7 +103,7 @@ public class CasAuthenticationTokenTests { @Test public void testNoArgConstructorDoesntExist() { assertThatExceptionOfType(NoSuchMethodException.class) - .isThrownBy(() -> CasAuthenticationToken.class.getDeclaredConstructor((Class[]) null)); + .isThrownBy(() -> CasAuthenticationToken.class.getDeclaredConstructor((Class[]) null)); } @Test diff --git a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java index ce333d4d83..e9c7293973 100644 --- a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java +++ b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java @@ -132,7 +132,7 @@ public class CasAuthenticationTokenMixinTests { assertThat(token.getAssertion()).isNotNull().isInstanceOf(AssertionImpl.class); assertThat(token.getKeyHash()).isEqualTo(KEY.hashCode()); assertThat(token.getUserDetails().getAuthorities()).extracting(GrantedAuthority::getAuthority) - .containsOnly("ROLE_USER"); + .containsOnly("ROLE_USER"); assertThat(token.getAssertion().getAuthenticationDate()).isEqualTo(START_DATE); assertThat(token.getAssertion().getValidFromDate()).isEqualTo(START_DATE); assertThat(token.getAssertion().getValidUntilDate()).isEqualTo(END_DATE); @@ -143,7 +143,7 @@ public class CasAuthenticationTokenMixinTests { private CasAuthenticationToken createCasAuthenticationToken() { User principal = new User("admin", "1234", Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"))); Collection authorities = Collections - .singletonList(new SimpleGrantedAuthority("ROLE_USER")); + .singletonList(new SimpleGrantedAuthority("ROLE_USER")); Assertion assertion = new AssertionImpl(new AttributePrincipalImpl("assertName"), START_DATE, END_DATE, START_DATE, Collections.emptyMap()); return new CasAuthenticationToken(KEY, principal, principal.getPassword(), authorities, diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java index 5fb0e7c7f8..3720bf5718 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java @@ -39,7 +39,7 @@ public class CasAuthenticationEntryPointTests { CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint(); ep.setServiceProperties(new ServiceProperties()); assertThatIllegalArgumentException().isThrownBy(ep::afterPropertiesSet) - .withMessage("loginUrl must be specified"); + .withMessage("loginUrl must be specified"); } @Test @@ -47,7 +47,7 @@ public class CasAuthenticationEntryPointTests { CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint(); ep.setLoginUrl("https://cas/login"); assertThatIllegalArgumentException().isThrownBy(ep::afterPropertiesSet) - .withMessage("serviceProperties must be specified"); + .withMessage("serviceProperties must be specified"); } @Test @@ -74,7 +74,7 @@ public class CasAuthenticationEntryPointTests { ep.commence(request, response, null); assertThat( "https://cas/login?service=" + URLEncoder.encode("https://mycompany.com/bigWebApp/login/cas", "UTF-8")) - .isEqualTo(response.getRedirectedUrl()); + .isEqualTo(response.getRedirectedUrl()); } @Test @@ -92,7 +92,7 @@ public class CasAuthenticationEntryPointTests { ep.commence(request, response, null); assertThat("https://cas/login?service=" + URLEncoder.encode("https://mycompany.com/bigWebApp/login/cas", "UTF-8") + "&renew=true") - .isEqualTo(response.getRedirectedUrl()); + .isEqualTo(response.getRedirectedUrl()); } } diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java index 300ce5927f..98b63cc226 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java @@ -132,13 +132,14 @@ public class CasAuthenticationFilterTests { assertThat(filter.requiresAuthentication(request, response)).isFalse(); request.setParameter(properties.getArtifactParameter(), "value"); assertThat(filter.requiresAuthentication(request, response)).isTrue(); - SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("key", "principal", - AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"))); + SecurityContextHolder.getContext() + .setAuthentication(new AnonymousAuthenticationToken("key", "principal", + AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"))); assertThat(filter.requiresAuthentication(request, response)).isTrue(); SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("un", "principal")); assertThat(filter.requiresAuthentication(request, response)).isTrue(); SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("un", "principal", "ROLE_ANONYMOUS")); + .setAuthentication(new TestingAuthenticationToken("un", "principal", "ROLE_ANONYMOUS")); assertThat(filter.requiresAuthentication(request, response)).isFalse(); } @@ -174,7 +175,7 @@ public class CasAuthenticationFilterTests { filter.afterPropertiesSet(); filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull() - .withFailMessage("Authentication should not be null"); + .withFailMessage("Authentication should not be null"); verify(chain).doFilter(request, response); verifyNoMoreInteractions(successHandler); // validate for when the filterProcessUrl matches @@ -206,7 +207,7 @@ public class CasAuthenticationFilterTests { filter.afterPropertiesSet(); filter.doFilter(request, response, chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull() - .withFailMessage("Authentication should not be null"); + .withFailMessage("Authentication should not be null"); verify(chain).doFilter(request, response); // validate for when the filterProcessUrl matches filter.setFilterProcessesUrl(request.getServletPath()); diff --git a/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java b/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java index 893d256775..c700f8daa7 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/authentication/DefaultServiceAuthenticationDetailsTests.java @@ -54,7 +54,7 @@ public class DefaultServiceAuthenticationDetailsTests { this.request.setServerPort(8443); this.request.setRequestURI("/cas-sample/secure/"); this.artifactPattern = DefaultServiceAuthenticationDetails - .createArtifactPattern(ServiceProperties.DEFAULT_CAS_ARTIFACT_PARAMETER); + .createArtifactPattern(ServiceProperties.DEFAULT_CAS_ARTIFACT_PARAMETER); } @AfterEach diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java index 8b40b1d0e8..918bb715ca 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java @@ -74,8 +74,8 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests { assertThat(authoritiesPopulator).hasFieldOrPropertyWithValue("groupRoleAttribute", "cn"); assertThat(authoritiesPopulator).hasFieldOrPropertyWithValue("groupSearchBase", ""); assertThat(authoritiesPopulator).hasFieldOrPropertyWithValue("groupSearchFilter", "(uniqueMember={0})"); - assertThat(authoritiesPopulator).extracting("searchControls").hasFieldOrPropertyWithValue("searchScope", - SearchControls.ONELEVEL_SCOPE); + assertThat(authoritiesPopulator).extracting("searchControls") + .hasFieldOrPropertyWithValue("searchScope", SearchControls.ONELEVEL_SCOPE); assertThat(ReflectionTestUtils.getField(getAuthoritiesMapper(provider), "prefix")).isEqualTo("ROLE_"); } @@ -85,7 +85,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests { LdapAuthenticationProvider provider = ldapProvider(); assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "groupRoleAttribute")) - .isEqualTo("group"); + .isEqualTo("group"); } @Test @@ -94,7 +94,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests { LdapAuthenticationProvider provider = ldapProvider(); assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "groupSearchFilter")) - .isEqualTo("ou=groupName"); + .isEqualTo("ou=groupName"); } @Test @@ -103,7 +103,8 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests { LdapAuthenticationProvider provider = ldapProvider(); assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "searchControls")) - .extracting("searchScope").isEqualTo(SearchControls.SUBTREE_SCOPE); + .extracting("searchScope") + .isEqualTo(SearchControls.SUBTREE_SCOPE); } @Test @@ -119,8 +120,8 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests { this.spring.register(BindAuthenticationConfig.class).autowire(); this.mockMvc.perform(formLogin().user("bob").password("bobspassword")) - .andExpect(authenticated().withUsername("bob") - .withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS")))); + .andExpect(authenticated().withUsername("bob") + .withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS")))); } // SEC-2472 @@ -129,13 +130,14 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests { this.spring.register(PasswordEncoderConfig.class).autowire(); this.mockMvc.perform(formLogin().user("bcrypt").password("password")) - .andExpect(authenticated().withUsername("bcrypt") - .withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS")))); + .andExpect(authenticated().withUsername("bcrypt") + .withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS")))); } private LdapAuthenticationProvider ldapProvider() { return ((List) ReflectionTestUtils.getField(this.authenticationManager, - "providers")).get(0); + "providers")) + .get(0); } private LdapAuthoritiesPopulator getAuthoritiesPopulator(LdapAuthenticationProvider provider) { diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java index 327f43d518..0269af0414 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java @@ -51,7 +51,7 @@ public class LdapAuthenticationProviderConfigurerTests { this.spring.register(MultiLdapAuthenticationProvidersConfig.class).autowire(); this.mockMvc.perform(formLogin().user("bob").password("bobspassword")) - .andExpect(authenticated().withUsername("bob")); + .andExpect(authenticated().withUsername("bob")); } @Test diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java index ba7b4b7172..8af9308c29 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/JwtITests.java @@ -122,7 +122,7 @@ public class JwtITests { @Test public void routeWhenAuthenticationBearerThenAuthorized() { MimeType authenticationMimeType = MimeTypeUtils - .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString()); + .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString()); BearerTokenMetadata credentials = new BearerTokenMetadata("token"); given(this.decoder.decode(any())).willReturn(Mono.just(jwt())); // @formatter:off @@ -137,8 +137,11 @@ public class JwtITests { } private Jwt jwt() { - return TestJwts.jwt().claim(IdTokenClaimNames.ISS, "https://issuer.example.com") - .claim(IdTokenClaimNames.SUB, "rob").claim(IdTokenClaimNames.AUD, Arrays.asList("client-id")).build(); + return TestJwts.jwt() + .claim(IdTokenClaimNames.ISS, "https://issuer.example.com") + .claim(IdTokenClaimNames.SUB, "rob") + .claim(IdTokenClaimNames.AUD, Arrays.asList("client-id")) + .build(); } private RSocketRequester.Builder requester() { @@ -169,7 +172,7 @@ public class JwtITests { @Bean PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) { rsocket.authorizePayload((authorize) -> authorize.anyRequest().authenticated().anyExchange().permitAll()) - .jwt(Customizer.withDefaults()); + .jwt(Customizer.withDefaults()); return rsocket.build(); } diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java index d67477400d..2c30dce0f1 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerITests.java @@ -195,7 +195,7 @@ public class RSocketMessageHandlerITests { String data = "a"; assertThatExceptionOfType(ApplicationErrorException.class).isThrownBy( () -> this.requester.route("secure.hello").data(data).retrieveFlux(String.class).collectList().block()) - .withMessageContaining("Access Denied"); + .withMessageContaining("Access Denied"); assertThat(this.controller.payloads).isEmpty(); } diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java index 4896522dee..1e83469801 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/rsocket/SimpleAuthenticationITests.java @@ -117,7 +117,7 @@ public class SimpleAuthenticationITests { @Test public void retrieveMonoWhenAuthorizedThenGranted() { MimeType authenticationMimeType = MimeTypeUtils - .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString()); + .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString()); UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("rob", "password"); // @formatter:off this.requester = RSocketRequester.builder() @@ -161,7 +161,7 @@ public class SimpleAuthenticationITests { @Bean PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) { rsocket.authorizePayload((authorize) -> authorize.anyRequest().authenticated().anyExchange().permitAll()) - .simpleAuthentication(Customizer.withDefaults()); + .simpleAuthentication(Customizer.withDefaults()); return rsocket.build(); } diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/EmbeddedLdapServerContextSourceFactoryBeanITests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/EmbeddedLdapServerContextSourceFactoryBeanITests.java index d20b3e302c..9520646412 100644 --- a/config/src/integration-test/java/org/springframework/security/config/ldap/EmbeddedLdapServerContextSourceFactoryBeanITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/ldap/EmbeddedLdapServerContextSourceFactoryBeanITests.java @@ -47,7 +47,7 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests { this.spring.register(FromEmbeddedLdapServerConfig.class).autowire(); this.mockMvc.perform(formLogin().user("bob").password("bobspassword")) - .andExpect(authenticated().withUsername("bob")); + .andExpect(authenticated().withUsername("bob")); } @Test @@ -55,7 +55,7 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests { this.spring.register(PortZeroConfig.class).autowire(); this.mockMvc.perform(formLogin().user("bob").password("bobspassword")) - .andExpect(authenticated().withUsername("bob")); + .andExpect(authenticated().withUsername("bob")); } @Test @@ -70,15 +70,15 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests { this.spring.register(CustomManagerDnConfig.class).autowire(); this.mockMvc.perform(formLogin().user("bob").password("bobspassword")) - .andExpect(authenticated().withUsername("bob")); + .andExpect(authenticated().withUsername("bob")); } @Test public void contextSourceFactoryBeanWhenManagerDnAndNoPasswordThenException() { assertThatExceptionOfType(UnsatisfiedDependencyException.class) - .isThrownBy(() -> this.spring.register(CustomManagerDnNoPasswordConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalStateException.class) - .withMessageContaining("managerPassword is required if managerDn is supplied"); + .isThrownBy(() -> this.spring.register(CustomManagerDnNoPasswordConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalStateException.class) + .withMessageContaining("managerPassword is required if managerDn is supplied"); } @EnableWebSecurity @@ -104,7 +104,7 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests { @Bean EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() { EmbeddedLdapServerContextSourceFactoryBean factoryBean = EmbeddedLdapServerContextSourceFactoryBean - .fromEmbeddedLdapServer(); + .fromEmbeddedLdapServer(); factoryBean.setPort(0); return factoryBean; } @@ -124,7 +124,7 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests { @Bean EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() { EmbeddedLdapServerContextSourceFactoryBean factoryBean = EmbeddedLdapServerContextSourceFactoryBean - .fromEmbeddedLdapServer(); + .fromEmbeddedLdapServer(); factoryBean.setLdif("classpath*:test-server2.xldif"); factoryBean.setRoot("dc=monkeymachine,dc=co,dc=uk"); return factoryBean; @@ -145,7 +145,7 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests { @Bean EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() { EmbeddedLdapServerContextSourceFactoryBean factoryBean = EmbeddedLdapServerContextSourceFactoryBean - .fromEmbeddedLdapServer(); + .fromEmbeddedLdapServer(); factoryBean.setManagerDn("uid=admin,ou=system"); factoryBean.setManagerPassword("secret"); return factoryBean; @@ -167,7 +167,7 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests { @Bean EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() { EmbeddedLdapServerContextSourceFactoryBean factoryBean = EmbeddedLdapServerContextSourceFactoryBean - .fromEmbeddedLdapServer(); + .fromEmbeddedLdapServer(); factoryBean.setManagerDn("uid=admin,ou=system"); return factoryBean; } diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapBindAuthenticationManagerFactoryITests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapBindAuthenticationManagerFactoryITests.java index 2b333441c0..9595608af5 100644 --- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapBindAuthenticationManagerFactoryITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapBindAuthenticationManagerFactoryITests.java @@ -65,7 +65,7 @@ public class LdapBindAuthenticationManagerFactoryITests { this.spring.register(FromContextSourceConfig.class).autowire(); this.mockMvc.perform(formLogin().user("bob").password("bobspassword")) - .andExpect(authenticated().withUsername("bob")); + .andExpect(authenticated().withUsername("bob")); } @Test @@ -80,19 +80,21 @@ public class LdapBindAuthenticationManagerFactoryITests { this.spring.register(CustomAuthoritiesPopulatorConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect( - authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_EXTRA")))); + this.mockMvc.perform(formLogin().user("bob").password("bobspassword")) + .andExpect( + authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_EXTRA")))); } @Test public void authenticationManagerFactoryWhenCustomAuthoritiesMapperThenUsed() throws Exception { CustomAuthoritiesMapperConfig.AUTHORITIES_MAPPER = ((authorities) -> AuthorityUtils - .createAuthorityList("ROLE_CUSTOM")); + .createAuthorityList("ROLE_CUSTOM")); this.spring.register(CustomAuthoritiesMapperConfig.class).autowire(); - this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect( - authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_CUSTOM")))); + this.mockMvc.perform(formLogin().user("bob").password("bobspassword")) + .andExpect( + authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_CUSTOM")))); } @Test @@ -112,7 +114,7 @@ public class LdapBindAuthenticationManagerFactoryITests { this.spring.register(CustomUserDetailsContextMapperConfig.class).autowire(); this.mockMvc.perform(formLogin().user("bob").password("bobspassword")) - .andExpect(authenticated().withUsername("other")); + .andExpect(authenticated().withUsername("other")); } @Test @@ -120,7 +122,7 @@ public class LdapBindAuthenticationManagerFactoryITests { this.spring.register(CustomUserDnPatternsConfig.class).autowire(); this.mockMvc.perform(formLogin().user("bob").password("bobspassword")) - .andExpect(authenticated().withUsername("bob")); + .andExpect(authenticated().withUsername("bob")); } @Test @@ -128,7 +130,7 @@ public class LdapBindAuthenticationManagerFactoryITests { this.spring.register(CustomUserSearchConfig.class).autowire(); this.mockMvc.perform(formLogin().user("bob").password("bobspassword")) - .andExpect(authenticated().withUsername("bob")); + .andExpect(authenticated().withUsername("bob")); } @EnableWebSecurity diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapPasswordComparisonAuthenticationManagerFactoryITests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapPasswordComparisonAuthenticationManagerFactoryITests.java index 350cf8405c..0503cbbcaa 100644 --- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapPasswordComparisonAuthenticationManagerFactoryITests.java +++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapPasswordComparisonAuthenticationManagerFactoryITests.java @@ -49,7 +49,7 @@ public class LdapPasswordComparisonAuthenticationManagerFactoryITests { this.spring.register(CustomPasswordEncoderConfig.class).autowire(); this.mockMvc.perform(formLogin().user("bcrypt").password("password")) - .andExpect(authenticated().withUsername("bcrypt")); + .andExpect(authenticated().withUsername("bcrypt")); } @Test diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java index d3b0f5c20c..162fcc8495 100644 --- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java +++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java @@ -56,7 +56,7 @@ public class LdapProviderBeanDefinitionParserTests { AuthenticationManager authenticationManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, AuthenticationManager.class); Authentication auth = authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("ben", "benspassword")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("ben", "benspassword")); UserDetails ben = (UserDetails) auth.getPrincipal(); assertThat(ben.getAuthorities()).hasSize(3); } @@ -71,7 +71,7 @@ public class LdapProviderBeanDefinitionParserTests { ProviderManager providerManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class); assertThat(providerManager.getProviders()).hasSize(2); assertThat(providerManager.getProviders()).extracting("authoritiesPopulator.groupSearchFilter") - .containsExactly("member={0}", "uniqueMember={0}"); + .containsExactly("member={0}", "uniqueMember={0}"); } @Test @@ -89,7 +89,7 @@ public class LdapProviderBeanDefinitionParserTests { AuthenticationManager authenticationManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, AuthenticationManager.class); Authentication auth = authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("ben", "benspassword")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("ben", "benspassword")); assertThat(auth).isNotNull(); } @@ -105,7 +105,7 @@ public class LdapProviderBeanDefinitionParserTests { AuthenticationManager authenticationManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, AuthenticationManager.class); Authentication auth = authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("ben", "ben")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("ben", "ben")); assertThat(auth).isNotNull(); } @@ -122,7 +122,7 @@ public class LdapProviderBeanDefinitionParserTests { AuthenticationManager authenticationManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, AuthenticationManager.class); Authentication auth = authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bcrypt", "password")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bcrypt", "password")); assertThat(auth).isNotNull(); } @@ -137,8 +137,8 @@ public class LdapProviderBeanDefinitionParserTests { ProviderManager providerManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class); assertThat(providerManager.getProviders()).hasSize(1); - assertThat(providerManager.getProviders()).extracting("userDetailsContextMapper").allSatisfy( - (contextMapper) -> assertThat(contextMapper).isInstanceOf(InetOrgPersonContextMapper.class)); + assertThat(providerManager.getProviders()).extracting("userDetailsContextMapper") + .allSatisfy((contextMapper) -> assertThat(contextMapper).isInstanceOf(InetOrgPersonContextMapper.class)); } @Test @@ -155,10 +155,10 @@ public class LdapProviderBeanDefinitionParserTests { AuthenticationProvider authenticationProvider = providerManager.getProviders().get(0); assertThat(authenticationProvider).extracting("authenticator.userDnFormat") - .satisfies((messageFormats) -> assertThat(messageFormats) - .isEqualTo(new MessageFormat[] { new MessageFormat("uid={0},ou=people") })); + .satisfies((messageFormats) -> assertThat(messageFormats) + .isEqualTo(new MessageFormat[] { new MessageFormat("uid={0},ou=people") })); assertThat(authenticationProvider).extracting("authoritiesPopulator.groupSearchFilter") - .satisfies((searchFilter) -> assertThat(searchFilter).isEqualTo("member={0}")); + .satisfies((searchFilter) -> assertThat(searchFilter).isEqualTo("member={0}")); } } diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java index 298282ee3b..cf5a5b16bd 100644 --- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java +++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java @@ -52,7 +52,7 @@ public class LdapServerBeanDefinitionParserTests { this.appCtx = new InMemoryXmlApplicationContext(""); DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx - .getBean(BeanIds.CONTEXT_SOURCE); + .getBean(BeanIds.CONTEXT_SOURCE); // Check data is loaded LdapTemplate template = new LdapTemplate(contextSource); @@ -71,7 +71,7 @@ public class LdapServerBeanDefinitionParserTests { this.appCtx.getBean(BeanIds.CONTEXT_SOURCE); DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx - .getBean("blah"); + .getBean("blah"); // Check data is loaded as before LdapTemplate template = new LdapTemplate(contextSource); @@ -83,7 +83,7 @@ public class LdapServerBeanDefinitionParserTests { this.appCtx = new InMemoryXmlApplicationContext( ""); DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx - .getBean(BeanIds.CONTEXT_SOURCE); + .getBean(BeanIds.CONTEXT_SOURCE); LdapTemplate template = new LdapTemplate(contextSource); template.lookup("uid=pg,ou=gorillas"); diff --git a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java index 5dbc35e0da..d43bc69d6b 100644 --- a/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java +++ b/config/src/integration-test/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParserTests.java @@ -58,17 +58,17 @@ public class LdapUserServiceBeanDefinitionParserTests { @Test public void beanClassNamesAreCorrect() { assertThat(FilterBasedLdapUserSearch.class.getName()) - .isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS); + .isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS); assertThat(PersonContextMapper.class.getName()) - .isEqualTo(LdapUserServiceBeanDefinitionParser.PERSON_MAPPER_CLASS); + .isEqualTo(LdapUserServiceBeanDefinitionParser.PERSON_MAPPER_CLASS); assertThat(InetOrgPersonContextMapper.class.getName()) - .isEqualTo(LdapUserServiceBeanDefinitionParser.INET_ORG_PERSON_MAPPER_CLASS); + .isEqualTo(LdapUserServiceBeanDefinitionParser.INET_ORG_PERSON_MAPPER_CLASS); assertThat(LdapUserDetailsMapper.class.getName()) - .isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_USER_MAPPER_CLASS); + .isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_USER_MAPPER_CLASS); assertThat(DefaultLdapAuthoritiesPopulator.class.getName()) - .isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_AUTHORITIES_POPULATOR_CLASS); + .isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_AUTHORITIES_POPULATOR_CLASS); assertThat(new LdapUserServiceBeanDefinitionParser().getBeanClassName(mock(Element.class))) - .isEqualTo(LdapUserDetailsService.class.getName()); + .isEqualTo(LdapUserDetailsService.class.getName()); } @Test diff --git a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java index 57b04ac274..26a136be7e 100644 --- a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java +++ b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java @@ -85,17 +85,19 @@ public final class SecurityNamespaceHandler implements NamespaceHandler { String version = pkg.getImplementationVersion(); this.logger.info("Spring Security 'config' module version is " + version); if (version.compareTo(coreVersion) != 0) { - this.logger.error( - "You are running with different versions of the Spring Security 'core' and 'config' modules"); + this.logger + .error("You are running with different versions of the Spring Security 'core' and 'config' modules"); } } @Override public BeanDefinition parse(Element element, ParserContext pc) { if (!namespaceMatchesVersion(element)) { - pc.getReaderContext().fatal("You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or " - + "spring-security-3.1.xsd schema or spring-security-3.2.xsd schema or spring-security-4.0.xsd schema " - + "with Spring Security 5.8. Please update your schema declarations to the 5.8 schema.", element); + pc.getReaderContext() + .fatal("You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or " + + "spring-security-3.1.xsd schema or spring-security-3.2.xsd schema or spring-security-4.0.xsd schema " + + "with Spring Security 5.8. Please update your schema declarations to the 5.8 schema.", + element); } String name = pc.getDelegate().getLocalName(element); BeanDefinitionParser parser = this.parsers.get(name); @@ -140,8 +142,9 @@ public final class SecurityNamespaceHandler implements NamespaceHandler { } private void reportUnsupportedNodeType(String name, ParserContext pc, Node node) { - pc.getReaderContext().fatal("Security namespace does not support decoration of " - + ((node instanceof Element) ? "element" : "attribute") + " [" + name + "]", node); + pc.getReaderContext() + .fatal("Security namespace does not support decoration of " + + ((node instanceof Element) ? "element" : "attribute") + " [" + name + "]", node); } private void reportMissingWebClasses(String nodeName, ParserContext pc, Node node) { diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java index 588bcb7f52..d47cbd8491 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java +++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java @@ -176,7 +176,7 @@ public abstract class AbstractConfiguredSecurityBuilder> void add(C configurer) { Assert.notNull(configurer, "configurer cannot be null"); Class> clazz = (Class>) configurer - .getClass(); + .getClass(); synchronized (this.configurers) { if (this.buildState.isConfigured()) { throw new IllegalStateException("Cannot apply " + configurer + " to already built object"); diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java index 5c8b63421c..e85fdb0886 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java @@ -184,8 +184,9 @@ public class AuthenticationConfiguration { return Collections.emptyList(); } for (String beanName : beanNamesForType) { - if (((ConfigurableApplicationContext) this.applicationContext).getBeanFactory().getBeanDefinition(beanName) - .isPrimary()) { + if (((ConfigurableApplicationContext) this.applicationContext).getBeanFactory() + .getBeanDefinition(beanName) + .isPrimary()) { list.add(beanName); } } @@ -218,7 +219,7 @@ public class AuthenticationConfiguration { @Override public void init(AuthenticationManagerBuilder auth) { Map beansWithAnnotation = this.context - .getBeansWithAnnotation(EnableGlobalAuthentication.class); + .getBeansWithAnnotation(EnableGlobalAuthentication.class); if (logger.isTraceEnabled()) { logger.trace(LogMessage.format("Eagerly initializing %s", beansWithAnnotation)); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java index 7ed54d433e..d2f938fe9f 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java @@ -98,7 +98,6 @@ import org.springframework.security.config.annotation.web.servlet.configuration. * @see EnableWebMvcSecurity * @see EnableWebSecurity * @see EnableGlobalMethodSecurity - * * @author Rob Winch * */ diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java index 3958699f4b..62eabe3b4c 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeAuthenticationProviderBeanManagerConfigurer.java @@ -67,7 +67,7 @@ class InitializeAuthenticationProviderBeanManagerConfigurer extends GlobalAuthen */ private T getBeanOrNull(Class type) { String[] beanNames = InitializeAuthenticationProviderBeanManagerConfigurer.this.context - .getBeanNamesForType(type); + .getBeanNamesForType(type); if (beanNames.length != 1) { return null; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java index 07605a3fea..b391cc7337 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java @@ -387,7 +387,7 @@ public class LdapAuthenticationProviderConfigurer annotationAttributes = importMetadata - .getAnnotationAttributes(EnableGlobalMethodSecurity.class.getName()); + .getAnnotationAttributes(EnableGlobalMethodSecurity.class.getName()); this.enableMethodSecurity = AnnotationAttributes.fromMap(annotationAttributes); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java index ba61ce49a2..29f89c77df 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java @@ -51,7 +51,7 @@ final class GlobalMethodSecuritySelector implements ImportSelector { Class importingClass = ClassUtils.resolveClassName(importingClassMetadata.getClassName(), ClassUtils.getDefaultClassLoader()); boolean skipMethodSecurityConfiguration = GlobalMethodSecurityConfiguration.class - .isAssignableFrom(importingClass); + .isAssignableFrom(importingClass); AdviceMode mode = attributes.getEnum("mode"); boolean isProxy = AdviceMode.PROXY == mode; String autoProxyClassName = isProxy ? AutoProxyRegistrar.class.getName() diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MethodSecurityConfiguration.java index f1304f6393..bd0241bf72 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MethodSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MethodSecurityConfiguration.java @@ -44,13 +44,13 @@ final class Jsr250MethodSecurityConfiguration { private final Jsr250AuthorizationManager jsr250AuthorizationManager = new Jsr250AuthorizationManager(); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) MethodInterceptor jsr250AuthorizationMethodInterceptor() { AuthorizationManagerBeforeMethodInterceptor interceptor = AuthorizationManagerBeforeMethodInterceptor - .jsr250(this.jsr250AuthorizationManager); + .jsr250(this.jsr250AuthorizationManager); interceptor.setSecurityContextHolderStrategy(this.securityContextHolderStrategy); return interceptor; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java index c5f13379bd..c7f0e816b7 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java @@ -45,13 +45,13 @@ class MethodSecurityMetadataSourceAdvisorRegistrar implements ImportBeanDefiniti @Override public void registerBeanDefinitions(AnnotationMetadata importingClassMetadata, BeanDefinitionRegistry registry) { BeanDefinitionBuilder advisor = BeanDefinitionBuilder - .rootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class); + .rootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class); advisor.setRole(BeanDefinition.ROLE_INFRASTRUCTURE); advisor.addConstructorArgValue("methodSecurityInterceptor"); advisor.addConstructorArgReference("methodSecurityMetadataSource"); advisor.addConstructorArgValue("methodSecurityMetadataSource"); MultiValueMap attributes = importingClassMetadata - .getAllAnnotationAttributes(EnableGlobalMethodSecurity.class.getName()); + .getAllAnnotationAttributes(EnableGlobalMethodSecurity.class.getName()); Integer order = (Integer) attributes.getFirst("order"); if (order != null) { advisor.addPropertyValue("order", order); diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfiguration.java index d54d6f26e7..a0561b58f6 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfiguration.java @@ -68,10 +68,10 @@ final class PrePostMethodSecurityConfiguration { PrePostMethodSecurityConfiguration(ApplicationContext context) { this.preAuthorizeAuthorizationManager.setExpressionHandler(this.expressionHandler); this.preAuthorizeAuthorizationMethodInterceptor = AuthorizationManagerBeforeMethodInterceptor - .preAuthorize(this.preAuthorizeAuthorizationManager); + .preAuthorize(this.preAuthorizeAuthorizationManager); this.postAuthorizeAuthorizationManager.setExpressionHandler(this.expressionHandler); this.postAuthorizeAuthorizaitonMethodInterceptor = AuthorizationManagerAfterMethodInterceptor - .postAuthorize(this.postAuthorizeAuthorizationManager); + .postAuthorize(this.postAuthorizeAuthorizationManager); this.preFilterAuthorizationMethodInterceptor.setExpressionHandler(this.expressionHandler); this.postFilterAuthorizationMethodInterceptor.setExpressionHandler(this.expressionHandler); this.expressionHandler.setApplicationContext(context); diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java index e66dec4d6e..f3c1f5c4f7 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java @@ -91,7 +91,7 @@ class ReactiveMethodSecurityConfiguration implements ImportAware { @Override public void setImportMetadata(AnnotationMetadata importMetadata) { this.advisorOrder = (int) importMetadata.getAnnotationAttributes(EnableReactiveMethodSecurity.class.getName()) - .get("order"); + .get("order"); } @Autowired(required = false) diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java index 0b679cb1f8..dd984bc1a8 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java @@ -42,7 +42,8 @@ class ReactiveMethodSecuritySelector implements ImportSelector { return new String[0]; } EnableReactiveMethodSecurity annotation = importMetadata.getAnnotations() - .get(EnableReactiveMethodSecurity.class).synthesize(); + .get(EnableReactiveMethodSecurity.class) + .synthesize(); List imports = new ArrayList<>(Arrays.asList(this.autoProxy.selectImports(importMetadata))); if (annotation.useAuthorizationManager()) { imports.add(ReactiveAuthorizationManagerMethodSecurityConfiguration.class.getName()); diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/SecuredMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/SecuredMethodSecurityConfiguration.java index f8f54d4f53..896e062458 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/SecuredMethodSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/SecuredMethodSecurityConfiguration.java @@ -41,7 +41,7 @@ import org.springframework.security.core.context.SecurityContextHolderStrategy; final class SecuredMethodSecurityConfiguration { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java index 309e565b94..f47479be99 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java @@ -351,7 +351,7 @@ public class RSocketSecurity { public class AuthorizePayloadsSpec { private PayloadExchangeMatcherReactiveAuthorizationManager.Builder authzBuilder = PayloadExchangeMatcherReactiveAuthorizationManager - .builder(); + .builder(); public Access setup() { return matcher(PayloadExchangeMatchers.setup()); @@ -427,7 +427,7 @@ public class RSocketSecurity { public AuthorizePayloadsSpec access( ReactiveAuthorizationManager authorization) { AuthorizePayloadsSpec.this.authzBuilder - .add(new PayloadExchangeMatcherEntry<>(this.matcher, authorization)); + .add(new PayloadExchangeMatcherEntry<>(this.matcher, authorization)); return AuthorizePayloadsSpec.this; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java index 00019ba782..5325facabc 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/SecuritySocketAcceptorInterceptorConfiguration.java @@ -37,7 +37,7 @@ class SecuritySocketAcceptorInterceptorConfiguration { ObjectProvider rsocketInterceptor, ObjectProvider rsocketSecurity) { PayloadSocketAcceptorInterceptor delegate = rsocketInterceptor - .getIfAvailable(() -> defaultInterceptor(rsocketSecurity)); + .getIfAvailable(() -> defaultInterceptor(rsocketSecurity)); return new SecuritySocketAcceptorInterceptor(delegate); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java index 7ec65d6ddf..e4a94b9cb6 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java @@ -331,7 +331,7 @@ public abstract class AbstractRequestMatcherRegistry { private Map mappableServletRegistrations(ServletContext servletContext) { Map mappable = new LinkedHashMap<>(); for (Map.Entry entry : servletContext.getServletRegistrations() - .entrySet()) { + .entrySet()) { if (!entry.getValue().getMappings().isEmpty()) { mappable.put(entry.getKey(), entry.getValue()); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index 1e825969bf..c0708cda36 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -1418,7 +1418,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder(context)).getRegistry()); + .customize(getOrApply(new ExpressionUrlAuthorizationConfigurer<>(context)).getRegistry()); return HttpSecurity.this; } @@ -1647,7 +1647,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder(context)).getRegistry()); + .customize(getOrApply(new AuthorizeHttpRequestsConfigurer<>(context)).getRegistry()); return HttpSecurity.this; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java index 9a26c546a6..5c24c3950d 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java @@ -307,13 +307,13 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder securityFilterChainBuilder : this.securityFilterChainBuilders) { SecurityFilterChain securityFilterChain = securityFilterChainBuilder.build(); securityFilterChains.add(securityFilterChain); requestMatcherPrivilegeEvaluatorsEntries - .add(getRequestMatcherPrivilegeEvaluatorsEntry(securityFilterChain)); + .add(getRequestMatcherPrivilegeEvaluatorsEntry(securityFilterChain)); } if (this.privilegeEvaluator == null) { this.privilegeEvaluator = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator( @@ -354,7 +354,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder authorizationManager = ((AuthorizationFilter) filter) - .getAuthorizationManager(); + .getAuthorizationManager(); AuthorizationManagerWebInvocationPrivilegeEvaluator evaluator = new AuthorizationManagerWebInvocationPrivilegeEvaluator( authorizationManager); evaluator.setServletContext(this.servletContext); @@ -374,7 +374,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder * * @see WebSecurityConfigurer - * * @author Rob Winch * @since 3.2 */ diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java index 2c3439994c..9f83f61fb0 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java @@ -65,7 +65,7 @@ class HttpSecurityConfiguration { private ApplicationContext context; private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private ContentNegotiationStrategy contentNegotiationStrategy = new HeaderContentNegotiationStrategy(); @@ -143,7 +143,7 @@ class HttpSecurityConfiguration { private void applyDefaultConfigurers(HttpSecurity http) throws Exception { ClassLoader classLoader = this.context.getClassLoader(); List defaultHttpConfigurers = SpringFactoriesLoader - .loadFactories(AbstractHttpConfigurer.class, classLoader); + .loadFactories(AbstractHttpConfigurer.class, classLoader); for (AbstractHttpConfigurer configurer : defaultHttpConfigurers) { http.apply(configurer); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java index 79eeb478d5..2d29181e54 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ImportSelector.java @@ -48,11 +48,11 @@ final class OAuth2ImportSelector implements ImportSelector { Set imports = new LinkedHashSet<>(); ClassLoader classLoader = getClass().getClassLoader(); boolean oauth2ClientPresent = ClassUtils - .isPresent("org.springframework.security.oauth2.client.registration.ClientRegistration", classLoader); + .isPresent("org.springframework.security.oauth2.client.registration.ClientRegistration", classLoader); boolean webfluxPresent = ClassUtils - .isPresent("org.springframework.web.reactive.function.client.ExchangeFilterFunction", classLoader); + .isPresent("org.springframework.web.reactive.function.client.ExchangeFilterFunction", classLoader); boolean oauth2ResourceServerPresent = ClassUtils - .isPresent("org.springframework.security.oauth2.server.resource.BearerTokenError", classLoader); + .isPresent("org.springframework.security.oauth2.server.resource.BearerTokenError", classLoader); if (oauth2ClientPresent) { imports.add("org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration"); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java index 9e612a9be3..c2537b93b7 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java @@ -66,7 +66,7 @@ import org.springframework.web.context.request.ServletRequestAttributes; class SecurityReactorContextConfiguration { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); @Bean SecurityReactorContextSubscriberRegistrar securityReactorContextSubscriberRegistrar() { @@ -88,7 +88,7 @@ class SecurityReactorContextConfiguration { private final Map> CONTEXT_ATTRIBUTE_VALUE_LOADERS = new HashMap<>(); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); SecurityReactorContextSubscriberRegistrar() { this.CONTEXT_ATTRIBUTE_VALUE_LOADERS.put(HttpServletRequest.class, @@ -101,7 +101,7 @@ class SecurityReactorContextConfiguration { @Override public void afterPropertiesSet() throws Exception { Function, ? extends Publisher> lifter = Operators - .liftPublisher((pub, sub) -> createSubscriberIfNecessary(sub)); + .liftPublisher((pub, sub) -> createSubscriberIfNecessary(sub)); Hooks.onLastOperator(SECURITY_REACTOR_CONTEXT_OPERATOR_KEY, lifter::apply); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java index 511c93efd2..0423767e8b 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java @@ -39,8 +39,8 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor; * Used to add a {@link RequestDataValueProcessor} for Spring MVC and Spring Security CSRF * integration. This configuration is added whenever {@link EnableWebMvc} is added by * SpringWebMvcImportSelector - * and the DispatcherServlet is present on the classpath. It also adds the + * {@docRoot}/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.html">SpringWebMvcImportSelector and + * the DispatcherServlet is present on the classpath. It also adds the * {@link AuthenticationPrincipalArgumentResolver} as a * {@link HandlerMethodArgumentResolver}. * @@ -53,7 +53,7 @@ class WebMvcSecurityConfiguration implements WebMvcConfigurer, ApplicationContex private BeanResolver beanResolver; private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); @Override @SuppressWarnings("deprecation") @@ -63,7 +63,7 @@ class WebMvcSecurityConfiguration implements WebMvcConfigurer, ApplicationContex authenticationPrincipalResolver.setSecurityContextHolderStrategy(this.securityContextHolderStrategy); argumentResolvers.add(authenticationPrincipalResolver); argumentResolvers - .add(new org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver()); + .add(new org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver()); CurrentSecurityContextArgumentResolver currentSecurityContextArgumentResolver = new CurrentSecurityContextArgumentResolver(); currentSecurityContextArgumentResolver.setBeanResolver(this.beanResolver); currentSecurityContextArgumentResolver.setSecurityContextHolderStrategy(this.securityContextHolderStrategy); diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java index 9d73ce7536..62820b5973 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java @@ -106,8 +106,8 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one."); if (!hasConfigurers && !hasFilterChain) { WebSecurityConfigurerAdapter adapter = this.objectObjectPostProcessor - .postProcess(new WebSecurityConfigurerAdapter() { - }); + .postProcess(new WebSecurityConfigurerAdapter() { + }); this.webSecurity.apply(adapter); } for (SecurityFilterChain securityFilterChain : this.securityFilterChains) { @@ -154,7 +154,8 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa this.webSecurity.debug(this.debugEnabled); } List> webSecurityConfigurers = new AutowiredWebSecurityConfigurersIgnoreParents( - beanFactory).getWebSecurityConfigurers(); + beanFactory) + .getWebSecurityConfigurers(); webSecurityConfigurers.sort(AnnotationAwareOrderComparator.INSTANCE); Integer previousOrder = null; Object previousConfig = null; @@ -191,7 +192,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa @Override public void setImportMetadata(AnnotationMetadata importMetadata) { Map enableWebSecurityAttrMap = importMetadata - .getAnnotationAttributes(EnableWebSecurity.class.getName()); + .getAnnotationAttributes(EnableWebSecurity.class.getName()); AnnotationAttributes enableWebSecurityAttrs = AnnotationAttributes.fromMap(enableWebSecurityAttrMap); this.debugEnabled = enableWebSecurityAttrs.getBoolean("debug"); if (this.webSecurity != null) { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java index 1f8a4387cb..b7a494b6f8 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java @@ -230,7 +230,7 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu applyDefaultConfiguration(this.http); ClassLoader classLoader = this.context.getClassLoader(); List defaultHttpConfigurers = SpringFactoriesLoader - .loadFactories(AbstractHttpConfigurer.class, classLoader); + .loadFactories(AbstractHttpConfigurer.class, classLoader); for (AbstractHttpConfigurer configurer : defaultHttpConfigurers) { this.http.apply(configurer); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java index 1b2eb3fc7c..f85f0dbb20 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.java @@ -285,7 +285,7 @@ public abstract class AbstractAuthenticationFilterConfigurer { private final RequestMatcherDelegatingAuthorizationManager.Builder managerBuilder = RequestMatcherDelegatingAuthorizationManager - .builder(); + .builder(); private List unmappedMatchers; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java index 11a6a62544..e326e42d40 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java @@ -176,7 +176,7 @@ public final class ExpressionUrlAuthorizationConfigurer> extends */ private void initDefaultLoginFilter(H http) { DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http - .getSharedObject(DefaultLoginPageGeneratingFilter.class); + .getSharedObject(DefaultLoginPageGeneratingFilter.class); if (loginPageGeneratingFilter != null && !isCustomLoginPage()) { loginPageGeneratingFilter.setFormLoginEnabled(true); loginPageGeneratingFilter.setUsernameParameter(getUsernameParameter()); diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java index 1453897adf..5fb703d1d3 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurer.java @@ -192,8 +192,8 @@ public final class JeeConfigurer> extends Abstr PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider(); authenticationProvider.setPreAuthenticatedUserDetailsService(getUserDetailsService()); authenticationProvider = postProcess(authenticationProvider); - http.authenticationProvider(authenticationProvider).setSharedObject(AuthenticationEntryPoint.class, - new Http403ForbiddenEntryPoint()); + http.authenticationProvider(authenticationProvider) + .setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint()); } @Override @@ -214,9 +214,9 @@ public final class JeeConfigurer> extends Abstr this.j2eePreAuthenticatedProcessingFilter = new J2eePreAuthenticatedProcessingFilter(); this.j2eePreAuthenticatedProcessingFilter.setAuthenticationManager(authenticationManager); this.j2eePreAuthenticatedProcessingFilter - .setAuthenticationDetailsSource(createWebAuthenticationDetailsSource()); + .setAuthenticationDetailsSource(createWebAuthenticationDetailsSource()); this.j2eePreAuthenticatedProcessingFilter - .setSecurityContextHolderStrategy(getSecurityContextHolderStrategy()); + .setSecurityContextHolderStrategy(getSecurityContextHolderStrategy()); this.j2eePreAuthenticatedProcessingFilter = postProcess(this.j2eePreAuthenticatedProcessingFilter); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java index d9b0077076..edef03dd1d 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java @@ -280,7 +280,7 @@ public final class LogoutConfigurer> PermitAllSupport.permitAll(http, this.getLogoutRequestMatcher(http)); } DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http - .getSharedObject(DefaultLoginPageGeneratingFilter.class); + .getSharedObject(DefaultLoginPageGeneratingFilter.class); if (loginPageGeneratingFilter != null && !isCustomLogoutSuccess()) { loginPageGeneratingFilter.setLogoutSuccessUrl(getLogoutSuccessUrl()); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java index ac96e48010..92a63ef868 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java @@ -47,7 +47,7 @@ final class PermitAllSupport { static void permitAll(HttpSecurityBuilder> http, RequestMatcher... requestMatchers) { ExpressionUrlAuthorizationConfigurer configurer = http - .getConfigurer(ExpressionUrlAuthorizationConfigurer.class); + .getConfigurer(ExpressionUrlAuthorizationConfigurer.class); AuthorizeHttpRequestsConfigurer httpConfigurer = http.getConfigurer(AuthorizeHttpRequestsConfigurer.class); boolean oneConfigurerPresent = configurer == null ^ httpConfigurer == null; @@ -58,8 +58,9 @@ final class PermitAllSupport { for (RequestMatcher matcher : requestMatchers) { if (matcher != null) { if (configurer != null) { - configurer.getRegistry().addMapping(0, new UrlMapping(matcher, - SecurityConfig.createList(ExpressionUrlAuthorizationConfigurer.permitAll))); + configurer.getRegistry() + .addMapping(0, new UrlMapping(matcher, + SecurityConfig.createList(ExpressionUrlAuthorizationConfigurer.permitAll))); } else { httpConfigurer.addFirst(matcher, AuthorizeHttpRequestsConfigurer.permitAllAuthorizationManager); diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java index 7664534775..0125a22bae 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurer.java @@ -292,7 +292,7 @@ public final class RememberMeConfigurer> SecurityContextConfigurer securityContextConfigurer = http.getConfigurer(SecurityContextConfigurer.class); if (securityContextConfigurer != null && securityContextConfigurer.isRequireExplicitSave()) { SecurityContextRepository securityContextRepository = securityContextConfigurer - .getSecurityContextRepository(); + .getSecurityContextRepository(); rememberMeFilter.setSecurityContextRepository(securityContextRepository); } rememberMeFilter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy()); @@ -325,7 +325,7 @@ public final class RememberMeConfigurer> */ private void initDefaultLoginFilter(H http) { DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http - .getSharedObject(DefaultLoginPageGeneratingFilter.class); + .getSharedObject(DefaultLoginPageGeneratingFilter.class); if (loginPageGeneratingFilter != null) { loginPageGeneratingFilter.setRememberMeParameter(getRememberMeParameter()); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java index 026c429a81..48fb404917 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java @@ -94,7 +94,7 @@ public final class SecurityContextConfigurer> SecurityContextRepository getSecurityContextRepository() { SecurityContextRepository securityContextRepository = getBuilder() - .getSharedObject(SecurityContextRepository.class); + .getSharedObject(SecurityContextRepository.class); if (securityContextRepository == null) { securityContextRepository = new HttpSessionSecurityContextRepository(); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java index 63fc715ae8..1e11af786f 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurer.java @@ -95,7 +95,7 @@ public final class ServletApiConfigurer> String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class); if (grantedAuthorityDefaultsBeanNames.length == 1) { GrantedAuthorityDefaults grantedAuthorityDefaults = context - .getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class); + .getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class); this.securityContextRequestFilter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix()); } this.securityContextRequestFilter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy()); diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java index 3309734cf0..f36e3863ba 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java @@ -172,8 +172,8 @@ public final class X509Configurer> public void init(H http) { PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider(); authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http)); - http.authenticationProvider(authenticationProvider).setSharedObject(AuthenticationEntryPoint.class, - new Http403ForbiddenEntryPoint()); + http.authenticationProvider(authenticationProvider) + .setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint()); } @Override diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java index b583b4b5b7..04bc4f2c43 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java @@ -259,7 +259,7 @@ public final class OAuth2ClientConfigurer> resolver); if (this.authorizationRequestRepository != null) { authorizationRequestRedirectFilter - .setAuthorizationRequestRepository(this.authorizationRequestRepository); + .setAuthorizationRequestRepository(this.authorizationRequestRepository); } if (this.authorizationRedirectStrategy != null) { authorizationRequestRedirectFilter.setAuthorizationRedirectStrategy(this.authorizationRedirectStrategy); @@ -276,7 +276,7 @@ public final class OAuth2ClientConfigurer> return this.authorizationRequestResolver; } ClientRegistrationRepository clientRegistrationRepository = OAuth2ClientConfigurerUtils - .getClientRegistrationRepository(getBuilder()); + .getClientRegistrationRepository(getBuilder()); return new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository, OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java index 0f1dc7ab8f..bbf7fe7ef2 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerUtils.java @@ -43,7 +43,7 @@ final class OAuth2ClientConfigurerUtils { static > ClientRegistrationRepository getClientRegistrationRepository(B builder) { ClientRegistrationRepository clientRegistrationRepository = builder - .getSharedObject(ClientRegistrationRepository.class); + .getSharedObject(ClientRegistrationRepository.class); if (clientRegistrationRepository == null) { clientRegistrationRepository = getClientRegistrationRepositoryBean(builder); builder.setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository); @@ -59,7 +59,7 @@ final class OAuth2ClientConfigurerUtils { static > OAuth2AuthorizedClientRepository getAuthorizedClientRepository( B builder) { OAuth2AuthorizedClientRepository authorizedClientRepository = builder - .getSharedObject(OAuth2AuthorizedClientRepository.class); + .getSharedObject(OAuth2AuthorizedClientRepository.class); if (authorizedClientRepository == null) { authorizedClientRepository = getAuthorizedClientRepositoryBean(builder); if (authorizedClientRepository == null) { @@ -74,8 +74,8 @@ final class OAuth2ClientConfigurerUtils { private static > OAuth2AuthorizedClientRepository getAuthorizedClientRepositoryBean( B builder) { Map authorizedClientRepositoryMap = BeanFactoryUtils - .beansOfTypeIncludingAncestors(builder.getSharedObject(ApplicationContext.class), - OAuth2AuthorizedClientRepository.class); + .beansOfTypeIncludingAncestors(builder.getSharedObject(ApplicationContext.class), + OAuth2AuthorizedClientRepository.class); if (authorizedClientRepositoryMap.size() > 1) { throw new NoUniqueBeanDefinitionException(OAuth2AuthorizedClientRepository.class, authorizedClientRepositoryMap.size(), @@ -100,8 +100,8 @@ final class OAuth2ClientConfigurerUtils { private static > OAuth2AuthorizedClientService getAuthorizedClientServiceBean( B builder) { Map authorizedClientServiceMap = BeanFactoryUtils - .beansOfTypeIncludingAncestors(builder.getSharedObject(ApplicationContext.class), - OAuth2AuthorizedClientService.class); + .beansOfTypeIncludingAncestors(builder.getSharedObject(ApplicationContext.class), + OAuth2AuthorizedClientService.class); if (authorizedClientServiceMap.size() > 1) { throw new NoUniqueBeanDefinitionException(OAuth2AuthorizedClientService.class, authorizedClientServiceMap.size(), diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java index 91238b24fd..2f02987ed2 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java @@ -329,7 +329,7 @@ public final class OAuth2LoginConfigurer> } http.authenticationProvider(this.postProcess(oauth2LoginAuthenticationProvider)); boolean oidcAuthenticationProviderEnabled = ClassUtils - .isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader()); + .isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader()); if (oidcAuthenticationProviderEnabled) { OAuth2UserService oidcUserService = getOidcUserService(); OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider = new OidcAuthorizationCodeAuthenticationProvider( @@ -367,11 +367,11 @@ public final class OAuth2LoginConfigurer> } if (this.authorizationEndpointConfig.authorizationRequestRepository != null) { authorizationRequestFilter - .setAuthorizationRequestRepository(this.authorizationEndpointConfig.authorizationRequestRepository); + .setAuthorizationRequestRepository(this.authorizationEndpointConfig.authorizationRequestRepository); } if (this.authorizationEndpointConfig.authorizationRedirectStrategy != null) { authorizationRequestFilter - .setAuthorizationRedirectStrategy(this.authorizationEndpointConfig.authorizationRedirectStrategy); + .setAuthorizationRedirectStrategy(this.authorizationEndpointConfig.authorizationRedirectStrategy); } RequestCache requestCache = http.getSharedObject(RequestCache.class); if (requestCache != null) { @@ -384,7 +384,7 @@ public final class OAuth2LoginConfigurer> } if (this.authorizationEndpointConfig.authorizationRequestRepository != null) { authenticationFilter - .setAuthorizationRequestRepository(this.authorizationEndpointConfig.authorizationRequestRepository); + .setAuthorizationRequestRepository(this.authorizationEndpointConfig.authorizationRequestRepository); } super.configure(http); } @@ -402,15 +402,16 @@ public final class OAuth2LoginConfigurer> throw new NoUniqueBeanDefinitionException(type, names); } if (names.length == 1) { - return (JwtDecoderFactory) this.getBuilder().getSharedObject(ApplicationContext.class) - .getBean(names[0]); + return (JwtDecoderFactory) this.getBuilder() + .getSharedObject(ApplicationContext.class) + .getBean(names[0]); } return null; } private GrantedAuthoritiesMapper getGrantedAuthoritiesMapper() { GrantedAuthoritiesMapper grantedAuthoritiesMapper = this.getBuilder() - .getSharedObject(GrantedAuthoritiesMapper.class); + .getSharedObject(GrantedAuthoritiesMapper.class); if (grantedAuthoritiesMapper == null) { grantedAuthoritiesMapper = this.getGrantedAuthoritiesMapperBean(); if (grantedAuthoritiesMapper != null) { @@ -422,8 +423,8 @@ public final class OAuth2LoginConfigurer> private GrantedAuthoritiesMapper getGrantedAuthoritiesMapperBean() { Map grantedAuthoritiesMapperMap = BeanFactoryUtils - .beansOfTypeIncludingAncestors(this.getBuilder().getSharedObject(ApplicationContext.class), - GrantedAuthoritiesMapper.class); + .beansOfTypeIncludingAncestors(this.getBuilder().getSharedObject(ApplicationContext.class), + GrantedAuthoritiesMapper.class); return (!grantedAuthoritiesMapperMap.isEmpty() ? grantedAuthoritiesMapperMap.values().iterator().next() : null); } @@ -469,7 +470,7 @@ public final class OAuth2LoginConfigurer> private void initDefaultLoginFilter(B http) { DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http - .getSharedObject(DefaultLoginPageGeneratingFilter.class); + .getSharedObject(DefaultLoginPageGeneratingFilter.class); if (loginPageGeneratingFilter == null || this.isCustomLoginPage()) { return; } @@ -483,7 +484,7 @@ public final class OAuth2LoginConfigurer> private Map getLoginLinks() { Iterable clientRegistrations = null; ClientRegistrationRepository clientRegistrationRepository = OAuth2ClientConfigurerUtils - .getClientRegistrationRepository(this.getBuilder()); + .getClientRegistrationRepository(this.getBuilder()); ResolvableType type = ResolvableType.forInstance(clientRegistrationRepository).as(Iterable.class); if (type != ResolvableType.NONE && ClientRegistration.class.isAssignableFrom(type.resolveGenerics()[0])) { clientRegistrations = (Iterable) clientRegistrationRepository; @@ -523,13 +524,13 @@ public final class OAuth2LoginConfigurer> private RequestMatcher getFormLoginNotEnabledRequestMatcher(B http) { DefaultLoginPageGeneratingFilter defaultLoginPageGeneratingFilter = http - .getSharedObject(DefaultLoginPageGeneratingFilter.class); + .getSharedObject(DefaultLoginPageGeneratingFilter.class); Field formLoginEnabledField = (defaultLoginPageGeneratingFilter != null) ? ReflectionUtils.findField(DefaultLoginPageGeneratingFilter.class, "formLoginEnabled") : null; if (formLoginEnabledField != null) { ReflectionUtils.makeAccessible(formLoginEnabledField); return (request) -> Boolean.FALSE - .equals(ReflectionUtils.getField(formLoginEnabledField, defaultLoginPageGeneratingFilter)); + .equals(ReflectionUtils.getField(formLoginEnabledField, defaultLoginPageGeneratingFilter)); } return AnyRequestMatcher.INSTANCE; } @@ -742,8 +743,8 @@ public final class OAuth2LoginConfigurer> */ public UserInfoEndpointConfig userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) { Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null"); - OAuth2LoginConfigurer.this.getBuilder().setSharedObject(GrantedAuthoritiesMapper.class, - userAuthoritiesMapper); + OAuth2LoginConfigurer.this.getBuilder() + .setSharedObject(GrantedAuthoritiesMapper.class, userAuthoritiesMapper); return this; } @@ -763,7 +764,7 @@ public final class OAuth2LoginConfigurer> public Authentication authenticate(Authentication authentication) throws AuthenticationException { OAuth2LoginAuthenticationToken authorizationCodeAuthentication = (OAuth2LoginAuthenticationToken) authentication; OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationExchange() - .getAuthorizationRequest(); + .getAuthorizationRequest(); if (authorizationRequest.getScopes().contains(OidcScopes.OPENID)) { // Section 3.1.2.1 Authentication Request - // https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest scope diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java index e02fa65316..eb4b3b725d 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java @@ -305,7 +305,7 @@ public final class OAuth2ResourceServerConfigurer exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class); if (exceptionHandling != null) { ContentNegotiationStrategy contentNegotiationStrategy = http - .getSharedObject(ContentNegotiationStrategy.class); + .getSharedObject(ContentNegotiationStrategy.class); if (contentNegotiationStrategy == null) { contentNegotiationStrategy = new HeaderContentNegotiationStrategy(); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java index 5acc17bcf3..008d1e7282 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java @@ -357,7 +357,7 @@ public final class OpenIDLoginConfigurer> */ private void initDefaultLoginFilter(H http) { DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http - .getSharedObject(DefaultLoginPageGeneratingFilter.class); + .getSharedObject(DefaultLoginPageGeneratingFilter.class); if (loginPageGeneratingFilter != null && !isCustomLoginPage()) { loginPageGeneratingFilter.setOpenIdEnabled(true); loginPageGeneratingFilter.setOpenIDauthenticationUrl(getLoginProcessingUrl()); @@ -367,7 +367,7 @@ public final class OpenIDLoginConfigurer> loginPageGeneratingFilter.setFailureUrl(getFailureUrl()); } loginPageGeneratingFilter - .setOpenIDusernameParameter(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD); + .setOpenIDusernameParameter(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD); } } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java index e3293cd6b8..d9529f455a 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java @@ -394,7 +394,7 @@ public final class Saml2LoginConfigurer> private void initDefaultLoginFilter(B http) { DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http - .getSharedObject(DefaultLoginPageGeneratingFilter.class); + .getSharedObject(DefaultLoginPageGeneratingFilter.class); if (loginPageGeneratingFilter == null || this.isCustomLoginPage()) { return; } @@ -433,7 +433,7 @@ public final class Saml2LoginConfigurer> return version; } boolean openSaml4ClassPresent = ClassUtils - .isPresent("org.opensaml.core.xml.persist.impl.PassthroughSourceStrategy", null); + .isPresent("org.opensaml.core.xml.persist.impl.PassthroughSourceStrategy", null); if (openSaml4ClassPresent) { return OPEN_SAML_4_VERSION; } @@ -475,7 +475,7 @@ public final class Saml2LoginConfigurer> "org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationRequestFactory", OpenSaml4LoginSupportFactory.class.getClassLoader()); return (Saml2AuthenticationRequestFactory) authenticationRequestFactory.getDeclaredConstructor() - .newInstance(); + .newInstance(); } catch (ReflectiveOperationException ex) { throw new IllegalStateException("Could not instantiate OpenSaml4AuthenticationRequestFactory", ex); diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java index 0fbfff015e..a54bbbc62f 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java @@ -299,7 +299,7 @@ public final class Saml2LogoutConfigurer> private Saml2RelyingPartyInitiatedLogoutSuccessHandler createSaml2LogoutRequestSuccessHandler( RelyingPartyRegistrationResolver relyingPartyRegistrationResolver) { Saml2LogoutRequestResolver logoutRequestResolver = this.logoutRequestConfigurer - .logoutRequestResolver(relyingPartyRegistrationResolver); + .logoutRequestResolver(relyingPartyRegistrationResolver); return new Saml2RelyingPartyInitiatedLogoutSuccessHandler(logoutRequestResolver); } @@ -314,7 +314,7 @@ public final class Saml2LogoutConfigurer> return version; } boolean openSaml4ClassPresent = ClassUtils - .isPresent("org.opensaml.core.xml.persist.impl.PassthroughSourceStrategy", null); + .isPresent("org.opensaml.core.xml.persist.impl.PassthroughSourceStrategy", null); if (openSaml4ClassPresent) { return OPEN_SAML_4_VERSION; } @@ -543,8 +543,8 @@ public final class Saml2LogoutConfigurer> "org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutResponseResolver", OpenSaml4LogoutSupportFactory.class.getClassLoader()); return (Saml2LogoutResponseResolver) logoutResponseResolver - .getDeclaredConstructor(RelyingPartyRegistrationResolver.class) - .newInstance(relyingPartyRegistrationResolver); + .getDeclaredConstructor(RelyingPartyRegistrationResolver.class) + .newInstance(relyingPartyRegistrationResolver); } catch (ReflectiveOperationException ex) { throw new IllegalStateException("Could not instantiate OpenSaml4LogoutResponseResolver", ex); @@ -558,8 +558,8 @@ public final class Saml2LogoutConfigurer> "org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutRequestResolver", OpenSaml4LogoutSupportFactory.class.getClassLoader()); return (Saml2LogoutRequestResolver) logoutRequestResolver - .getDeclaredConstructor(RelyingPartyRegistrationResolver.class) - .newInstance(relyingPartyRegistrationResolver); + .getDeclaredConstructor(RelyingPartyRegistrationResolver.class) + .newInstance(relyingPartyRegistrationResolver); } catch (ReflectiveOperationException ex) { throw new IllegalStateException("Could not instantiate OpenSaml4LogoutRequestResolver", ex); diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java index dda9e7bea8..b9969d1bf5 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java @@ -235,7 +235,7 @@ public class MessageSecurityMetadataSourceRegistry { matcherToExpression.put(entry.getKey().build(), entry.getValue()); } return ExpressionBasedMessageSecurityMetadataSourceFactory - .createExpressionMessageMetadataSource(matcherToExpression, this.expressionHandler); + .createExpressionMessageMetadataSource(matcherToExpression, this.expressionHandler); } /** diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java index e72f9a5b4b..e826b5fa33 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java @@ -117,7 +117,12 @@ final class ReactiveOAuth2ClientImportSelector implements ImportSelector { ReactiveOAuth2AuthorizedClientManager authorizedClientManager = null; if (this.authorizedClientRepository != null && this.clientRegistrationRepository != null) { ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder - .builder().authorizationCode().refreshToken().clientCredentials().password().build(); + .builder() + .authorizationCode() + .refreshToken() + .clientCredentials() + .password() + .build(); DefaultReactiveOAuth2AuthorizedClientManager defaultReactiveOAuth2AuthorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager( this.clientRegistrationRepository, getAuthorizedClientRepository()); defaultReactiveOAuth2AuthorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider); diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java index 07119e8ee0..7529bc5e77 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java @@ -120,7 +120,7 @@ class WebFluxSecurityConfiguration { static boolean shouldConfigure(ApplicationContext context) { ClassLoader loader = context.getClassLoader(); Class reactiveClientRegistrationRepositoryClass = ClassUtils - .resolveClassName(REACTIVE_CLIENT_REGISTRATION_REPOSITORY_CLASSNAME, loader); + .resolveClassName(REACTIVE_CLIENT_REGISTRATION_REPOSITORY_CLASSNAME, loader); return context.getBeanNamesForType(reactiveClientRegistrationRepositoryClass).length == 1; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java index 7b68cf5de7..544939f5d7 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java @@ -29,6 +29,7 @@ import org.springframework.security.config.annotation.authentication.configurati /** * Add this annotation to an {@code @Configuration} class to have the Spring Security * configuration integrate with Spring MVC. + * * @deprecated Use EnableWebSecurity instead which will automatically add the Spring MVC * related Security items. * @author Rob Winch diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java index 735444bcdb..ca0fabd6f5 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java @@ -32,8 +32,8 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor; * Used to add a {@link RequestDataValueProcessor} for Spring MVC and Spring Security CSRF * integration. This configuration is added whenever {@link EnableWebMvc} is added by * SpringWebMvcImportSelector - * and the DispatcherServlet is present on the classpath. It also adds the + * {@docRoot}/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.html">SpringWebMvcImportSelector and + * the DispatcherServlet is present on the classpath. It also adds the * {@link AuthenticationPrincipalArgumentResolver} as a * {@link HandlerMethodArgumentResolver}. * @@ -51,7 +51,7 @@ public class WebMvcSecurityConfiguration implements WebMvcConfigurer { public void addArgumentResolvers(List argumentResolvers) { argumentResolvers.add(new AuthenticationPrincipalArgumentResolver()); argumentResolvers - .add(new org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver()); + .add(new org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver()); } @Bean diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/socket/MessageMatcherAuthorizationManagerConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/socket/MessageMatcherAuthorizationManagerConfiguration.java index 930ce77353..62fc8d8007 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/socket/MessageMatcherAuthorizationManagerConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/socket/MessageMatcherAuthorizationManagerConfiguration.java @@ -29,10 +29,11 @@ final class MessageMatcherAuthorizationManagerConfiguration { @Scope("prototype") MessageMatcherDelegatingAuthorizationManager.Builder messageAuthorizationManagerBuilder( ApplicationContext context) { - return MessageMatcherDelegatingAuthorizationManager.builder().simpDestPathMatcher( - () -> (context.getBeanNamesForType(SimpAnnotationMethodMessageHandler.class).length > 0) - ? context.getBean(SimpAnnotationMethodMessageHandler.class).getPathMatcher() - : new AntPathMatcher()); + return MessageMatcherDelegatingAuthorizationManager.builder() + .simpDestPathMatcher( + () -> (context.getBeanNamesForType(SimpAnnotationMethodMessageHandler.class).length > 0) + ? context.getBean(SimpAnnotationMethodMessageHandler.class).getPathMatcher() + : new AntPathMatcher()); } } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfiguration.java index 1a23f8d5ec..f6d32b93b0 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfiguration.java @@ -61,10 +61,13 @@ final class WebSocketMessageBrokerSecurityConfiguration private MessageMatcherDelegatingAuthorizationManager b; private static final AuthorizationManager> ANY_MESSAGE_AUTHENTICATED = MessageMatcherDelegatingAuthorizationManager - .builder().anyMessage().authenticated().build(); + .builder() + .anyMessage() + .authenticated() + .build(); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private final SecurityContextChannelInterceptor securityContextChannelInterceptor = new SecurityContextChannelInterceptor(); @@ -95,7 +98,7 @@ final class WebSocketMessageBrokerSecurityConfiguration } this.authorizationChannelInterceptor - .setAuthorizationEventPublisher(new SpringAuthorizationEventPublisher(this.context)); + .setAuthorizationEventPublisher(new SpringAuthorizationEventPublisher(this.context)); this.authorizationChannelInterceptor.setSecurityContextHolderStrategy(this.securityContextHolderStrategy); this.securityContextChannelInterceptor.setSecurityContextHolderStrategy(this.securityContextHolderStrategy); registration.interceptors(this.securityContextChannelInterceptor, this.csrfChannelInterceptor, diff --git a/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java index 883e98bc39..6c530c0142 100644 --- a/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java @@ -55,12 +55,12 @@ public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements // Register a caching version of the user service if there's a cache-ref if (StringUtils.hasText(cacheRef)) { BeanDefinitionBuilder cachingUSBuilder = BeanDefinitionBuilder - .rootBeanDefinition(CachingUserDetailsService.class); + .rootBeanDefinition(CachingUserDetailsService.class); cachingUSBuilder.addConstructorArgReference(beanId); cachingUSBuilder.addPropertyValue("userCache", new RuntimeBeanReference(cacheRef)); BeanDefinition cachingUserService = cachingUSBuilder.getBeanDefinition(); parserContext - .registerBeanComponent(new BeanComponentDefinition(cachingUserService, beanId + CACHING_SUFFIX)); + .registerBeanComponent(new BeanComponentDefinition(cachingUserService, beanId + CACHING_SUFFIX)); } return null; } diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java index 33bdcb923b..5aeaba3859 100644 --- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java @@ -64,8 +64,8 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition String id = element.getAttribute("id"); if (!StringUtils.hasText(id)) { if (pc.getRegistry().containsBeanDefinition(BeanIds.AUTHENTICATION_MANAGER)) { - pc.getReaderContext().warning("Overriding globally registered AuthenticationManager", - pc.extractSource(element)); + pc.getReaderContext() + .warning("Overriding globally registered AuthenticationManager", pc.extractSource(element)); } id = BeanIds.AUTHENTICATION_MANAGER; } @@ -124,14 +124,16 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition return new RuntimeBeanReference(providerId); } if (providerElement.getAttributes().getLength() > 1) { - pc.getReaderContext().error("authentication-provider element cannot be used with other attributes " - + "when using 'ref' attribute", pc.extractSource(element)); + pc.getReaderContext() + .error("authentication-provider element cannot be used with other attributes " + + "when using 'ref' attribute", pc.extractSource(element)); } NodeList providerChildren = providerElement.getChildNodes(); for (int i = 0; i < providerChildren.getLength(); i++) { if (providerChildren.item(i) instanceof Element) { - pc.getReaderContext().error("authentication-provider element cannot have child elements when used " - + "with 'ref' attribute", pc.extractSource(element)); + pc.getReaderContext() + .error("authentication-provider element cannot have child elements when used " + + "with 'ref' attribute", pc.extractSource(element)); } } return new RuntimeBeanReference(ref); diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java index e5970adef7..794f30d179 100644 --- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java @@ -60,9 +60,9 @@ public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitio if (StringUtils.hasText(ref)) { if (userServiceElt != null) { pc.getReaderContext() - .error("The " + ATT_USER_DETAILS_REF + " attribute cannot be used in combination with child" - + "elements '" + Elements.USER_SERVICE + "', '" + Elements.JDBC_USER_SERVICE + "' or '" - + Elements.LDAP_USER_SERVICE + "'", element); + .error("The " + ATT_USER_DETAILS_REF + " attribute cannot be used in combination with child" + + "elements '" + Elements.USER_SERVICE + "', '" + Elements.JDBC_USER_SERVICE + "' or '" + + Elements.LDAP_USER_SERVICE + "'", element); } authProvider.getPropertyValues().add("userDetailsService", new RuntimeBeanReference(ref)); } diff --git a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java index d1e192a6e7..a0d7de83f6 100644 --- a/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java @@ -46,8 +46,9 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ builder.addPropertyReference("dataSource", dataSource); } else { - parserContext.getReaderContext().error(ATT_DATA_SOURCE + " is required for " + Elements.JDBC_USER_SERVICE, - parserContext.extractSource(element)); + parserContext.getReaderContext() + .error(ATT_DATA_SOURCE + " is required for " + Elements.JDBC_USER_SERVICE, + parserContext.extractSource(element)); } String usersQuery = element.getAttribute(ATT_USERS_BY_USERNAME_QUERY); String authoritiesQuery = element.getAttribute(ATT_AUTHORITIES_BY_USERNAME_QUERY); diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java index 0e5343ac1d..c055a3662a 100644 --- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java +++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java @@ -315,11 +315,12 @@ final class AuthenticationConfigBuilder { formFilter.getPropertyValues().addPropertyValue("allowSessionCreation", this.allowSessionCreation); formFilter.getPropertyValues().addPropertyValue("authenticationManager", authManager); if (authenticationFilterSecurityContextRepositoryRef != null) { - formFilter.getPropertyValues().addPropertyValue("securityContextRepository", - authenticationFilterSecurityContextRepositoryRef); + formFilter.getPropertyValues() + .addPropertyValue("securityContextRepository", authenticationFilterSecurityContextRepositoryRef); } - formFilter.getPropertyValues().addPropertyValue("securityContextHolderStrategy", - authenticationFilterSecurityContextHolderStrategyRef); + formFilter.getPropertyValues() + .addPropertyValue("securityContextHolderStrategy", + authenticationFilterSecurityContextHolderStrategyRef); // Id is required by login page filter this.formFilterId = this.pc.getReaderContext().generateBeanName(formFilter); this.pc.registerBeanComponent(new BeanComponentDefinition(formFilter, this.formFilterId)); @@ -353,8 +354,8 @@ final class AuthenticationConfigBuilder { registerDefaultAuthorizedClientRepositoryIfNecessary(defaultAuthorizedClientRepository); oauth2LoginFilterBean.getPropertyValues().addPropertyValue("authenticationManager", authManager); if (authenticationFilterSecurityContextRepositoryRef != null) { - oauth2LoginFilterBean.getPropertyValues().addPropertyValue("securityContextRepository", - authenticationFilterSecurityContextRepositoryRef); + oauth2LoginFilterBean.getPropertyValues() + .addPropertyValue("securityContextRepository", authenticationFilterSecurityContextRepositoryRef); } // retrieve the other bean result @@ -366,7 +367,7 @@ final class AuthenticationConfigBuilder { String oauth2LoginAuthProviderId = this.pc.getReaderContext().generateBeanName(oauth2LoginAuthProvider); this.oauth2LoginFilterId = this.pc.getReaderContext().generateBeanName(oauth2LoginFilterBean); String oauth2AuthorizationRequestRedirectFilterId = this.pc.getReaderContext() - .generateBeanName(this.oauth2AuthorizationRequestRedirectFilter); + .generateBeanName(this.oauth2AuthorizationRequestRedirectFilter); this.oauth2LoginLinks = parser.getOAuth2LoginLinks(); // register the component @@ -401,17 +402,17 @@ final class AuthenticationConfigBuilder { registerDefaultAuthorizedClientRepositoryIfNecessary(defaultAuthorizedClientRepository); this.authorizationRequestRedirectFilter = parser.getAuthorizationRequestRedirectFilter(); String authorizationRequestRedirectFilterId = this.pc.getReaderContext() - .generateBeanName(this.authorizationRequestRedirectFilter); + .generateBeanName(this.authorizationRequestRedirectFilter); this.pc.registerBeanComponent(new BeanComponentDefinition(this.authorizationRequestRedirectFilter, authorizationRequestRedirectFilterId)); this.authorizationCodeGrantFilter = parser.getAuthorizationCodeGrantFilter(); String authorizationCodeGrantFilterId = this.pc.getReaderContext() - .generateBeanName(this.authorizationCodeGrantFilter); + .generateBeanName(this.authorizationCodeGrantFilter); this.pc.registerBeanComponent( new BeanComponentDefinition(this.authorizationCodeGrantFilter, authorizationCodeGrantFilterId)); BeanDefinition authorizationCodeAuthenticationProvider = parser.getAuthorizationCodeAuthenticationProvider(); String authorizationCodeAuthenticationProviderId = this.pc.getReaderContext() - .generateBeanName(authorizationCodeAuthenticationProvider); + .generateBeanName(authorizationCodeAuthenticationProvider); this.pc.registerBeanComponent(new BeanComponentDefinition(authorizationCodeAuthenticationProvider, authorizationCodeAuthenticationProviderId)); this.authorizationCodeAuthenticationProviderRef = new RuntimeBeanReference( @@ -421,7 +422,7 @@ final class AuthenticationConfigBuilder { void registerDefaultAuthorizedClientRepositoryIfNecessary(BeanDefinition defaultAuthorizedClientRepository) { if (!this.defaultAuthorizedClientRepositoryRegistered && defaultAuthorizedClientRepository != null) { String authorizedClientRepositoryId = this.pc.getReaderContext() - .generateBeanName(defaultAuthorizedClientRepository); + .generateBeanName(defaultAuthorizedClientRepository); this.pc.registerBeanComponent( new BeanComponentDefinition(defaultAuthorizedClientRepository, authorizedClientRepositoryId)); this.defaultAuthorizedClientRepositoryRegistered = true; @@ -436,7 +437,7 @@ final class AuthenticationConfigBuilder { getClass().getClassLoader()); if (webmvcPresent) { this.pc.getReaderContext() - .registerWithGeneratedName(new RootBeanDefinition(OAuth2ClientWebMvcSecurityPostProcessor.class)); + .registerWithGeneratedName(new RootBeanDefinition(OAuth2ClientWebMvcSecurityPostProcessor.class)); } } @@ -451,8 +452,8 @@ final class AuthenticationConfigBuilder { openIDFilter.getPropertyValues().addPropertyValue("allowSessionCreation", this.allowSessionCreation); openIDFilter.getPropertyValues().addPropertyValue("authenticationManager", authManager); if (authenticationFilterSecurityContextRepositoryRef != null) { - openIDFilter.getPropertyValues().addPropertyValue("securityContextRepository", - authenticationFilterSecurityContextRepositoryRef); + openIDFilter.getPropertyValues() + .addPropertyValue("securityContextRepository", authenticationFilterSecurityContextRepositoryRef); } // Required by login page filter this.openIDFilterId = this.pc.getReaderContext().generateBeanName(openIDFilter); @@ -477,7 +478,7 @@ final class AuthenticationConfigBuilder { this.saml2AuthenticationFilterId = this.pc.getReaderContext().generateBeanName(saml2WebSsoAuthenticationFilter); this.saml2AuthenticationRequestFilterId = this.pc.getReaderContext() - .generateBeanName(this.saml2AuthorizationRequestFilter); + .generateBeanName(this.saml2AuthorizationRequestFilter); this.saml2AuthenticationUrlToProviderName = parser.getSaml2AuthenticationUrlToProviderName(); // register the component @@ -520,8 +521,9 @@ final class AuthenticationConfigBuilder { String identifierMatch = attrExElt.getAttribute("identifier-match"); if (!StringUtils.hasText(identifierMatch)) { if (attrExElts.size() > 1) { - this.pc.getReaderContext().error("You must supply an identifier-match attribute if using more" - + " than one " + Elements.OPENID_ATTRIBUTE_EXCHANGE + " element", attrExElt); + this.pc.getReaderContext() + .error("You must supply an identifier-match attribute if using more" + " than one " + + Elements.OPENID_ATTRIBUTE_EXCHANGE + " element", attrExElt); } // Match anything identifierMatch = ".*"; @@ -559,7 +561,7 @@ final class AuthenticationConfigBuilder { private void createOpenIDProvider() { Element openIDLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.OPENID_LOGIN); BeanDefinitionBuilder openIDProviderBuilder = BeanDefinitionBuilder - .rootBeanDefinition(OPEN_ID_AUTHENTICATION_PROVIDER_CLASS); + .rootBeanDefinition(OPEN_ID_AUTHENTICATION_PROVIDER_CLASS); RootBeanDefinition uds = new RootBeanDefinition(); uds.setFactoryBeanName(BeanIds.USER_DETAILS_SERVICE_FACTORY); uds.setFactoryMethodName("authenticationUserDetailsService"); @@ -572,8 +574,8 @@ final class AuthenticationConfigBuilder { private void injectRememberMeServicesRef(RootBeanDefinition bean, String rememberMeServicesId) { if (rememberMeServicesId != null) { - bean.getPropertyValues().addPropertyValue("rememberMeServices", - new RuntimeBeanReference(rememberMeServicesId)); + bean.getPropertyValues() + .addPropertyValue("rememberMeServices", new RuntimeBeanReference(rememberMeServicesId)); } } @@ -631,7 +633,7 @@ final class AuthenticationConfigBuilder { RootBeanDefinition filter = null; if (x509Elt != null) { BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder - .rootBeanDefinition(X509AuthenticationFilter.class); + .rootBeanDefinition(X509AuthenticationFilter.class); filterBuilder.getRawBeanDefinition().setSource(this.pc.extractSource(x509Elt)); filterBuilder.addPropertyValue("authenticationManager", authManager); filterBuilder.addPropertyValue("securityContextHolderStrategy", @@ -639,7 +641,7 @@ final class AuthenticationConfigBuilder { String regex = x509Elt.getAttribute("subject-principal-regex"); if (StringUtils.hasText(regex)) { BeanDefinitionBuilder extractor = BeanDefinitionBuilder - .rootBeanDefinition(SubjectDnX509PrincipalExtractor.class); + .rootBeanDefinition(SubjectDnX509PrincipalExtractor.class); extractor.addPropertyValue("subjectDnRegex", regex); filterBuilder.addPropertyValue("principalExtractor", extractor.getBeanDefinition()); } @@ -682,13 +684,13 @@ final class AuthenticationConfigBuilder { RootBeanDefinition filter = null; if (jeeElt != null) { BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder - .rootBeanDefinition(J2eePreAuthenticatedProcessingFilter.class); + .rootBeanDefinition(J2eePreAuthenticatedProcessingFilter.class); filterBuilder.getRawBeanDefinition().setSource(this.pc.extractSource(jeeElt)); filterBuilder.addPropertyValue("authenticationManager", authManager); filterBuilder.addPropertyValue("securityContextHolderStrategy", authenticationFilterSecurityContextHolderStrategyRef); BeanDefinitionBuilder adsBldr = BeanDefinitionBuilder - .rootBeanDefinition(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class); + .rootBeanDefinition(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class); adsBldr.addPropertyValue("userRoles2GrantedAuthoritiesMapper", new RootBeanDefinition(SimpleAttributes2GrantedAuthoritiesMapper.class)); String roles = jeeElt.getAttribute(ATT_MAPPABLE_ROLES); @@ -697,8 +699,8 @@ final class AuthenticationConfigBuilder { rolesBuilder.addConstructorArgValue(roles); rolesBuilder.setFactoryMethod("commaDelimitedListToSet"); RootBeanDefinition mappableRolesRetriever = new RootBeanDefinition(SimpleMappableAttributesRetriever.class); - mappableRolesRetriever.getPropertyValues().addPropertyValue("mappableAttributes", - rolesBuilder.getBeanDefinition()); + mappableRolesRetriever.getPropertyValues() + .addPropertyValue("mappableAttributes", rolesBuilder.getBeanDefinition()); adsBldr.addPropertyValue("mappableRolesRetriever", mappableRolesRetriever); filterBuilder.addPropertyValue("authenticationDetailsSource", adsBldr.getBeanDefinition()); filter = (RootBeanDefinition) filterBuilder.getBeanDefinition(); @@ -733,11 +735,11 @@ final class AuthenticationConfigBuilder { this.logger.info("No login page configured. The default internal one will be used. Use the '" + FormLoginBeanDefinitionParser.ATT_LOGIN_PAGE + "' attribute to set the URL of the login page."); BeanDefinitionBuilder loginPageFilter = BeanDefinitionBuilder - .rootBeanDefinition(DefaultLoginPageGeneratingFilter.class); + .rootBeanDefinition(DefaultLoginPageGeneratingFilter.class); loginPageFilter.addPropertyValue("resolveHiddenInputs", new CsrfTokenHiddenInputFunction()); BeanDefinitionBuilder logoutPageFilter = BeanDefinitionBuilder - .rootBeanDefinition(DefaultLogoutPageGeneratingFilter.class); + .rootBeanDefinition(DefaultLogoutPageGeneratingFilter.class); logoutPageFilter.addPropertyValue("resolveHiddenInputs", new CsrfTokenHiddenInputFunction()); if (this.formFilterId != null) { loginPageFilter.addConstructorArgReference(this.formFilterId); @@ -856,10 +858,10 @@ final class AuthenticationConfigBuilder { this.anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class); this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key); this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username); - this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, - AuthorityUtils.commaSeparatedStringToAuthorityList(grantedAuthority)); - this.anonymousFilter.getPropertyValues().addPropertyValue("securityContextHolderStrategy", - authenticationFilterSecurityContextHolderStrategyRef); + this.anonymousFilter.getConstructorArgumentValues() + .addIndexedArgumentValue(2, AuthorityUtils.commaSeparatedStringToAuthorityList(grantedAuthority)); + this.anonymousFilter.getPropertyValues() + .addPropertyValue("securityContextHolderStrategy", authenticationFilterSecurityContextHolderStrategyRef); this.anonymousFilter.setSource(source); RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(AnonymousAuthenticationProvider.class); anonymousProviderBean.getConstructorArgumentValues().addIndexedArgumentValue(0, key); @@ -890,16 +892,16 @@ final class AuthenticationConfigBuilder { private BeanMetadataElement createAccessDeniedHandler(Element element, ParserContext pc) { Element accessDeniedElt = DomUtils.getChildElementByTagName(element, Elements.ACCESS_DENIED_HANDLER); BeanDefinitionBuilder accessDeniedHandler = BeanDefinitionBuilder - .rootBeanDefinition(AccessDeniedHandlerImpl.class); + .rootBeanDefinition(AccessDeniedHandlerImpl.class); if (accessDeniedElt != null) { String errorPage = accessDeniedElt.getAttribute("error-page"); String ref = accessDeniedElt.getAttribute("ref"); if (StringUtils.hasText(errorPage)) { if (StringUtils.hasText(ref)) { pc.getReaderContext() - .error("The attribute " + ATT_ACCESS_DENIED_ERROR_PAGE - + " cannot be used together with the 'ref' attribute within <" - + Elements.ACCESS_DENIED_HANDLER + ">", pc.extractSource(accessDeniedElt)); + .error("The attribute " + ATT_ACCESS_DENIED_ERROR_PAGE + + " cannot be used together with the 'ref' attribute within <" + + Elements.ACCESS_DENIED_HANDLER + ">", pc.extractSource(accessDeniedElt)); } accessDeniedHandler.addPropertyValue("errorPage", errorPage); @@ -916,10 +918,10 @@ final class AuthenticationConfigBuilder { return this.defaultDeniedHandlerMappings.values().iterator().next(); } accessDeniedHandler = BeanDefinitionBuilder - .rootBeanDefinition(RequestMatcherDelegatingAccessDeniedHandler.class); + .rootBeanDefinition(RequestMatcherDelegatingAccessDeniedHandler.class); accessDeniedHandler.addConstructorArgValue(this.defaultDeniedHandlerMappings); accessDeniedHandler - .addConstructorArgValue(BeanDefinitionBuilder.rootBeanDefinition(AccessDeniedHandlerImpl.class)); + .addConstructorArgValue(BeanDefinitionBuilder.rootBeanDefinition(AccessDeniedHandlerImpl.class)); return accessDeniedHandler.getBeanDefinition(); } @@ -935,7 +937,7 @@ final class AuthenticationConfigBuilder { return this.defaultEntryPointMappings.values().iterator().next(); } BeanDefinitionBuilder delegatingEntryPoint = BeanDefinitionBuilder - .rootBeanDefinition(DelegatingAuthenticationEntryPoint.class); + .rootBeanDefinition(DelegatingAuthenticationEntryPoint.class); delegatingEntryPoint.addConstructorArgValue(this.defaultEntryPointMappings); return delegatingEntryPoint.getBeanDefinition(); } @@ -951,9 +953,9 @@ final class AuthenticationConfigBuilder { // is used if no openID login page // has been set. if (this.formLoginPage != null && this.openIDLoginPage != null) { - this.pc.getReaderContext().error( - "Only one login-page can be defined, either for OpenID or form-login, " + "but not both.", - this.pc.extractSource(openIDLoginElt)); + this.pc.getReaderContext() + .error("Only one login-page can be defined, either for OpenID or form-login, " + "but not both.", + this.pc.extractSource(openIDLoginElt)); } if (this.formFilterId != null && this.openIDLoginPage == null) { // If form login was enabled through element and Oauth2 login was enabled from @@ -980,10 +982,11 @@ final class AuthenticationConfigBuilder { if (this.oauth2LoginEntryPoint != null) { return this.oauth2LoginEntryPoint; } - this.pc.getReaderContext().error("No AuthenticationEntryPoint could be established. Please " - + "make sure you have a login mechanism configured through the namespace (such as form-login) or " - + "specify a custom AuthenticationEntryPoint with the '" + ATT_ENTRY_POINT_REF + "' attribute ", - this.pc.extractSource(this.httpElt)); + this.pc.getReaderContext() + .error("No AuthenticationEntryPoint could be established. Please " + + "make sure you have a login mechanism configured through the namespace (such as form-login) or " + + "specify a custom AuthenticationEntryPoint with the '" + ATT_ENTRY_POINT_REF + "' attribute ", + this.pc.extractSource(this.httpElt)); return null; } @@ -1025,8 +1028,8 @@ final class AuthenticationConfigBuilder { SecurityFilters.OAUTH2_AUTHORIZATION_REQUEST_FILTER)); } if (this.openIDFilterId != null) { - filters.add( - new OrderDecorator(new RuntimeBeanReference(this.openIDFilterId), SecurityFilters.OPENID_FILTER)); + filters + .add(new OrderDecorator(new RuntimeBeanReference(this.openIDFilterId), SecurityFilters.OPENID_FILTER)); } if (this.loginPageGenerationFilter != null) { filters.add(new OrderDecorator(this.loginPageGenerationFilter, SecurityFilters.LOGIN_PAGE_FILTER)); diff --git a/config/src/main/java/org/springframework/security/config/http/AuthorizationFilterParser.java b/config/src/main/java/org/springframework/security/config/http/AuthorizationFilterParser.java index 39d9e2e531..2ce77deee3 100644 --- a/config/src/main/java/org/springframework/security/config/http/AuthorizationFilterParser.java +++ b/config/src/main/java/org/springframework/security/config/http/AuthorizationFilterParser.java @@ -73,13 +73,14 @@ class AuthorizationFilterParser implements BeanDefinitionParser { @Override public BeanDefinition parse(Element element, ParserContext parserContext) { if (!isUseExpressions(element)) { - parserContext.getReaderContext().error("AuthorizationManager must be used with `use-expressions=\"true\"", - element); + parserContext.getReaderContext() + .error("AuthorizationManager must be used with `use-expressions=\"true\"", element); return null; } if (StringUtils.hasText(element.getAttribute(ATT_ACCESS_DECISION_MANAGER_REF))) { - parserContext.getReaderContext().error( - "AuthorizationManager cannot be used in conjunction with `access-decision-manager-ref`", element); + parserContext.getReaderContext() + .error("AuthorizationManager cannot be used in conjunction with `access-decision-manager-ref`", + element); return null; } this.authorizationManagerRef = createAuthorizationManager(element, parserContext); @@ -90,8 +91,8 @@ class AuthorizationFilterParser implements BeanDefinitionParser { filterBuilder.addPropertyValue("shouldFilterAllDispatcherTypes", Boolean.TRUE); } BeanDefinition filter = filterBuilder - .addPropertyValue("securityContextHolderStrategy", this.securityContextHolderStrategy) - .getBeanDefinition(); + .addPropertyValue("securityContextHolderStrategy", this.securityContextHolderStrategy) + .getBeanDefinition(); String id = element.getAttribute(AbstractBeanDefinitionParser.ID_ATTRIBUTE); if (StringUtils.hasText(id)) { parserContext.registerComponent(new BeanComponentDefinition(filter, id)); @@ -121,14 +122,14 @@ class AuthorizationFilterParser implements BeanDefinitionParser { for (Element interceptMessage : interceptMessages) { String accessExpression = interceptMessage.getAttribute(ATT_ACCESS); BeanDefinitionBuilder authorizationManager = BeanDefinitionBuilder - .rootBeanDefinition(WebExpressionAuthorizationManager.class); + .rootBeanDefinition(WebExpressionAuthorizationManager.class); authorizationManager.addPropertyReference("expressionHandler", expressionHandlerRef); authorizationManager.addConstructorArgValue(accessExpression); BeanMetadataElement matcher = createMatcher(matcherType, interceptMessage, parserContext); matcherToExpression.put(matcher, authorizationManager.getBeanDefinition()); } BeanDefinitionBuilder mds = BeanDefinitionBuilder - .rootBeanDefinition(RequestMatcherDelegatingAuthorizationManagerFactory.class); + .rootBeanDefinition(RequestMatcherDelegatingAuthorizationManagerFactory.class); mds.setFactoryMethod("createRequestMatcherDelegatingAuthorizationManager"); mds.addConstructorArgValue(matcherToExpression); return context.registerWithGeneratedName(mds.getBeanDefinition()); @@ -150,8 +151,9 @@ class AuthorizationFilterParser implements BeanDefinitionParser { servletPath = null; } else if (!MatcherType.mvc.equals(matcherType)) { - parserContext.getReaderContext().error( - ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'", urlElt); + parserContext.getReaderContext() + .error(ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'", + urlElt); } return hasMatcherRef ? new RuntimeBeanReference(matcherRef) : matcherType.createMatcher(parserContext, path, method, servletPath); @@ -175,9 +177,9 @@ class AuthorizationFilterParser implements BeanDefinitionParser { private static AuthorizationManager createRequestMatcherDelegatingAuthorizationManager( Map> beans) { RequestMatcherDelegatingAuthorizationManager.Builder builder = RequestMatcherDelegatingAuthorizationManager - .builder(); + .builder(); for (Map.Entry> entry : beans - .entrySet()) { + .entrySet()) { builder.add(entry.getKey(), entry.getValue()); } return builder.add(AnyRequestMatcher.INSTANCE, AuthenticatedAuthorizationManager.authenticated()).build(); diff --git a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java index ac3f40dd94..40c4dd7d58 100644 --- a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java @@ -104,7 +104,7 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser { if (!StringUtils.hasText(this.csrfRepositoryRef)) { RootBeanDefinition csrfTokenRepository = new RootBeanDefinition(HttpSessionCsrfTokenRepository.class); BeanDefinitionBuilder lazyTokenRepository = BeanDefinitionBuilder - .rootBeanDefinition(LazyCsrfTokenRepository.class); + .rootBeanDefinition(LazyCsrfTokenRepository.class); lazyTokenRepository.addConstructorArgValue(csrfTokenRepository); this.csrfRepositoryRef = pc.getReaderContext().generateBeanName(lazyTokenRepository.getBeanDefinition()); pc.registerBeanComponent( @@ -154,11 +154,11 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser { } ManagedMap, BeanDefinition> handlers = new ManagedMap<>(); BeanDefinitionBuilder invalidSessionHandlerBldr = BeanDefinitionBuilder - .rootBeanDefinition(InvalidSessionAccessDeniedHandler.class); + .rootBeanDefinition(InvalidSessionAccessDeniedHandler.class); invalidSessionHandlerBldr.addConstructorArgValue(invalidSessionStrategy); handlers.put(MissingCsrfTokenException.class, invalidSessionHandlerBldr.getBeanDefinition()); BeanDefinitionBuilder deniedBldr = BeanDefinitionBuilder - .rootBeanDefinition(DelegatingAccessDeniedHandler.class); + .rootBeanDefinition(DelegatingAccessDeniedHandler.class); deniedBldr.addConstructorArgValue(handlers); deniedBldr.addConstructorArgValue(defaultDeniedHandler); return deniedBldr.getBeanDefinition(); @@ -166,14 +166,14 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser { BeanDefinition getCsrfAuthenticationStrategy() { BeanDefinitionBuilder csrfAuthenticationStrategy = BeanDefinitionBuilder - .rootBeanDefinition(CsrfAuthenticationStrategy.class); + .rootBeanDefinition(CsrfAuthenticationStrategy.class); csrfAuthenticationStrategy.addConstructorArgReference(this.csrfRepositoryRef); return csrfAuthenticationStrategy.getBeanDefinition(); } BeanDefinition getCsrfLogoutHandler() { BeanDefinitionBuilder csrfAuthenticationStrategy = BeanDefinitionBuilder - .rootBeanDefinition(CsrfLogoutHandler.class); + .rootBeanDefinition(CsrfLogoutHandler.class); csrfAuthenticationStrategy.addConstructorArgReference(this.csrfRepositoryRef); return csrfAuthenticationStrategy.getBeanDefinition(); } diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java index 6951d33555..f86c15b351 100644 --- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java +++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java @@ -151,7 +151,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain return; } String loginPage = ((LoginUrlAuthenticationEntryPoint) exceptions.getAuthenticationEntryPoint()) - .getLoginFormUrl(); + .getLoginFormUrl(); this.logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration"); FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST"); List filters = null; @@ -220,7 +220,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain AuthorizationFilter authorizationFilter = getFilter(AuthorizationFilter.class, filters); if (authorizationFilter != null) { AuthorizationManager authorizationManager = authorizationFilter - .getAuthorizationManager(); + .getAuthorizationManager(); try { AuthorizationDecision decision = authorizationManager.check(() -> TEST, loginRequest.getHttpRequest()); return decision != null && decision.isGranted(); @@ -252,7 +252,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain if (authorizationFilter != null) { return () -> { AuthorizationManager authorizationManager = authorizationFilter - .getAuthorizationManager(); + .getAuthorizationManager(); AuthorizationDecision decision = authorizationManager.check(() -> token, loginRequest.getHttpRequest()); return decision != null && decision.isGranted(); }; diff --git a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java index 842ac8799f..39beb5aeb3 100644 --- a/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java +++ b/config/src/main/java/org/springframework/security/config/http/FilterChainMapBeanDefinitionDecorator.java @@ -53,13 +53,14 @@ public class FilterChainMapBeanDefinitionDecorator implements BeanDefinitionDeco String path = chain.getAttribute(HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN); String filters = chain.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS); if (!StringUtils.hasText(path)) { - parserContext.getReaderContext().error( - "The attribute '" + HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN + "' must not be empty", - elt); + parserContext.getReaderContext() + .error("The attribute '" + HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN + + "' must not be empty", elt); } if (!StringUtils.hasText(filters)) { - parserContext.getReaderContext().error( - "The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS + "'must not be empty", elt); + parserContext.getReaderContext() + .error("The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS + "'must not be empty", + elt); } BeanDefinition matcher = matcherType.createMatcher(parserContext, path, null); if (filters.equals(HttpSecurityBeanDefinitionParser.OPT_FILTERS_NONE)) { diff --git a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java index d6a06696a9..7f88b986dc 100644 --- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java +++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java @@ -69,17 +69,18 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit // Check for attributes that aren't allowed in this context for (Element elt : interceptUrls) { if (StringUtils.hasLength(elt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL))) { - parserContext.getReaderContext().error("The attribute '" - + HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL + "' isn't allowed here.", elt); + parserContext.getReaderContext() + .error("The attribute '" + HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL + + "' isn't allowed here.", elt); } if (StringUtils.hasLength(elt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS))) { - parserContext.getReaderContext().error( - "The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS + "' isn't allowed here.", - elt); + parserContext.getReaderContext() + .error("The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS + "' isn't allowed here.", + elt); } if (StringUtils.hasLength(elt.getAttribute(ATT_SERVLET_PATH))) { - parserContext.getReaderContext().error("The attribute '" + ATT_SERVLET_PATH + "' isn't allowed here.", - elt); + parserContext.getReaderContext() + .error("The attribute '" + ATT_SERVLET_PATH + "' isn't allowed here.", elt); } } BeanDefinition mds = createSecurityMetadataSource(interceptUrls, false, element, parserContext); @@ -110,7 +111,7 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit expressionHandlerRef = registerDefaultExpressionHandler(pc); } fidsBuilder = BeanDefinitionBuilder - .rootBeanDefinition(ExpressionBasedFilterInvocationSecurityMetadataSource.class); + .rootBeanDefinition(ExpressionBasedFilterInvocationSecurityMetadataSource.class); fidsBuilder.addConstructorArgValue(requestToAttributesMap); fidsBuilder.addConstructorArgReference(expressionHandlerRef); } @@ -159,9 +160,9 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit servletPath = null; } else if (!MatcherType.mvc.equals(matcherType)) { - parserContext.getReaderContext().error( - ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'", - urlElt); + parserContext.getReaderContext() + .error(ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'", + urlElt); } BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef) : matcherType.createMatcher(parserContext, path, method, servletPath); diff --git a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java index e29bed8283..e2cb9f988e 100644 --- a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java @@ -159,7 +159,7 @@ public class FormLoginBeanDefinitionParser { } this.filterBean.setSource(source); BeanDefinitionBuilder entryPointBuilder = BeanDefinitionBuilder - .rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class); + .rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class); entryPointBuilder.getRawBeanDefinition().setSource(source); entryPointBuilder.addConstructorArgValue((this.loginPage != null) ? this.loginPage : DEF_LOGIN_PAGE); entryPointBuilder.addPropertyValue("portMapper", this.portMapper); @@ -178,7 +178,7 @@ public class FormLoginBeanDefinitionParser { } this.loginProcessingUrl = loginUrl; BeanDefinitionBuilder matcherBuilder = BeanDefinitionBuilder - .rootBeanDefinition("org.springframework.security.web.util.matcher.AntPathRequestMatcher"); + .rootBeanDefinition("org.springframework.security.web.util.matcher.AntPathRequestMatcher"); matcherBuilder.addConstructorArgValue(loginUrl); if (this.loginMethod != null) { matcherBuilder.addConstructorArgValue("POST"); @@ -189,13 +189,13 @@ public class FormLoginBeanDefinitionParser { } else if (StringUtils.hasText(authenticationSuccessForwardUrl)) { BeanDefinitionBuilder forwardSuccessHandler = BeanDefinitionBuilder - .rootBeanDefinition(ForwardAuthenticationSuccessHandler.class); + .rootBeanDefinition(ForwardAuthenticationSuccessHandler.class); forwardSuccessHandler.addConstructorArgValue(authenticationSuccessForwardUrl); filterBuilder.addPropertyValue("authenticationSuccessHandler", forwardSuccessHandler.getBeanDefinition()); } else { BeanDefinitionBuilder successHandler = BeanDefinitionBuilder - .rootBeanDefinition(SavedRequestAwareAuthenticationSuccessHandler.class); + .rootBeanDefinition(SavedRequestAwareAuthenticationSuccessHandler.class); if ("true".equals(alwaysUseDefault)) { successHandler.addPropertyValue("alwaysUseDefaultTargetUrl", Boolean.TRUE); } @@ -215,13 +215,13 @@ public class FormLoginBeanDefinitionParser { } else if (StringUtils.hasText(authenticationFailureForwardUrl)) { BeanDefinitionBuilder forwardFailureHandler = BeanDefinitionBuilder - .rootBeanDefinition(ForwardAuthenticationFailureHandler.class); + .rootBeanDefinition(ForwardAuthenticationFailureHandler.class); forwardFailureHandler.addConstructorArgValue(authenticationFailureForwardUrl); filterBuilder.addPropertyValue("authenticationFailureHandler", forwardFailureHandler.getBeanDefinition()); } else { BeanDefinitionBuilder failureHandler = BeanDefinitionBuilder - .rootBeanDefinition(SimpleUrlAuthenticationFailureHandler.class); + .rootBeanDefinition(SimpleUrlAuthenticationFailureHandler.class); if (!StringUtils.hasText(authenticationFailureUrl)) { // Fall back to re-displaying the custom login page, if one was specified. if (StringUtils.hasText(loginPage)) { diff --git a/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java b/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java index ce32607100..611e46cbfa 100644 --- a/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java +++ b/config/src/main/java/org/springframework/security/config/http/GrantedAuthorityDefaultsParserUtils.java @@ -50,10 +50,10 @@ final class GrantedAuthorityDefaultsParserUtils { @Override public final void setApplicationContext(ApplicationContext applicationContext) throws BeansException { String[] grantedAuthorityDefaultsBeanNames = applicationContext - .getBeanNamesForType(GrantedAuthorityDefaults.class); + .getBeanNamesForType(GrantedAuthorityDefaults.class); if (grantedAuthorityDefaultsBeanNames.length == 1) { GrantedAuthorityDefaults grantedAuthorityDefaults = applicationContext - .getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class); + .getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class); this.rolePrefix = grantedAuthorityDefaults.getRolePrefix(); } } diff --git a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java index 9a6ceeca9b..7f21aa777a 100644 --- a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java @@ -161,8 +161,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { parseHeaderElements(element); boolean noWriters = this.headerWriters.isEmpty(); if (disabled && !noWriters) { - parserContext.getReaderContext().error("Cannot specify with child elements.", - element); + parserContext.getReaderContext() + .error("Cannot specify with child elements.", element); } else if (noWriters) { return null; @@ -196,7 +196,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { private void addCacheControl() { BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder - .genericBeanDefinition(CacheControlHeadersWriter.class); + .genericBeanDefinition(CacheControlHeadersWriter.class); this.headerWriters.add(headersWriter.getBeanDefinition()); } @@ -313,11 +313,11 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { private void addContentSecurityPolicy(Element contentSecurityPolicyElement, ParserContext context) { BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder - .genericBeanDefinition(ContentSecurityPolicyHeaderWriter.class); + .genericBeanDefinition(ContentSecurityPolicyHeaderWriter.class); String policyDirectives = contentSecurityPolicyElement.getAttribute(ATT_POLICY_DIRECTIVES); if (!StringUtils.hasText(policyDirectives)) { - context.getReaderContext().error(ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.", - contentSecurityPolicyElement); + context.getReaderContext() + .error(ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.", contentSecurityPolicyElement); } else { headersWriter.addConstructorArgValue(policyDirectives); @@ -339,7 +339,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { private void addReferrerPolicy(Element referrerPolicyElement, ParserContext context) { BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder - .genericBeanDefinition(ReferrerPolicyHeaderWriter.class); + .genericBeanDefinition(ReferrerPolicyHeaderWriter.class); String policy = referrerPolicyElement.getAttribute(ATT_POLICY); if (StringUtils.hasLength(policy)) { headersWriter.addConstructorArgValue(ReferrerPolicy.get(policy)); @@ -357,11 +357,11 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { private void addFeaturePolicy(Element featurePolicyElement, ParserContext context) { BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder - .genericBeanDefinition(FeaturePolicyHeaderWriter.class); + .genericBeanDefinition(FeaturePolicyHeaderWriter.class); String policyDirectives = featurePolicyElement.getAttribute(ATT_POLICY_DIRECTIVES); if (!StringUtils.hasText(policyDirectives)) { - context.getReaderContext().error(ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.", - featurePolicyElement); + context.getReaderContext() + .error(ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.", featurePolicyElement); } else { headersWriter.addConstructorArgValue(policyDirectives); @@ -379,7 +379,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { private void addPermissionsPolicy(Element permissionsPolicyElement, ParserContext context) { BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder - .genericBeanDefinition(PermissionsPolicyHeaderWriter.class); + .genericBeanDefinition(PermissionsPolicyHeaderWriter.class); String policyDirectives = permissionsPolicyElement.getAttribute(ATT_POLICY); if (!StringUtils.hasText(policyDirectives)) { context.getReaderContext().error(ATT_POLICY + " requires a 'value' to be set.", permissionsPolicyElement); @@ -401,7 +401,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { addCrossOriginOpenerPolicy(crossOriginOpenerPolicyElement, writer); } BeanDefinitionBuilder builder = BeanDefinitionBuilder - .genericBeanDefinition(CrossOriginOpenerPolicyHeaderWriter.class, () -> writer); + .genericBeanDefinition(CrossOriginOpenerPolicyHeaderWriter.class, () -> writer); this.headerWriters.add(builder.getBeanDefinition()); } @@ -416,7 +416,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { addCrossOriginEmbedderPolicy(crossOriginEmbedderPolicyElement, writer); } BeanDefinitionBuilder builder = BeanDefinitionBuilder - .genericBeanDefinition(CrossOriginEmbedderPolicyHeaderWriter.class, () -> writer); + .genericBeanDefinition(CrossOriginEmbedderPolicyHeaderWriter.class, () -> writer); this.headerWriters.add(builder.getBeanDefinition()); } @@ -431,7 +431,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { addCrossOriginResourcePolicy(crossOriginResourcePolicyElement, writer); } BeanDefinitionBuilder builder = BeanDefinitionBuilder - .genericBeanDefinition(CrossOriginResourcePolicyHeaderWriter.class, () -> writer); + .genericBeanDefinition(CrossOriginResourcePolicyHeaderWriter.class, () -> writer); this.headerWriters.add(builder.getBeanDefinition()); } @@ -460,8 +460,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { } private void attrNotAllowed(ParserContext context, String attrName, String otherAttrName, Element element) { - context.getReaderContext().error("Only one of '" + attrName + "' or '" + otherAttrName + "' can be set.", - element); + context.getReaderContext() + .error("Only one of '" + attrName + "' or '" + otherAttrName + "' can be set.", element); } private void parseHeaderElements(Element element) { @@ -495,7 +495,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { private void addContentTypeOptions() { BeanDefinitionBuilder builder = BeanDefinitionBuilder - .genericBeanDefinition(XContentTypeOptionsHeaderWriter.class); + .genericBeanDefinition(XContentTypeOptionsHeaderWriter.class); this.headerWriters.add(builder.getBeanDefinition()); } @@ -531,8 +531,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { String strategyRef = getAttribute(frameElement, ATT_REF, null); String strategy = getAttribute(frameElement, ATT_STRATEGY, null); if (StringUtils.hasText(strategy) && StringUtils.hasText(strategyRef)) { - parserContext.getReaderContext().error("Only one of 'strategy' or 'strategy-ref' can be set.", - frameElement); + parserContext.getReaderContext() + .error("Only one of 'strategy' or 'strategy-ref' can be set.", frameElement); return; } if (strategyRef != null) { @@ -554,8 +554,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { builder.addConstructorArgValue(new StaticAllowFromStrategy(new URI(value))); } catch (URISyntaxException ex) { - parserContext.getReaderContext().error("'value' attribute doesn't represent a valid URI.", frameElement, - ex); + parserContext.getReaderContext() + .error("'value' attribute doesn't represent a valid URI.", frameElement, ex); } return; } @@ -568,7 +568,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { private BeanDefinitionBuilder getAllowFromStrategy(String strategy, String value) { if ("whitelist".equals(strategy)) { BeanDefinitionBuilder allowFromStrategy = BeanDefinitionBuilder - .rootBeanDefinition(WhiteListedAllowFromStrategy.class); + .rootBeanDefinition(WhiteListedAllowFromStrategy.class); allowFromStrategy.addConstructorArgValue(StringUtils.commaDelimitedListToSet(value)); return allowFromStrategy; } @@ -598,7 +598,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { builder.addPropertyValue("block", block); } XXssProtectionHeaderWriter.HeaderValue headerValue = XXssProtectionHeaderWriter.HeaderValue - .from(xssElt.getAttribute(ATT_HEADER_VALUE)); + .from(xssElt.getAttribute(ATT_HEADER_VALUE)); if (headerValue != null) { if (disabled) { attrNotAllowed(parserContext, ATT_HEADER_VALUE, ATT_DISABLED, xssElt); diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java index 32c2fd9d73..4d7992d554 100644 --- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java +++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java @@ -336,14 +336,14 @@ class HttpConfigurationBuilder { private void createSecurityContextPersistenceFilter() { BeanDefinitionBuilder scpf = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextPersistenceFilter.class); switch (this.sessionPolicy) { - case ALWAYS: - scpf.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE); - break; - case NEVER: - scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE); - break; - default: - scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE); + case ALWAYS: + scpf.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE); + break; + case NEVER: + scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE); + break; + default: + scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE); } scpf.addPropertyValue("securityContextHolderStrategy", this.holderStrategyRef); scpf.addConstructorArgValue(this.contextRepoRef); @@ -358,7 +358,7 @@ class HttpConfigurationBuilder { return; } this.holderStrategyRef = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextHolderStrategyFactory.class) - .getBeanDefinition(); + .getBeanDefinition(); } private void createSecurityContextRepository() { @@ -371,14 +371,14 @@ class HttpConfigurationBuilder { else { contextRepo = BeanDefinitionBuilder.rootBeanDefinition(HttpSessionSecurityContextRepository.class); switch (this.sessionPolicy) { - case ALWAYS: - contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE); - break; - case NEVER: - contextRepo.addPropertyValue("allowSessionCreation", Boolean.FALSE); - break; - default: - contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE); + case ALWAYS: + contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE); + break; + case NEVER: + contextRepo.addPropertyValue("allowSessionCreation", Boolean.FALSE); + break; + default: + contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE); } if (isDisableUrlRewriting()) { contextRepo.addPropertyValue("disableUrlRewriting", Boolean.TRUE); @@ -417,9 +417,9 @@ class HttpConfigurationBuilder { if (sessionMgmtElt != null) { if (this.sessionPolicy == SessionCreationPolicy.STATELESS) { this.pc.getReaderContext() - .error(Elements.SESSION_MANAGEMENT + " cannot be used" + " in combination with " - + ATT_CREATE_SESSION + "='" + SessionCreationPolicy.STATELESS + "'", - this.pc.extractSource(sessionMgmtElt)); + .error(Elements.SESSION_MANAGEMENT + " cannot be used" + " in combination with " + + ATT_CREATE_SESSION + "='" + SessionCreationPolicy.STATELESS + "'", + this.pc.extractSource(sessionMgmtElt)); } sessionFixationAttribute = sessionMgmtElt.getAttribute(ATT_SESSION_FIXATION_PROTECTION); invalidSessionUrl = sessionMgmtElt.getAttribute(ATT_INVALID_SESSION_URL); @@ -430,15 +430,14 @@ class HttpConfigurationBuilder { sessionControlEnabled = sessionCtrlElt != null; if (StringUtils.hasText(invalidSessionUrl) && StringUtils.hasText(invalidSessionStrategyRef)) { this.pc.getReaderContext() - .error(ATT_INVALID_SESSION_URL + " attribute cannot be used in combination with" + " the " - + ATT_INVALID_SESSION_STRATEGY_REF + " attribute.", sessionMgmtElt); + .error(ATT_INVALID_SESSION_URL + " attribute cannot be used in combination with" + " the " + + ATT_INVALID_SESSION_STRATEGY_REF + " attribute.", sessionMgmtElt); } if (sessionControlEnabled) { if (StringUtils.hasText(sessionAuthStratRef)) { this.pc.getReaderContext() - .error(ATT_SESSION_AUTH_STRATEGY_REF + " attribute cannot be used" - + " in combination with <" + Elements.CONCURRENT_SESSIONS + ">", - this.pc.extractSource(sessionCtrlElt)); + .error(ATT_SESSION_AUTH_STRATEGY_REF + " attribute cannot be used" + " in combination with <" + + Elements.CONCURRENT_SESSIONS + ">", this.pc.extractSource(sessionCtrlElt)); } createConcurrencyControlFilterAndSessionRegistry(sessionCtrlElt); } @@ -448,8 +447,9 @@ class HttpConfigurationBuilder { sessionFixationAttribute = OPT_CHANGE_SESSION_ID; } else if (StringUtils.hasText(sessionAuthStratRef)) { - this.pc.getReaderContext().error(ATT_SESSION_FIXATION_PROTECTION + " attribute cannot be used" - + " in combination with " + ATT_SESSION_AUTH_STRATEGY_REF, this.pc.extractSource(sessionMgmtElt)); + this.pc.getReaderContext() + .error(ATT_SESSION_FIXATION_PROTECTION + " attribute cannot be used" + " in combination with " + + ATT_SESSION_AUTH_STRATEGY_REF, this.pc.extractSource(sessionMgmtElt)); } if (this.sessionPolicy == SessionCreationPolicy.STATELESS) { @@ -457,7 +457,7 @@ class HttpConfigurationBuilder { return; } boolean sessionFixationProtectionRequired = !sessionFixationAttribute - .equals(OPT_SESSION_FIXATION_NO_PROTECTION); + .equals(OPT_SESSION_FIXATION_NO_PROTECTION); ManagedList delegateSessionStrategies = new ManagedList<>(); BeanDefinitionBuilder concurrentSessionStrategy; BeanDefinitionBuilder sessionFixationStrategy = null; @@ -468,10 +468,11 @@ class HttpConfigurationBuilder { if (sessionControlEnabled) { Assert.state(this.sessionRegistryRef != null, "No sessionRegistryRef found"); concurrentSessionStrategy = BeanDefinitionBuilder - .rootBeanDefinition(ConcurrentSessionControlAuthenticationStrategy.class); + .rootBeanDefinition(ConcurrentSessionControlAuthenticationStrategy.class); concurrentSessionStrategy.addConstructorArgValue(this.sessionRegistryRef); - String maxSessions = this.pc.getReaderContext().getEnvironment() - .resolvePlaceholders(sessionCtrlElt.getAttribute("max-sessions")); + String maxSessions = this.pc.getReaderContext() + .getEnvironment() + .resolvePlaceholders(sessionCtrlElt.getAttribute("max-sessions")); if (StringUtils.hasText(maxSessions)) { concurrentSessionStrategy.addPropertyValue("maximumSessions", maxSessions); } @@ -485,11 +486,11 @@ class HttpConfigurationBuilder { if (sessionFixationProtectionRequired || StringUtils.hasText(invalidSessionUrl)) { if (useChangeSessionId) { sessionFixationStrategy = BeanDefinitionBuilder - .rootBeanDefinition(ChangeSessionIdAuthenticationStrategy.class); + .rootBeanDefinition(ChangeSessionIdAuthenticationStrategy.class); } else { sessionFixationStrategy = BeanDefinitionBuilder - .rootBeanDefinition(SessionFixationProtectionStrategy.class); + .rootBeanDefinition(SessionFixationProtectionStrategy.class); } delegateSessionStrategies.add(sessionFixationStrategy.getBeanDefinition()); } @@ -498,7 +499,7 @@ class HttpConfigurationBuilder { } if (sessionControlEnabled) { registerSessionStrategy = BeanDefinitionBuilder - .rootBeanDefinition(RegisterSessionAuthenticationStrategy.class); + .rootBeanDefinition(RegisterSessionAuthenticationStrategy.class); registerSessionStrategy.addConstructorArgValue(this.sessionRegistryRef); delegateSessionStrategies.add(registerSessionStrategy.getBeanDefinition()); } @@ -507,7 +508,7 @@ class HttpConfigurationBuilder { return; } BeanDefinitionBuilder sessionMgmtFilter = BeanDefinitionBuilder - .rootBeanDefinition(SessionManagementFilter.class); + .rootBeanDefinition(SessionManagementFilter.class); RootBeanDefinition failureHandler = new RootBeanDefinition(SimpleUrlAuthenticationFailureHandler.class); if (StringUtils.hasText(errorUrl)) { failureHandler.getPropertyValues().addPropertyValue("defaultFailureUrl", errorUrl); @@ -523,7 +524,7 @@ class HttpConfigurationBuilder { } if (!delegateSessionStrategies.isEmpty()) { BeanDefinitionBuilder sessionStrategy = BeanDefinitionBuilder - .rootBeanDefinition(CompositeSessionAuthenticationStrategy.class); + .rootBeanDefinition(CompositeSessionAuthenticationStrategy.class); BeanDefinition strategyBean = sessionStrategy.getBeanDefinition(); sessionStrategy.addConstructorArgValue(delegateSessionStrategies); sessionAuthStratRef = this.pc.getReaderContext().generateBeanName(strategyBean); @@ -531,7 +532,7 @@ class HttpConfigurationBuilder { } if (StringUtils.hasText(invalidSessionUrl)) { BeanDefinitionBuilder invalidSessionBldr = BeanDefinitionBuilder - .rootBeanDefinition(SimpleRedirectInvalidSessionStrategy.class); + .rootBeanDefinition(SimpleRedirectInvalidSessionStrategy.class); invalidSessionBldr.addConstructorArgValue(invalidSessionUrl); this.invalidSession = invalidSessionBldr.getBeanDefinition(); sessionMgmtFilter.addPropertyValue("invalidSessionStrategy", this.invalidSession); @@ -572,13 +573,13 @@ class HttpConfigurationBuilder { String expiryUrl = element.getAttribute(ATT_EXPIRY_URL); String expiredSessionStrategyRef = element.getAttribute(ATT_EXPIRED_SESSION_STRATEGY_REF); if (StringUtils.hasText(expiryUrl) && StringUtils.hasText(expiredSessionStrategyRef)) { - this.pc.getReaderContext().error( - "Cannot use 'expired-url' attribute and 'expired-session-strategy-ref'" + " attribute together.", - source); + this.pc.getReaderContext() + .error("Cannot use 'expired-url' attribute and 'expired-session-strategy-ref'" + " attribute together.", + source); } if (StringUtils.hasText(expiryUrl)) { BeanDefinitionBuilder expiredSessionBldr = BeanDefinitionBuilder - .rootBeanDefinition(SimpleRedirectSessionInformationExpiredStrategy.class); + .rootBeanDefinition(SimpleRedirectSessionInformationExpiredStrategy.class); expiredSessionBldr.addConstructorArgValue(expiryUrl); filterBuilder.addConstructorArgValue(expiredSessionBldr.getBeanDefinition()); } @@ -620,7 +621,8 @@ class HttpConfigurationBuilder { } if ("true".equals(provideJaasApi)) { this.jaasApiFilter = BeanDefinitionBuilder.rootBeanDefinition(JaasApiIntegrationFilter.class) - .addPropertyValue("securityContextHolderStrategy", this.holderStrategyRef).getBeanDefinition(); + .addPropertyValue("securityContextHolderStrategy", this.holderStrategyRef) + .getBeanDefinition(); } } @@ -631,10 +633,10 @@ class HttpConfigurationBuilder { } RootBeanDefinition channelFilter = new RootBeanDefinition(ChannelProcessingFilter.class); BeanDefinitionBuilder metadataSourceBldr = BeanDefinitionBuilder - .rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class); + .rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class); metadataSourceBldr.addConstructorArgValue(channelRequestMap); - channelFilter.getPropertyValues().addPropertyValue("securityMetadataSource", - metadataSourceBldr.getBeanDefinition()); + channelFilter.getPropertyValues() + .addPropertyValue("securityMetadataSource", metadataSourceBldr.getBeanDefinition()); RootBeanDefinition channelDecisionManager = new RootBeanDefinition(ChannelDecisionManagerImpl.class); ManagedList channelProcessors = new ManagedList<>(3); RootBeanDefinition secureChannelProcessor = new RootBeanDefinition(SecureChannelProcessor.class); @@ -700,7 +702,7 @@ class HttpConfigurationBuilder { requestCacheBldr.addPropertyValue("portResolver", this.portResolver); if (this.csrfFilter != null) { BeanDefinitionBuilder requestCacheMatcherBldr = BeanDefinitionBuilder - .rootBeanDefinition(AntPathRequestMatcher.class); + .rootBeanDefinition(AntPathRequestMatcher.class); requestCacheMatcherBldr.addConstructorArgValue("/**"); requestCacheMatcherBldr.addConstructorArgValue("GET"); requestCacheBldr.addPropertyValue("requestMatcher", requestCacheMatcherBldr.getBeanDefinition()); @@ -737,8 +739,9 @@ class HttpConfigurationBuilder { // use with // taglibs etc. BeanDefinition wipe = BeanDefinitionBuilder - .rootBeanDefinition(AuthorizationManagerWebInvocationPrivilegeEvaluator.class) - .addConstructorArgReference(authorizationFilterParser.getAuthorizationManagerRef()).getBeanDefinition(); + .rootBeanDefinition(AuthorizationManagerWebInvocationPrivilegeEvaluator.class) + .addConstructorArgReference(authorizationFilterParser.getAuthorizationManagerRef()) + .getBeanDefinition(); this.pc.registerBeanComponent( new BeanComponentDefinition(wipe, this.pc.getReaderContext().generateBeanName(wipe))); this.fsi = new RuntimeBeanReference(fsiId); @@ -747,14 +750,15 @@ class HttpConfigurationBuilder { private void createFilterSecurityInterceptor(BeanReference authManager) { boolean useExpressions = FilterInvocationSecurityMetadataSourceParser.isUseExpressions(this.httpElt); RootBeanDefinition securityMds = FilterInvocationSecurityMetadataSourceParser - .createSecurityMetadataSource(this.interceptUrls, this.addAllAuth, this.httpElt, this.pc); + .createSecurityMetadataSource(this.interceptUrls, this.addAllAuth, this.httpElt, this.pc); RootBeanDefinition accessDecisionMgr; ManagedList voters = new ManagedList<>(2); if (useExpressions) { BeanDefinitionBuilder expressionVoter = BeanDefinitionBuilder.rootBeanDefinition(WebExpressionVoter.class); // Read the expression handler from the FISMS RuntimeBeanReference expressionHandler = (RuntimeBeanReference) securityMds.getConstructorArgumentValues() - .getArgumentValue(1, RuntimeBeanReference.class).getValue(); + .getArgumentValue(1, RuntimeBeanReference.class) + .getValue(); expressionVoter.addPropertyValue("expressionHandler", expressionHandler); voters.add(expressionVoter.getBeanDefinition()); } @@ -912,7 +916,7 @@ class HttpConfigurationBuilder { private SecurityContextHolderAwareRequestFilter filter = new SecurityContextHolderAwareRequestFilter(); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); @Override public SecurityContextHolderAwareRequestFilter getBean() { diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java index 1bfe7811f2..e0c64ba264 100644 --- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java @@ -116,7 +116,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { // Obtain the filter chains and add the new chain to it BeanDefinition listFactoryBean = pc.getRegistry().getBeanDefinition(BeanIds.FILTER_CHAINS); List filterChains = (List) listFactoryBean.getPropertyValues() - .getPropertyValue("sourceList").getValue(); + .getPropertyValue("sourceList") + .getValue(); filterChains.add(createFilterChain(element, pc)); pc.popAndRegisterContainingComponent(); return null; @@ -131,8 +132,9 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { validateSecuredFilterChainElement(element, pc); for (int i = 0; i < element.getChildNodes().getLength(); i++) { if (element.getChildNodes().item(i) instanceof Element) { - pc.getReaderContext().error("If you are using to define an unsecured pattern, " - + "it cannot contain child elements.", pc.extractSource(element)); + pc.getReaderContext() + .error("If you are using to define an unsecured pattern, " + + "it cannot contain child elements.", pc.extractSource(element)); } } return createSecurityFilterChainBean(element, pc, Collections.emptyList()); @@ -188,9 +190,9 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { String filterChainPattern = element.getAttribute(ATT_PATH_PATTERN); if (StringUtils.hasText(requestMatcherRef)) { if (StringUtils.hasText(filterChainPattern)) { - pc.getReaderContext().error( - "You can't define a pattern and a request-matcher-ref for the " + "same filter chain", - pc.extractSource(element)); + pc.getReaderContext() + .error("You can't define a pattern and a request-matcher-ref for the " + "same filter chain", + pc.extractSource(element)); } filterChainMatcher = new RuntimeBeanReference(requestMatcherRef); @@ -202,7 +204,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { filterChainMatcher = new RootBeanDefinition(AnyRequestMatcher.class); } BeanDefinitionBuilder filterChainBldr = BeanDefinitionBuilder - .rootBeanDefinition(DefaultSecurityFilterChain.class); + .rootBeanDefinition(DefaultSecurityFilterChain.class); filterChainBldr.addConstructorArgValue(filterChainMatcher); filterChainBldr.addConstructorArgValue(filterChain); BeanDefinition filterChainBean = filterChainBldr.getBeanDefinition(); @@ -221,7 +223,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { // Register the portMapper. A default will always be created, even if no element // exists. BeanDefinition portMapper = new PortMappingsBeanDefinitionParser() - .parse(DomUtils.getChildElementByTagName(elt, Elements.PORT_MAPPINGS), pc); + .parse(DomUtils.getChildElementByTagName(elt, Elements.PORT_MAPPINGS), pc); String portMapperName = pc.getReaderContext().generateBeanName(portMapper); pc.registerBeanComponent(new BeanComponentDefinition(portMapper, portMapperName)); return new RuntimeBeanReference(portMapperName); @@ -254,8 +256,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { RootBeanDefinition clearCredentials = new RootBeanDefinition( ClearCredentialsMethodInvokingFactoryBean.class); clearCredentials.getPropertyValues().addPropertyValue("targetObject", parentAuthManager); - clearCredentials.getPropertyValues().addPropertyValue("targetMethod", - "isEraseCredentialsAfterAuthentication"); + clearCredentials.getPropertyValues() + .addPropertyValue("targetMethod", "isEraseCredentialsAfterAuthentication"); authManager.addPropertyValue("eraseCredentialsAfterAuthentication", clearCredentials); } else { @@ -265,8 +267,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { pc.registerBeanComponent(new BeanComponentDefinition(amfb, amfbId)); RootBeanDefinition clearCredentials = new RootBeanDefinition(MethodInvokingFactoryBean.class); clearCredentials.getPropertyValues().addPropertyValue("targetObject", new RuntimeBeanReference(amfbId)); - clearCredentials.getPropertyValues().addPropertyValue("targetMethod", - "isEraseCredentialsAfterAuthentication"); + clearCredentials.getPropertyValues() + .addPropertyValue("targetMethod", "isEraseCredentialsAfterAuthentication"); authManager.addConstructorArgValue(new RuntimeBeanReference(amfbId)); authManager.addPropertyValue("eraseCredentialsAfterAuthentication", clearCredentials); } @@ -288,12 +290,12 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { OrderDecorator previous = filters.get(i - 1); if (filter.getOrder() == previous.getOrder()) { pc.getReaderContext() - .error("Filter beans '" + filter.bean + "' and '" + previous.bean - + "' have the same 'order' value. When using custom filters, " - + "please make sure the positions do not conflict with default filters. " - + "Alternatively you can disable the default filters by removing the corresponding " - + "child elements from and avoiding the use of .", - source); + .error("Filter beans '" + filter.bean + "' and '" + previous.bean + + "' have the same 'order' value. When using custom filters, " + + "please make sure the positions do not conflict with default filters. " + + "Alternatively you can disable the default filters by removing the corresponding " + + "child elements from and avoiding the use of .", + source); } } } @@ -312,8 +314,9 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { } RuntimeBeanReference bean = new RuntimeBeanReference(ref); if (WebConfigUtils.countNonEmpty(new String[] { after, before, position }) != 1) { - pc.getReaderContext().error("A single '" + ATT_AFTER + "', '" + ATT_BEFORE + "', or '" + ATT_POSITION - + "' attribute must be supplied", pc.extractSource(elt)); + pc.getReaderContext() + .error("A single '" + ATT_AFTER + "', '" + ATT_BEFORE + "', or '" + ATT_POSITION + + "' attribute must be supplied", pc.extractSource(elt)); } if (StringUtils.hasText(position)) { customFilters.add(new OrderDecorator(bean, SecurityFilters.valueOf(position))); @@ -358,7 +361,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { pc.registerBeanComponent(new BeanComponentDefinition(fcpBean, BeanIds.FILTER_CHAIN_PROXY)); registry.registerAlias(BeanIds.FILTER_CHAIN_PROXY, BeanIds.SPRING_SECURITY_FILTER_CHAIN); BeanDefinitionBuilder requestRejected = BeanDefinitionBuilder - .rootBeanDefinition(RequestRejectedHandlerPostProcessor.class); + .rootBeanDefinition(RequestRejectedHandlerPostProcessor.class); requestRejected.setRole(BeanDefinition.ROLE_INFRASTRUCTURE); requestRejected.addConstructorArgValue("requestRejectedHandler"); requestRejected.addConstructorArgValue(BeanIds.FILTER_CHAIN_PROXY); @@ -386,8 +389,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException { if (registry.containsBeanDefinition(this.beanName)) { BeanDefinition beanDefinition = registry.getBeanDefinition(this.targetBeanName); - beanDefinition.getPropertyValues().add(this.targetPropertyName, - new RuntimeBeanReference(this.beanName)); + beanDefinition.getPropertyValues() + .add(this.targetPropertyName, new RuntimeBeanReference(this.beanName)); } } diff --git a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java index f1072cce83..ed662fd526 100644 --- a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java @@ -99,9 +99,9 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser { builder.addPropertyValue("logoutRequestMatcher", getLogoutRequestMatcher(logoutUrl)); if (StringUtils.hasText(successHandlerRef)) { if (StringUtils.hasText(logoutSuccessUrl)) { - pc.getReaderContext().error( - "Use " + ATT_LOGOUT_SUCCESS_URL + " or " + ATT_LOGOUT_HANDLER + ", but not both", - pc.extractSource(element)); + pc.getReaderContext() + .error("Use " + ATT_LOGOUT_SUCCESS_URL + " or " + ATT_LOGOUT_HANDLER + ", but not both", + pc.extractSource(element)); } builder.addConstructorArgReference(successHandlerRef); this.logoutSuccessHandler = new RuntimeBeanReference(successHandlerRef); @@ -134,7 +134,7 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser { private BeanDefinition getLogoutRequestMatcher(String logoutUrl) { BeanDefinitionBuilder matcherBuilder = BeanDefinitionBuilder - .rootBeanDefinition("org.springframework.security.web.util.matcher.AntPathRequestMatcher"); + .rootBeanDefinition("org.springframework.security.web.util.matcher.AntPathRequestMatcher"); matcherBuilder.addConstructorArgValue(logoutUrl); if (this.csrfEnabled) { matcherBuilder.addConstructorArgValue("POST"); diff --git a/config/src/main/java/org/springframework/security/config/http/MatcherType.java b/config/src/main/java/org/springframework/security/config/http/MatcherType.java index 9d65f9ea63..9238af2181 100644 --- a/config/src/main/java/org/springframework/security/config/http/MatcherType.java +++ b/config/src/main/java/org/springframework/security/config/http/MatcherType.java @@ -37,8 +37,8 @@ import org.springframework.util.StringUtils; */ public enum MatcherType { - ant(AntPathRequestMatcher.class), regex(RegexRequestMatcher.class), ciRegex(RegexRequestMatcher.class), mvc( - MvcRequestMatcher.class); + ant(AntPathRequestMatcher.class), regex(RegexRequestMatcher.class), ciRegex(RegexRequestMatcher.class), + mvc(MvcRequestMatcher.class); private static final String HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME = "mvcHandlerMappingIntrospector"; diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java index ff3d7064f3..9ae7bfb76a 100644 --- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParser.java @@ -77,21 +77,21 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser { public BeanDefinition parse(Element element, ParserContext parserContext) { Element authorizationCodeGrantElt = DomUtils.getChildElementByTagName(element, ELT_AUTHORIZATION_CODE_GRANT); BeanMetadataElement clientRegistrationRepository = OAuth2ClientBeanDefinitionParserUtils - .getClientRegistrationRepository(element); + .getClientRegistrationRepository(element); BeanMetadataElement authorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils - .getAuthorizedClientRepository(element); + .getAuthorizedClientRepository(element); if (authorizedClientRepository == null) { BeanMetadataElement authorizedClientService = OAuth2ClientBeanDefinitionParserUtils - .getAuthorizedClientService(element); + .getAuthorizedClientService(element); this.defaultAuthorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils - .createDefaultAuthorizedClientRepository(clientRegistrationRepository, authorizedClientService); + .createDefaultAuthorizedClientRepository(clientRegistrationRepository, authorizedClientService); authorizedClientRepository = new RuntimeBeanReference(OAuth2AuthorizedClientRepository.class); } BeanMetadataElement authorizationRequestRepository = getAuthorizationRequestRepository( authorizationCodeGrantElt); BeanMetadataElement authorizationRedirectStrategy = getAuthorizationRedirectStrategy(authorizationCodeGrantElt); BeanDefinitionBuilder authorizationRequestRedirectFilterBuilder = BeanDefinitionBuilder - .rootBeanDefinition(OAuth2AuthorizationRequestRedirectFilter.class); + .rootBeanDefinition(OAuth2AuthorizationRequestRedirectFilter.class); String authorizationRequestResolverRef = (authorizationCodeGrantElt != null) ? authorizationCodeGrantElt.getAttribute(ATT_AUTHORIZATION_REQUEST_RESOLVER_REF) : null; if (!StringUtils.isEmpty(authorizationRequestResolverRef)) { @@ -101,14 +101,16 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser { authorizationRequestRedirectFilterBuilder.addConstructorArgValue(clientRegistrationRepository); } this.authorizationRequestRedirectFilter = authorizationRequestRedirectFilterBuilder - .addPropertyValue("authorizationRequestRepository", authorizationRequestRepository) - .addPropertyValue("authorizationRedirectStrategy", authorizationRedirectStrategy) - .addPropertyValue("requestCache", this.requestCache).getBeanDefinition(); + .addPropertyValue("authorizationRequestRepository", authorizationRequestRepository) + .addPropertyValue("authorizationRedirectStrategy", authorizationRedirectStrategy) + .addPropertyValue("requestCache", this.requestCache) + .getBeanDefinition(); BeanDefinitionBuilder authorizationCodeGrantFilterBldr = BeanDefinitionBuilder - .rootBeanDefinition(OAuth2AuthorizationCodeGrantFilter.class) - .addConstructorArgValue(clientRegistrationRepository).addConstructorArgValue(authorizedClientRepository) - .addConstructorArgValue(this.authenticationManager) - .addPropertyValue("authorizationRequestRepository", authorizationRequestRepository); + .rootBeanDefinition(OAuth2AuthorizationCodeGrantFilter.class) + .addConstructorArgValue(clientRegistrationRepository) + .addConstructorArgValue(authorizedClientRepository) + .addConstructorArgValue(this.authenticationManager) + .addPropertyValue("authorizationRequestRepository", authorizationRequestRepository); if (this.authenticationFilterSecurityContextRepositoryRef != null) { authorizationCodeGrantFilterBldr.addPropertyValue("securityContextRepository", this.authenticationFilterSecurityContextRepositoryRef); @@ -117,8 +119,9 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser { BeanMetadataElement accessTokenResponseClient = getAccessTokenResponseClient(authorizationCodeGrantElt); this.authorizationCodeAuthenticationProvider = BeanDefinitionBuilder - .rootBeanDefinition(OAuth2AuthorizationCodeAuthenticationProvider.class) - .addConstructorArgValue(accessTokenResponseClient).getBeanDefinition(); + .rootBeanDefinition(OAuth2AuthorizationCodeAuthenticationProvider.class) + .addConstructorArgValue(accessTokenResponseClient) + .getBeanDefinition(); return null; } @@ -129,9 +132,10 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser { if (!StringUtils.isEmpty(authorizationRequestRepositoryRef)) { return new RuntimeBeanReference(authorizationRequestRepositoryRef); } - return BeanDefinitionBuilder.rootBeanDefinition( - "org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository") - .getBeanDefinition(); + return BeanDefinitionBuilder + .rootBeanDefinition( + "org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository") + .getBeanDefinition(); } private BeanMetadataElement getAuthorizationRedirectStrategy(Element element) { @@ -141,7 +145,7 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser { return new RuntimeBeanReference(authorizationRedirectStrategyRef); } return BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.web.DefaultRedirectStrategy") - .getBeanDefinition(); + .getBeanDefinition(); } private BeanMetadataElement getAccessTokenResponseClient(Element element) { @@ -150,9 +154,10 @@ final class OAuth2ClientBeanDefinitionParser implements BeanDefinitionParser { if (!StringUtils.isEmpty(accessTokenResponseClientRef)) { return new RuntimeBeanReference(accessTokenResponseClientRef); } - return BeanDefinitionBuilder.rootBeanDefinition( - "org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient") - .getBeanDefinition(); + return BeanDefinitionBuilder + .rootBeanDefinition( + "org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient") + .getBeanDefinition(); } BeanDefinition getDefaultAuthorizedClientRepository() { diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java index 8b8a333c7b..d75d2d2488 100644 --- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java +++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserUtils.java @@ -68,13 +68,14 @@ final class OAuth2ClientBeanDefinitionParserUtils { BeanMetadataElement authorizedClientService) { if (authorizedClientService == null) { authorizedClientService = BeanDefinitionBuilder - .rootBeanDefinition( - "org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService") - .addConstructorArgValue(clientRegistrationRepository).getBeanDefinition(); + .rootBeanDefinition("org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService") + .addConstructorArgValue(clientRegistrationRepository) + .getBeanDefinition(); } return BeanDefinitionBuilder.rootBeanDefinition( "org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository") - .addConstructorArgValue(authorizedClientService).getBeanDefinition(); + .addConstructorArgValue(authorizedClientService) + .getBeanDefinition(); } } diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java index a62cd65055..7316a91668 100644 --- a/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java +++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ClientWebMvcSecurityPostProcessor.java @@ -57,7 +57,7 @@ final class OAuth2ClientWebMvcSecurityPostProcessor implements BeanDefinitionReg BeanDefinition beanDefinition = registry.getBeanDefinition(beanName); if (RequestMappingHandlerAdapter.class.getName().equals(beanDefinition.getBeanClassName())) { PropertyValue currentArgumentResolvers = beanDefinition.getPropertyValues() - .getPropertyValue(CUSTOM_ARGUMENT_RESOLVERS_PROPERTY); + .getPropertyValue(CUSTOM_ARGUMENT_RESOLVERS_PROPERTY); ManagedList argumentResolvers = new ManagedList<>(); if (currentArgumentResolvers != null) { argumentResolvers.addAll((ManagedList) currentArgumentResolvers.getValue()); @@ -65,7 +65,7 @@ final class OAuth2ClientWebMvcSecurityPostProcessor implements BeanDefinitionReg String[] authorizedClientManagerBeanNames = BeanFactoryUtils.beanNamesForTypeIncludingAncestors( (ListableBeanFactory) this.beanFactory, OAuth2AuthorizedClientManager.class, false, false); BeanDefinitionBuilder beanDefinitionBuilder = BeanDefinitionBuilder - .genericBeanDefinition(OAuth2AuthorizedClientArgumentResolver.class); + .genericBeanDefinition(OAuth2AuthorizedClientArgumentResolver.class); if (authorizedClientManagerBeanNames.length == 1) { beanDefinitionBuilder.addConstructorArgReference(authorizedClientManagerBeanNames[0]); } diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java index eb6ac43500..19969d9426 100644 --- a/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.java @@ -146,29 +146,30 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser { public BeanDefinition parse(Element element, ParserContext parserContext) { // register magic bean BeanDefinition oauth2LoginBeanConfig = BeanDefinitionBuilder.rootBeanDefinition(OAuth2LoginBeanConfig.class) - .getBeanDefinition(); + .getBeanDefinition(); String oauth2LoginBeanConfigId = parserContext.getReaderContext().generateBeanName(oauth2LoginBeanConfig); parserContext - .registerBeanComponent(new BeanComponentDefinition(oauth2LoginBeanConfig, oauth2LoginBeanConfigId)); + .registerBeanComponent(new BeanComponentDefinition(oauth2LoginBeanConfig, oauth2LoginBeanConfigId)); // configure filter BeanMetadataElement clientRegistrationRepository = OAuth2ClientBeanDefinitionParserUtils - .getClientRegistrationRepository(element); + .getClientRegistrationRepository(element); BeanMetadataElement authorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils - .getAuthorizedClientRepository(element); + .getAuthorizedClientRepository(element); if (authorizedClientRepository == null) { BeanMetadataElement authorizedClientService = OAuth2ClientBeanDefinitionParserUtils - .getAuthorizedClientService(element); + .getAuthorizedClientService(element); this.defaultAuthorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils - .createDefaultAuthorizedClientRepository(clientRegistrationRepository, authorizedClientService); + .createDefaultAuthorizedClientRepository(clientRegistrationRepository, authorizedClientService); authorizedClientRepository = new RuntimeBeanReference(OAuth2AuthorizedClientRepository.class); } BeanMetadataElement accessTokenResponseClient = getAccessTokenResponseClient(element); BeanMetadataElement oauth2UserService = getOAuth2UserService(element); BeanMetadataElement authorizationRequestRepository = getAuthorizationRequestRepository(element); BeanDefinitionBuilder oauth2LoginAuthenticationFilterBuilder = BeanDefinitionBuilder - .rootBeanDefinition(OAuth2LoginAuthenticationFilter.class) - .addConstructorArgValue(clientRegistrationRepository).addConstructorArgValue(authorizedClientRepository) - .addPropertyValue("authorizationRequestRepository", authorizationRequestRepository); + .rootBeanDefinition(OAuth2LoginAuthenticationFilter.class) + .addConstructorArgValue(clientRegistrationRepository) + .addConstructorArgValue(authorizedClientRepository) + .addPropertyValue("authorizationRequestRepository", authorizationRequestRepository); if (this.sessionStrategy != null) { oauth2LoginAuthenticationFilterBuilder.addPropertyValue("sessionAuthenticationStrategy", this.sessionStrategy); @@ -181,11 +182,12 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser { } else { oauth2LoginAuthenticationFilterBuilder - .addConstructorArgValue(OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); + .addConstructorArgValue(OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); } BeanDefinitionBuilder oauth2LoginAuthenticationProviderBuilder = BeanDefinitionBuilder - .rootBeanDefinition(OAuth2LoginAuthenticationProvider.class) - .addConstructorArgValue(accessTokenResponseClient).addConstructorArgValue(oauth2UserService); + .rootBeanDefinition(OAuth2LoginAuthenticationProvider.class) + .addConstructorArgValue(accessTokenResponseClient) + .addConstructorArgValue(oauth2UserService); String userAuthoritiesMapperRef = element.getAttribute(ATT_USER_AUTHORITIES_MAPPER_REF); if (!StringUtils.isEmpty(userAuthoritiesMapperRef)) { oauth2LoginAuthenticationProviderBuilder.addPropertyReference("authoritiesMapper", @@ -195,7 +197,7 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser { this.oauth2LoginOidcAuthenticationProvider = getOidcAuthProvider(element, accessTokenResponseClient, userAuthoritiesMapperRef); BeanDefinitionBuilder oauth2AuthorizationRequestRedirectFilterBuilder = BeanDefinitionBuilder - .rootBeanDefinition(OAuth2AuthorizationRequestRedirectFilter.class); + .rootBeanDefinition(OAuth2AuthorizationRequestRedirectFilter.class); String authorizationRequestResolverRef = element.getAttribute(ATT_AUTHORIZATION_REQUEST_RESOLVER_REF); if (!StringUtils.isEmpty(authorizationRequestResolverRef)) { oauth2AuthorizationRequestRedirectFilterBuilder.addConstructorArgReference(authorizationRequestResolverRef); @@ -204,20 +206,21 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser { oauth2AuthorizationRequestRedirectFilterBuilder.addConstructorArgValue(clientRegistrationRepository); } oauth2AuthorizationRequestRedirectFilterBuilder - .addPropertyValue("authorizationRequestRepository", authorizationRequestRepository) - .addPropertyValue("authorizationRedirectStrategy", getAuthorizationRedirectStrategy(element)) - .addPropertyValue("requestCache", this.requestCache); + .addPropertyValue("authorizationRequestRepository", authorizationRequestRepository) + .addPropertyValue("authorizationRedirectStrategy", getAuthorizationRedirectStrategy(element)) + .addPropertyValue("requestCache", this.requestCache); this.oauth2AuthorizationRequestRedirectFilter = oauth2AuthorizationRequestRedirectFilterBuilder - .getBeanDefinition(); + .getBeanDefinition(); String authenticationSuccessHandlerRef = element.getAttribute(ATT_AUTHENTICATION_SUCCESS_HANDLER_REF); if (!StringUtils.isEmpty(authenticationSuccessHandlerRef)) { oauth2LoginAuthenticationFilterBuilder.addPropertyReference("authenticationSuccessHandler", authenticationSuccessHandlerRef); } else { - BeanDefinitionBuilder successHandlerBuilder = BeanDefinitionBuilder.rootBeanDefinition( - "org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler") - .addPropertyValue("requestCache", this.requestCache); + BeanDefinitionBuilder successHandlerBuilder = BeanDefinitionBuilder + .rootBeanDefinition( + "org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler") + .addPropertyValue("requestCache", this.requestCache); oauth2LoginAuthenticationFilterBuilder.addPropertyValue("authenticationSuccessHandler", successHandlerBuilder.getBeanDefinition()); } @@ -225,17 +228,20 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser { if (!StringUtils.isEmpty(loginPage)) { WebConfigUtils.validateHttpRedirect(loginPage, parserContext, source); this.oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder - .rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class).addConstructorArgValue(loginPage) - .addPropertyValue("portMapper", this.portMapper).addPropertyValue("portResolver", this.portResolver) - .getBeanDefinition(); + .rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class) + .addConstructorArgValue(loginPage) + .addPropertyValue("portMapper", this.portMapper) + .addPropertyValue("portResolver", this.portResolver) + .getBeanDefinition(); } else { Map entryPoint = getLoginEntryPoint(element); if (entryPoint != null) { this.oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder - .rootBeanDefinition(DelegatingAuthenticationEntryPoint.class).addConstructorArgValue(entryPoint) - .addPropertyValue("defaultEntryPoint", new LoginUrlAuthenticationEntryPoint(DEFAULT_LOGIN_URI)) - .getBeanDefinition(); + .rootBeanDefinition(DelegatingAuthenticationEntryPoint.class) + .addConstructorArgValue(entryPoint) + .addPropertyValue("defaultEntryPoint", new LoginUrlAuthenticationEntryPoint(DEFAULT_LOGIN_URI)) + .getBeanDefinition(); } } String authenticationFailureHandlerRef = element.getAttribute(ATT_AUTHENTICATION_FAILURE_HANDLER_REF); @@ -256,7 +262,8 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser { this.authenticationFilterSecurityContextHolderStrategy); // prepare loginlinks this.oauth2LoginLinks = BeanDefinitionBuilder.rootBeanDefinition(Map.class) - .setFactoryMethodOnBean("getLoginLinks", oauth2LoginBeanConfigId).getBeanDefinition(); + .setFactoryMethodOnBean("getLoginLinks", oauth2LoginBeanConfigId) + .getBeanDefinition(); return oauth2LoginAuthenticationFilterBuilder.getBeanDefinition(); } @@ -265,9 +272,10 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser { if (!StringUtils.isEmpty(authorizationRequestRepositoryRef)) { return new RuntimeBeanReference(authorizationRequestRepositoryRef); } - return BeanDefinitionBuilder.rootBeanDefinition( - "org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository") - .getBeanDefinition(); + return BeanDefinitionBuilder + .rootBeanDefinition( + "org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository") + .getBeanDefinition(); } private BeanMetadataElement getAuthorizationRedirectStrategy(Element element) { @@ -276,20 +284,21 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser { return new RuntimeBeanReference(authorizationRedirectStrategyRef); } return BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.web.DefaultRedirectStrategy") - .getBeanDefinition(); + .getBeanDefinition(); } private BeanDefinition getOidcAuthProvider(Element element, BeanMetadataElement accessTokenResponseClient, String userAuthoritiesMapperRef) { boolean oidcAuthenticationProviderEnabled = ClassUtils - .isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader()); + .isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader()); if (!oidcAuthenticationProviderEnabled) { return BeanDefinitionBuilder.rootBeanDefinition(OidcAuthenticationRequestChecker.class).getBeanDefinition(); } BeanMetadataElement oidcUserService = getOidcUserService(element); BeanDefinitionBuilder oidcAuthProviderBuilder = BeanDefinitionBuilder.rootBeanDefinition( "org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider") - .addConstructorArgValue(accessTokenResponseClient).addConstructorArgValue(oidcUserService); + .addConstructorArgValue(accessTokenResponseClient) + .addConstructorArgValue(oidcUserService); if (!StringUtils.isEmpty(userAuthoritiesMapperRef)) { oidcAuthProviderBuilder.addPropertyReference("authoritiesMapper", userAuthoritiesMapperRef); } @@ -306,8 +315,8 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser { return new RuntimeBeanReference(oidcUserServiceRef); } return BeanDefinitionBuilder - .rootBeanDefinition("org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService") - .getBeanDefinition(); + .rootBeanDefinition("org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService") + .getBeanDefinition(); } private BeanMetadataElement getOAuth2UserService(Element element) { @@ -316,8 +325,8 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser { return new RuntimeBeanReference(oauth2UserServiceRef); } return BeanDefinitionBuilder - .rootBeanDefinition("org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService") - .getBeanDefinition(); + .rootBeanDefinition("org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService") + .getBeanDefinition(); } private BeanMetadataElement getAccessTokenResponseClient(Element element) { @@ -325,9 +334,10 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser { if (!StringUtils.isEmpty(accessTokenResponseClientRef)) { return new RuntimeBeanReference(accessTokenResponseClientRef); } - return BeanDefinitionBuilder.rootBeanDefinition( - "org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient") - .getBeanDefinition(); + return BeanDefinitionBuilder + .rootBeanDefinition( + "org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient") + .getBeanDefinition(); } BeanDefinition getDefaultAuthorizedClientRepository() { @@ -395,8 +405,10 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { OAuth2LoginAuthenticationToken authorizationCodeAuthentication = (OAuth2LoginAuthenticationToken) authentication; - if (!authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest().getScopes() - .contains(OidcScopes.OPENID)) { + if (!authorizationCodeAuthentication.getAuthorizationExchange() + .getAuthorizationRequest() + .getScopes() + .contains(OidcScopes.OPENID)) { return null; } // Section 3.1.2.1 Authentication Request - @@ -433,7 +445,7 @@ final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser { Map getLoginLinks() { Iterable clientRegistrations = null; ClientRegistrationRepository clientRegistrationRepository = this.context - .getBean(ClientRegistrationRepository.class); + .getBean(ClientRegistrationRepository.class); ResolvableType type = ResolvableType.forInstance(clientRegistrationRepository).as(Iterable.class); if (type != ResolvableType.NONE && ClientRegistration.class.isAssignableFrom(type.resolveGenerics()[0])) { clientRegistrations = (Iterable) clientRegistrationRepository; diff --git a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java index 69056b0ab0..d375982d3f 100644 --- a/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParser.java @@ -126,7 +126,7 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa } BeanMetadataElement bearerTokenResolver = getBearerTokenResolver(oauth2ResourceServer); BeanDefinitionBuilder requestMatcherBuilder = BeanDefinitionBuilder - .rootBeanDefinition(BearerTokenRequestMatcher.class); + .rootBeanDefinition(BearerTokenRequestMatcher.class); requestMatcherBuilder.addConstructorArgValue(bearerTokenResolver); BeanDefinition requestMatcher = requestMatcherBuilder.getBeanDefinition(); BeanMetadataElement authenticationEntryPoint = getEntryPoint(oauth2ResourceServer); @@ -134,7 +134,7 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa this.deniedHandlers.put(requestMatcher, this.accessDeniedHandler); this.ignoreCsrfRequestMatchers.add(requestMatcher); BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder - .rootBeanDefinition(BearerTokenAuthenticationFilter.class); + .rootBeanDefinition(BearerTokenAuthenticationFilter.class); BeanMetadataElement authenticationManagerResolver = getAuthenticationManagerResolver(oauth2ResourceServer); filterBuilder.addConstructorArgValue(authenticationManagerResolver); filterBuilder.addPropertyValue(BEARER_TOKEN_RESOLVER, bearerTokenResolver); @@ -147,20 +147,21 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa void validateConfiguration(Element oauth2ResourceServer, Element jwt, Element opaqueToken, ParserContext pc) { if (!oauth2ResourceServer.hasAttribute(AUTHENTICATION_MANAGER_RESOLVER_REF)) { if (jwt == null && opaqueToken == null) { - pc.getReaderContext().error("Didn't find authentication-manager-resolver-ref, " - + ", or . " + "Please select one.", oauth2ResourceServer); + pc.getReaderContext() + .error("Didn't find authentication-manager-resolver-ref, " + ", or . " + + "Please select one.", oauth2ResourceServer); } return; } if (jwt != null) { - pc.getReaderContext().error( - "Found as well as authentication-manager-resolver-ref. Please select just one.", - oauth2ResourceServer); + pc.getReaderContext() + .error("Found as well as authentication-manager-resolver-ref. Please select just one.", + oauth2ResourceServer); } if (opaqueToken != null) { - pc.getReaderContext().error( - "Found as well as authentication-manager-resolver-ref. Please select just one.", - oauth2ResourceServer); + pc.getReaderContext() + .error("Found as well as authentication-manager-resolver-ref. Please select just one.", + oauth2ResourceServer); } } @@ -170,7 +171,7 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa return new RuntimeBeanReference(authenticationManagerResolverRef); } BeanDefinitionBuilder authenticationManagerResolver = BeanDefinitionBuilder - .rootBeanDefinition(StaticAuthenticationManagerResolver.class); + .rootBeanDefinition(StaticAuthenticationManagerResolver.class); authenticationManagerResolver.addConstructorArgValue(this.authenticationManager); return authenticationManagerResolver.getBeanDefinition(); } @@ -208,7 +209,7 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa public BeanDefinition parse(Element element, ParserContext pc) { validateConfiguration(element, pc); BeanDefinitionBuilder jwtProviderBuilder = BeanDefinitionBuilder - .rootBeanDefinition(JwtAuthenticationProvider.class); + .rootBeanDefinition(JwtAuthenticationProvider.class); jwtProviderBuilder.addConstructorArgValue(getDecoder(element)); jwtProviderBuilder.addPropertyValue(JWT_AUTHENTICATION_CONVERTER, getJwtAuthenticationConverter(element)); return jwtProviderBuilder.getBeanDefinition(); @@ -228,7 +229,7 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa return new RuntimeBeanReference(decoderRef); } BeanDefinitionBuilder builder = BeanDefinitionBuilder - .rootBeanDefinition(NimbusJwtDecoderJwkSetUriFactoryBean.class); + .rootBeanDefinition(NimbusJwtDecoderJwkSetUriFactoryBean.class); builder.addConstructorArgValue(element.getAttribute(JWK_SET_URI)); return builder.getBeanDefinition(); } @@ -264,7 +265,7 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa BeanMetadataElement introspector = getIntrospector(element); String authenticationConverterRef = element.getAttribute(AUTHENTICATION_CONVERTER_REF); BeanDefinitionBuilder opaqueTokenProviderBuilder = BeanDefinitionBuilder - .rootBeanDefinition(OpaqueTokenAuthenticationProvider.class); + .rootBeanDefinition(OpaqueTokenAuthenticationProvider.class); opaqueTokenProviderBuilder.addConstructorArgValue(introspector); if (StringUtils.hasText(authenticationConverterRef)) { opaqueTokenProviderBuilder.addPropertyReference(AUTHENTICATION_CONVERTER, authenticationConverterRef); @@ -277,15 +278,16 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa boolean usesEndpoint = element.hasAttribute(INTROSPECTION_URI) || element.hasAttribute(CLIENT_ID) || element.hasAttribute(CLIENT_SECRET); if (usesIntrospector == usesEndpoint) { - pc.getReaderContext().error("Please specify either introspector-ref or all of " - + "introspection-uri, client-id, and client-secret.", element); + pc.getReaderContext() + .error("Please specify either introspector-ref or all of " + + "introspection-uri, client-id, and client-secret.", element); return; } if (usesEndpoint) { if (!(element.hasAttribute(INTROSPECTION_URI) && element.hasAttribute(CLIENT_ID) && element.hasAttribute(CLIENT_SECRET))) { pc.getReaderContext() - .error("Please specify introspection-uri, client-id, and client-secret together", element); + .error("Please specify introspection-uri, client-id, and client-secret together", element); } } } @@ -299,7 +301,7 @@ final class OAuth2ResourceServerBeanDefinitionParser implements BeanDefinitionPa String clientId = element.getAttribute(CLIENT_ID); String clientSecret = element.getAttribute(CLIENT_SECRET); BeanDefinitionBuilder introspectorBuilder = BeanDefinitionBuilder - .rootBeanDefinition(NimbusOpaqueTokenIntrospector.class); + .rootBeanDefinition(NimbusOpaqueTokenIntrospector.class); introspectorBuilder.addConstructorArgValue(introspectionUri); introspectorBuilder.addConstructorArgValue(clientId); introspectorBuilder.addConstructorArgValue(clientSecret); diff --git a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java index bd23e29424..7e27977db1 100644 --- a/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/RememberMeBeanDefinitionParser.java @@ -109,14 +109,14 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser { if (servicesRefSet && (dataSourceSet || tokenRepoSet || userServiceSet || tokenValiditySet || useSecureCookieSet || remembermeParameterSet || remembermeCookieSet)) { pc.getReaderContext() - .error(ATT_SERVICES_REF + " can't be used in combination with attributes " + ATT_TOKEN_REPOSITORY - + "," + ATT_DATA_SOURCE + ", " + ATT_USER_SERVICE_REF + ", " + ATT_TOKEN_VALIDITY + ", " - + ATT_SECURE_COOKIE + ", " + ATT_FORM_REMEMBERME_PARAMETER + " or " + ATT_REMEMBERME_COOKIE, - source); + .error(ATT_SERVICES_REF + " can't be used in combination with attributes " + ATT_TOKEN_REPOSITORY + "," + + ATT_DATA_SOURCE + ", " + ATT_USER_SERVICE_REF + ", " + ATT_TOKEN_VALIDITY + ", " + + ATT_SECURE_COOKIE + ", " + ATT_FORM_REMEMBERME_PARAMETER + " or " + ATT_REMEMBERME_COOKIE, + source); } if (dataSourceSet && tokenRepoSet) { - pc.getReaderContext().error("Specify " + ATT_TOKEN_REPOSITORY + " or " + ATT_DATA_SOURCE + " but not both", - source); + pc.getReaderContext() + .error("Specify " + ATT_TOKEN_REPOSITORY + " or " + ATT_DATA_SOURCE + " but not both", source); } boolean isPersistent = dataSourceSet | tokenRepoSet; if (isPersistent) { @@ -127,8 +127,8 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser { } else { tokenRepo = new RootBeanDefinition(JdbcTokenRepositoryImpl.class); - ((BeanDefinition) tokenRepo).getPropertyValues().addPropertyValue("dataSource", - new RuntimeBeanReference(dataSource)); + ((BeanDefinition) tokenRepo).getPropertyValues() + .addPropertyValue("dataSource", new RuntimeBeanReference(dataSource)); } services.getConstructorArgumentValues().addIndexedArgumentValue(2, tokenRepo); } @@ -151,8 +151,9 @@ class RememberMeBeanDefinitionParser implements BeanDefinitionParser { if (tokenValiditySet) { boolean isTokenValidityNegative = tokenValiditySeconds.startsWith("-"); if (isTokenValidityNegative && isPersistent) { - pc.getReaderContext().error(ATT_TOKEN_VALIDITY + " cannot be negative if using" - + " a persistent remember-me token repository", source); + pc.getReaderContext() + .error(ATT_TOKEN_VALIDITY + " cannot be negative if using" + + " a persistent remember-me token repository", source); } services.getPropertyValues().addPropertyValue("tokenValiditySeconds", tokenValiditySeconds); } diff --git a/config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParser.java index b118dcdcce..9f0560078e 100644 --- a/config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParser.java @@ -119,34 +119,35 @@ final class Saml2LoginBeanDefinitionParser implements BeanDefinitionParser { this.loginProcessingUrl = loginProcessingUrl; } BeanDefinition saml2LoginBeanConfig = BeanDefinitionBuilder.rootBeanDefinition(Saml2LoginBeanConfig.class) - .getBeanDefinition(); + .getBeanDefinition(); String saml2LoginBeanConfigId = pc.getReaderContext().generateBeanName(saml2LoginBeanConfig); pc.registerBeanComponent(new BeanComponentDefinition(saml2LoginBeanConfig, saml2LoginBeanConfigId)); registerDefaultCsrfOverride(); BeanMetadataElement relyingPartyRegistrationRepository = Saml2LoginBeanDefinitionParserUtils - .getRelyingPartyRegistrationRepository(element); + .getRelyingPartyRegistrationRepository(element); BeanMetadataElement authenticationRequestRepository = Saml2LoginBeanDefinitionParserUtils - .getAuthenticationRequestRepository(element); + .getAuthenticationRequestRepository(element); BeanMetadataElement authenticationRequestResolver = Saml2LoginBeanDefinitionParserUtils - .getAuthenticationRequestResolver(element); + .getAuthenticationRequestResolver(element); if (authenticationRequestResolver == null) { authenticationRequestResolver = Saml2LoginBeanDefinitionParserUtils - .createDefaultAuthenticationRequestResolver(relyingPartyRegistrationRepository); + .createDefaultAuthenticationRequestResolver(relyingPartyRegistrationRepository); } BeanMetadataElement authenticationConverter = Saml2LoginBeanDefinitionParserUtils - .getAuthenticationConverter(element); + .getAuthenticationConverter(element); if (authenticationConverter == null) { if (!this.loginProcessingUrl.contains("{registrationId}")) { pc.getReaderContext().error("loginProcessingUrl must contain {registrationId} path variable", element); } authenticationConverter = Saml2LoginBeanDefinitionParserUtils - .createDefaultAuthenticationConverter(relyingPartyRegistrationRepository); + .createDefaultAuthenticationConverter(relyingPartyRegistrationRepository); } // Configure the Saml2WebSsoAuthenticationFilter BeanDefinitionBuilder saml2WebSsoAuthenticationFilterBuilder = BeanDefinitionBuilder - .rootBeanDefinition(Saml2WebSsoAuthenticationFilter.class) - .addConstructorArgValue(authenticationConverter).addConstructorArgValue(this.loginProcessingUrl) - .addPropertyValue("authenticationRequestRepository", authenticationRequestRepository); + .rootBeanDefinition(Saml2WebSsoAuthenticationFilter.class) + .addConstructorArgValue(authenticationConverter) + .addConstructorArgValue(this.loginProcessingUrl) + .addPropertyValue("authenticationRequestRepository", authenticationRequestRepository); resolveLoginPage(element, pc); resolveAuthenticationSuccessHandler(element, saml2WebSsoAuthenticationFilterBuilder); resolveAuthenticationFailureHandler(element, saml2WebSsoAuthenticationFilterBuilder); @@ -154,16 +155,16 @@ final class Saml2LoginBeanDefinitionParser implements BeanDefinitionParser { resolveSecurityContextRepository(element, saml2WebSsoAuthenticationFilterBuilder); // Configure the Saml2WebSsoAuthenticationRequestFilter this.saml2WebSsoAuthenticationRequestFilter = BeanDefinitionBuilder - .rootBeanDefinition(Saml2WebSsoAuthenticationRequestFilter.class) - .addConstructorArgValue(authenticationRequestResolver) - .addPropertyValue("authenticationRequestRepository", authenticationRequestRepository) - .getBeanDefinition(); + .rootBeanDefinition(Saml2WebSsoAuthenticationRequestFilter.class) + .addConstructorArgValue(authenticationRequestResolver) + .addPropertyValue("authenticationRequestRepository", authenticationRequestRepository) + .getBeanDefinition(); BeanDefinition saml2AuthenticationProvider = Saml2LoginBeanDefinitionParserUtils.createAuthenticationProvider(); this.authenticationProviders.add( new RuntimeBeanReference(pc.getReaderContext().registerWithGeneratedName(saml2AuthenticationProvider))); this.saml2AuthenticationUrlToProviderName = BeanDefinitionBuilder.rootBeanDefinition(Map.class) - .setFactoryMethodOnBean("getAuthenticationUrlToProviderName", saml2LoginBeanConfigId) - .getBeanDefinition(); + .setFactoryMethodOnBean("getAuthenticationUrlToProviderName", saml2LoginBeanConfigId) + .getBeanDefinition(); return saml2WebSsoAuthenticationFilterBuilder.getBeanDefinition(); } @@ -195,23 +196,27 @@ final class Saml2LoginBeanDefinitionParser implements BeanDefinitionParser { if (StringUtils.hasText(loginPage)) { WebConfigUtils.validateHttpRedirect(loginPage, parserContext, source); saml2LoginAuthenticationEntryPoint = BeanDefinitionBuilder - .rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class).addConstructorArgValue(loginPage) - .addPropertyValue("portMapper", this.portMapper).addPropertyValue("portResolver", this.portResolver) - .getBeanDefinition(); + .rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class) + .addConstructorArgValue(loginPage) + .addPropertyValue("portMapper", this.portMapper) + .addPropertyValue("portResolver", this.portResolver) + .getBeanDefinition(); } else { Map identityProviderUrlMap = getIdentityProviderUrlMap(element); if (identityProviderUrlMap.size() == 1) { String loginUrl = identityProviderUrlMap.entrySet().iterator().next().getKey(); saml2LoginAuthenticationEntryPoint = BeanDefinitionBuilder - .rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class).addConstructorArgValue(loginUrl) - .addPropertyValue("portMapper", this.portMapper) - .addPropertyValue("portResolver", this.portResolver).getBeanDefinition(); + .rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class) + .addConstructorArgValue(loginUrl) + .addPropertyValue("portMapper", this.portMapper) + .addPropertyValue("portResolver", this.portResolver) + .getBeanDefinition(); } } if (saml2LoginAuthenticationEntryPoint != null) { BeanDefinitionBuilder requestMatcherBuilder = BeanDefinitionBuilder - .rootBeanDefinition(AntPathRequestMatcher.class); + .rootBeanDefinition(AntPathRequestMatcher.class); requestMatcherBuilder.addConstructorArgValue(this.loginProcessingUrl); BeanDefinition requestMatcher = requestMatcherBuilder.getBeanDefinition(); this.entryPoints.put(requestMatcher, saml2LoginAuthenticationEntryPoint); @@ -244,9 +249,10 @@ final class Saml2LoginBeanDefinitionParser implements BeanDefinitionParser { authenticationSuccessHandlerRef); } else { - BeanDefinitionBuilder successHandlerBuilder = BeanDefinitionBuilder.rootBeanDefinition( - "org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler") - .addPropertyValue("requestCache", this.requestCache); + BeanDefinitionBuilder successHandlerBuilder = BeanDefinitionBuilder + .rootBeanDefinition( + "org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler") + .addPropertyValue("requestCache", this.requestCache); saml2WebSsoAuthenticationFilterBuilder.addPropertyValue("authenticationSuccessHandler", successHandlerBuilder.getBeanDefinition()); } @@ -254,7 +260,7 @@ final class Saml2LoginBeanDefinitionParser implements BeanDefinitionParser { private void registerDefaultCsrfOverride() { BeanDefinitionBuilder requestMatcherBuilder = BeanDefinitionBuilder - .rootBeanDefinition(AntPathRequestMatcher.class); + .rootBeanDefinition(AntPathRequestMatcher.class); requestMatcherBuilder.addConstructorArgValue(this.loginProcessingUrl); BeanDefinition requestMatcher = requestMatcherBuilder.getBeanDefinition(); this.csrfIgnoreRequestMatchers.add(requestMatcher); @@ -296,7 +302,7 @@ final class Saml2LoginBeanDefinitionParser implements BeanDefinitionParser { Map getAuthenticationUrlToProviderName() { Iterable relyingPartyRegistrations = null; RelyingPartyRegistrationRepository relyingPartyRegistrationRepository = this.context - .getBean(RelyingPartyRegistrationRepository.class); + .getBean(RelyingPartyRegistrationRepository.class); ResolvableType type = ResolvableType.forInstance(relyingPartyRegistrationRepository).as(Iterable.class); if (type != ResolvableType.NONE && RelyingPartyRegistration.class.isAssignableFrom(type.resolveGenerics()[0])) { diff --git a/config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserUtils.java b/config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserUtils.java index 225bcbe087..530aba60f8 100644 --- a/config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserUtils.java +++ b/config/src/main/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserUtils.java @@ -48,7 +48,7 @@ final class Saml2LoginBeanDefinitionParserUtils { static BeanMetadataElement getRelyingPartyRegistrationRepository(Element element) { String relyingPartyRegistrationRepositoryRef = element - .getAttribute(ATT_RELYING_PARTY_REGISTRATION_REPOSITORY_REF); + .getAttribute(ATT_RELYING_PARTY_REGISTRATION_REPOSITORY_REF); if (StringUtils.hasText(relyingPartyRegistrationRepositoryRef)) { return new RuntimeBeanReference(relyingPartyRegistrationRepositoryRef); } @@ -61,7 +61,7 @@ final class Saml2LoginBeanDefinitionParserUtils { return new RuntimeBeanReference(authenticationRequestRepositoryRef); } return BeanDefinitionBuilder.rootBeanDefinition(HttpSessionSaml2AuthenticationRequestRepository.class) - .getBeanDefinition(); + .getBeanDefinition(); } static BeanMetadataElement getAuthenticationRequestResolver(Element element) { @@ -75,17 +75,19 @@ final class Saml2LoginBeanDefinitionParserUtils { static BeanMetadataElement createDefaultAuthenticationRequestResolver( BeanMetadataElement relyingPartyRegistrationRepository) { BeanMetadataElement defaultRelyingPartyRegistrationResolver = BeanDefinitionBuilder - .rootBeanDefinition(DefaultRelyingPartyRegistrationResolver.class) - .addConstructorArgValue(relyingPartyRegistrationRepository).getBeanDefinition(); + .rootBeanDefinition(DefaultRelyingPartyRegistrationResolver.class) + .addConstructorArgValue(relyingPartyRegistrationRepository) + .getBeanDefinition(); return BeanDefinitionBuilder.rootBeanDefinition( "org.springframework.security.saml2.provider.service.web.authentication.OpenSaml4AuthenticationRequestResolver") - .addConstructorArgValue(defaultRelyingPartyRegistrationResolver).getBeanDefinition(); + .addConstructorArgValue(defaultRelyingPartyRegistrationResolver) + .getBeanDefinition(); } static BeanDefinition createAuthenticationProvider() { return BeanDefinitionBuilder.rootBeanDefinition( "org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider") - .getBeanDefinition(); + .getBeanDefinition(); } static BeanMetadataElement getAuthenticationConverter(Element element) { @@ -98,10 +100,12 @@ final class Saml2LoginBeanDefinitionParserUtils { static BeanDefinition createDefaultAuthenticationConverter(BeanMetadataElement relyingPartyRegistrationRepository) { AbstractBeanDefinition resolver = BeanDefinitionBuilder - .rootBeanDefinition(DefaultRelyingPartyRegistrationResolver.class) - .addConstructorArgValue(relyingPartyRegistrationRepository).getBeanDefinition(); + .rootBeanDefinition(DefaultRelyingPartyRegistrationResolver.class) + .addConstructorArgValue(relyingPartyRegistrationRepository) + .getBeanDefinition(); return BeanDefinitionBuilder.rootBeanDefinition(Saml2AuthenticationTokenConverter.class) - .addConstructorArgValue(resolver).getBeanDefinition(); + .addConstructorArgValue(resolver) + .getBeanDefinition(); } } diff --git a/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser.java index 10f3f13781..07c05f8bac 100644 --- a/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser.java @@ -113,40 +113,47 @@ final class Saml2LogoutBeanDefinitionParser implements BeanDefinitionParser { this.logoutSuccessHandler = createDefaultLogoutSuccessHandler(); } BeanMetadataElement relyingPartyRegistrationRepository = Saml2LogoutBeanDefinitionParserUtils - .getRelyingPartyRegistrationRepository(element); + .getRelyingPartyRegistrationRepository(element); BeanMetadataElement registrations = BeanDefinitionBuilder - .rootBeanDefinition(DefaultRelyingPartyRegistrationResolver.class) - .addConstructorArgValue(relyingPartyRegistrationRepository).getBeanDefinition(); + .rootBeanDefinition(DefaultRelyingPartyRegistrationResolver.class) + .addConstructorArgValue(relyingPartyRegistrationRepository) + .getBeanDefinition(); BeanMetadataElement logoutResponseResolver = Saml2LogoutBeanDefinitionParserUtils - .getLogoutResponseResolver(element, registrations); + .getLogoutResponseResolver(element, registrations); BeanMetadataElement logoutRequestValidator = Saml2LogoutBeanDefinitionParserUtils - .getLogoutRequestValidator(element); + .getLogoutRequestValidator(element); BeanMetadataElement logoutRequestMatcher = createSaml2LogoutRequestMatcher(); this.logoutRequestFilter = BeanDefinitionBuilder.rootBeanDefinition(Saml2LogoutRequestFilter.class) - .addConstructorArgValue(registrations).addConstructorArgValue(logoutRequestValidator) - .addConstructorArgValue(logoutResponseResolver).addConstructorArgValue(this.logoutHandlers) - .addPropertyValue("logoutRequestMatcher", logoutRequestMatcher) - .addPropertyValue("securityContextHolderStrategy", - this.authenticationFilterSecurityContextHolderStrategy) - .getBeanDefinition(); + .addConstructorArgValue(registrations) + .addConstructorArgValue(logoutRequestValidator) + .addConstructorArgValue(logoutResponseResolver) + .addConstructorArgValue(this.logoutHandlers) + .addPropertyValue("logoutRequestMatcher", logoutRequestMatcher) + .addPropertyValue("securityContextHolderStrategy", this.authenticationFilterSecurityContextHolderStrategy) + .getBeanDefinition(); BeanMetadataElement logoutResponseValidator = Saml2LogoutBeanDefinitionParserUtils - .getLogoutResponseValidator(element); + .getLogoutResponseValidator(element); BeanMetadataElement logoutRequestRepository = Saml2LogoutBeanDefinitionParserUtils - .getLogoutRequestRepository(element); + .getLogoutRequestRepository(element); BeanMetadataElement logoutResponseMatcher = createSaml2LogoutResponseMatcher(); this.logoutResponseFilter = BeanDefinitionBuilder.rootBeanDefinition(Saml2LogoutResponseFilter.class) - .addConstructorArgValue(registrations).addConstructorArgValue(logoutResponseValidator) - .addConstructorArgValue(this.logoutSuccessHandler) - .addPropertyValue("logoutRequestMatcher", logoutResponseMatcher) - .addPropertyValue("logoutRequestRepository", logoutRequestRepository).getBeanDefinition(); + .addConstructorArgValue(registrations) + .addConstructorArgValue(logoutResponseValidator) + .addConstructorArgValue(this.logoutSuccessHandler) + .addPropertyValue("logoutRequestMatcher", logoutResponseMatcher) + .addPropertyValue("logoutRequestRepository", logoutRequestRepository) + .getBeanDefinition(); BeanMetadataElement logoutRequestResolver = Saml2LogoutBeanDefinitionParserUtils - .getLogoutRequestResolver(element, registrations); + .getLogoutRequestResolver(element, registrations); BeanMetadataElement saml2LogoutRequestSuccessHandler = BeanDefinitionBuilder - .rootBeanDefinition(Saml2RelyingPartyInitiatedLogoutSuccessHandler.class) - .addConstructorArgValue(logoutRequestResolver).getBeanDefinition(); + .rootBeanDefinition(Saml2RelyingPartyInitiatedLogoutSuccessHandler.class) + .addConstructorArgValue(logoutRequestResolver) + .getBeanDefinition(); this.logoutFilter = BeanDefinitionBuilder.rootBeanDefinition(LogoutFilter.class) - .addConstructorArgValue(saml2LogoutRequestSuccessHandler).addConstructorArgValue(this.logoutHandlers) - .addPropertyValue("logoutRequestMatcher", createLogoutRequestMatcher()).getBeanDefinition(); + .addConstructorArgValue(saml2LogoutRequestSuccessHandler) + .addConstructorArgValue(this.logoutHandlers) + .addPropertyValue("logoutRequestMatcher", createLogoutRequestMatcher()) + .getBeanDefinition(); return null; } @@ -154,45 +161,54 @@ final class Saml2LogoutBeanDefinitionParser implements BeanDefinitionParser { List handlers = new ManagedList<>(); handlers.add(BeanDefinitionBuilder.rootBeanDefinition(SecurityContextLogoutHandler.class).getBeanDefinition()); handlers.add(BeanDefinitionBuilder.rootBeanDefinition(LogoutSuccessEventPublishingLogoutHandler.class) - .getBeanDefinition()); + .getBeanDefinition()); return handlers; } private static BeanMetadataElement createDefaultLogoutSuccessHandler() { return BeanDefinitionBuilder.rootBeanDefinition(SimpleUrlLogoutSuccessHandler.class) - .addPropertyValue("defaultTargetUrl", "/login?logout").getBeanDefinition(); + .addPropertyValue("defaultTargetUrl", "/login?logout") + .getBeanDefinition(); } private BeanMetadataElement createLogoutRequestMatcher() { BeanMetadataElement logoutMatcher = BeanDefinitionBuilder.rootBeanDefinition(AntPathRequestMatcher.class) - .addConstructorArgValue(this.logoutUrl).addConstructorArgValue("POST").getBeanDefinition(); + .addConstructorArgValue(this.logoutUrl) + .addConstructorArgValue("POST") + .getBeanDefinition(); BeanMetadataElement saml2Matcher = BeanDefinitionBuilder.rootBeanDefinition(Saml2RequestMatcher.class) - .addPropertyValue("securityContextHolderStrategy", - this.authenticationFilterSecurityContextHolderStrategy) - .getBeanDefinition(); + .addPropertyValue("securityContextHolderStrategy", this.authenticationFilterSecurityContextHolderStrategy) + .getBeanDefinition(); return BeanDefinitionBuilder.rootBeanDefinition(AndRequestMatcher.class) - .addConstructorArgValue(toManagedList(logoutMatcher, saml2Matcher)).getBeanDefinition(); + .addConstructorArgValue(toManagedList(logoutMatcher, saml2Matcher)) + .getBeanDefinition(); } private BeanMetadataElement createSaml2LogoutRequestMatcher() { BeanMetadataElement logoutRequestMatcher = BeanDefinitionBuilder.rootBeanDefinition(AntPathRequestMatcher.class) - .addConstructorArgValue(this.logoutRequestUrl).getBeanDefinition(); + .addConstructorArgValue(this.logoutRequestUrl) + .getBeanDefinition(); BeanMetadataElement saml2RequestMatcher = BeanDefinitionBuilder - .rootBeanDefinition(ParameterRequestMatcher.class).addConstructorArgValue("SAMLRequest") - .getBeanDefinition(); + .rootBeanDefinition(ParameterRequestMatcher.class) + .addConstructorArgValue("SAMLRequest") + .getBeanDefinition(); return BeanDefinitionBuilder.rootBeanDefinition(AndRequestMatcher.class) - .addConstructorArgValue(toManagedList(logoutRequestMatcher, saml2RequestMatcher)).getBeanDefinition(); + .addConstructorArgValue(toManagedList(logoutRequestMatcher, saml2RequestMatcher)) + .getBeanDefinition(); } private BeanMetadataElement createSaml2LogoutResponseMatcher() { BeanMetadataElement logoutResponseMatcher = BeanDefinitionBuilder - .rootBeanDefinition(AntPathRequestMatcher.class).addConstructorArgValue(this.logoutResponseUrl) - .getBeanDefinition(); + .rootBeanDefinition(AntPathRequestMatcher.class) + .addConstructorArgValue(this.logoutResponseUrl) + .getBeanDefinition(); BeanMetadataElement saml2ResponseMatcher = BeanDefinitionBuilder - .rootBeanDefinition(ParameterRequestMatcher.class).addConstructorArgValue("SAMLResponse") - .getBeanDefinition(); + .rootBeanDefinition(ParameterRequestMatcher.class) + .addConstructorArgValue("SAMLResponse") + .getBeanDefinition(); return BeanDefinitionBuilder.rootBeanDefinition(AndRequestMatcher.class) - .addConstructorArgValue(toManagedList(logoutResponseMatcher, saml2ResponseMatcher)).getBeanDefinition(); + .addConstructorArgValue(toManagedList(logoutResponseMatcher, saml2ResponseMatcher)) + .getBeanDefinition(); } private static List toManagedList(BeanMetadataElement... elements) { @@ -233,7 +249,7 @@ final class Saml2LogoutBeanDefinitionParser implements BeanDefinitionParser { public static class Saml2RequestMatcher implements RequestMatcher { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); @Override public boolean matches(HttpServletRequest request) { diff --git a/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserUtils.java b/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserUtils.java index 96ca597889..c7cb1792d5 100644 --- a/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserUtils.java +++ b/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserUtils.java @@ -50,7 +50,7 @@ final class Saml2LogoutBeanDefinitionParserUtils { static BeanMetadataElement getRelyingPartyRegistrationRepository(Element element) { String relyingPartyRegistrationRepositoryRef = element - .getAttribute(ATT_RELYING_PARTY_REGISTRATION_REPOSITORY_REF); + .getAttribute(ATT_RELYING_PARTY_REGISTRATION_REPOSITORY_REF); if (StringUtils.hasText(relyingPartyRegistrationRepositoryRef)) { return new RuntimeBeanReference(relyingPartyRegistrationRepositoryRef); } @@ -64,7 +64,8 @@ final class Saml2LogoutBeanDefinitionParserUtils { } return BeanDefinitionBuilder.rootBeanDefinition( "org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutResponseResolver") - .addConstructorArgValue(registrations).getBeanDefinition(); + .addConstructorArgValue(registrations) + .getBeanDefinition(); } static BeanMetadataElement getLogoutRequestValidator(Element element) { @@ -98,7 +99,8 @@ final class Saml2LogoutBeanDefinitionParserUtils { } return BeanDefinitionBuilder.rootBeanDefinition( "org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutRequestResolver") - .addConstructorArgValue(registrations).getBeanDefinition(); + .addConstructorArgValue(registrations) + .getBeanDefinition(); } } diff --git a/config/src/main/java/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParser.java index 8b719ec1b0..f911c674e8 100644 --- a/config/src/main/java/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParser.java @@ -46,9 +46,10 @@ public final class WellKnownChangePasswordBeanDefinitionParser implements BeanDe @Override public BeanDefinition parse(Element element, ParserContext parserContext) { BeanDefinition changePasswordFilter = BeanDefinitionBuilder - .rootBeanDefinition(RequestMatcherRedirectFilter.class) - .addConstructorArgValue(new AntPathRequestMatcher(WELL_KNOWN_CHANGE_PASSWORD_PATTERN)) - .addConstructorArgValue(getChangePasswordPage(element)).getBeanDefinition(); + .rootBeanDefinition(RequestMatcherRedirectFilter.class) + .addConstructorArgValue(new AntPathRequestMatcher(WELL_KNOWN_CHANGE_PASSWORD_PATTERN)) + .addConstructorArgValue(getChangePasswordPage(element)) + .getBeanDefinition(); parserContext.getReaderContext().registerWithGeneratedName(changePasswordFilter); return changePasswordFilter; } diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java index 3e735458f4..e3b1e7fc0d 100644 --- a/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.java @@ -69,7 +69,7 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser { this.logger.info("No search information or DN pattern specified. Using default search filter '" + DEF_USER_SEARCH_FILTER + "'"); BeanDefinitionBuilder searchBeanBuilder = BeanDefinitionBuilder - .rootBeanDefinition(LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS); + .rootBeanDefinition(LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS); searchBeanBuilder.getRawBeanDefinition().setSource(elt); searchBeanBuilder.addConstructorArgValue(""); searchBeanBuilder.addConstructorArgValue(DEF_USER_SEARCH_FILTER); @@ -89,9 +89,9 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser { String hash = passwordCompareElt.getAttribute(ATT_HASH); if (passwordEncoderElement != null) { if (StringUtils.hasText(hash)) { - parserContext.getReaderContext().warning( - "Attribute 'hash' cannot be used with 'password-encoder' and " + "will be ignored.", - parserContext.extractSource(elt)); + parserContext.getReaderContext() + .warning("Attribute 'hash' cannot be used with 'password-encoder' and " + "will be ignored.", + parserContext.extractSource(elt)); } PasswordEncoderParser pep = new PasswordEncoderParser(passwordEncoderElement, parserContext); authenticatorBuilder.addPropertyValue("passwordEncoder", pep.getPasswordEncoder()); @@ -108,8 +108,8 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser { } BeanDefinitionBuilder ldapProvider = BeanDefinitionBuilder.rootBeanDefinition(PROVIDER_CLASS); ldapProvider.addConstructorArgValue(authenticatorBuilder.getBeanDefinition()); - ldapProvider.addConstructorArgValue( - LdapUserServiceBeanDefinitionParser.parseAuthoritiesPopulator(elt, parserContext)); + ldapProvider + .addConstructorArgValue(LdapUserServiceBeanDefinitionParser.parseAuthoritiesPopulator(elt, parserContext)); ldapProvider.addPropertyValue("userDetailsContextMapper", LdapUserServiceBeanDefinitionParser.parseUserDetailsClassOrUserMapperRef(elt, parserContext)); return ldapProvider.getBeanDefinition(); diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java index 3da012c375..5c6acc8187 100644 --- a/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java @@ -104,7 +104,7 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser { if (StringUtils.hasText(managerDn)) { if (!StringUtils.hasText(managerPassword)) { parserContext.getReaderContext() - .error("You must specify the " + ATT_PASSWORD + " if you supply a " + managerDn, elt); + .error("You must specify the " + ATT_PASSWORD + " if you supply a " + managerDn, elt); } contextSource.getPropertyValues().addPropertyValue("userDn", managerDn); contextSource.getPropertyValues().addPropertyValue("password", managerPassword); @@ -135,9 +135,10 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser { contextSource.addPropertyValue("userDn", "uid=admin,ou=system"); contextSource.addPropertyValue("password", "secret"); BeanDefinition embeddedLdapServerConfigBean = BeanDefinitionBuilder - .rootBeanDefinition(EmbeddedLdapServerConfigBean.class).getBeanDefinition(); + .rootBeanDefinition(EmbeddedLdapServerConfigBean.class) + .getBeanDefinition(); String embeddedLdapServerConfigBeanName = parserContext.getReaderContext() - .generateBeanName(embeddedLdapServerConfigBean); + .generateBeanName(embeddedLdapServerConfigBean); parserContext.registerBeanComponent( new BeanComponentDefinition(embeddedLdapServerConfigBean, embeddedLdapServerConfigBeanName)); contextSource.setFactoryMethodOnBean("createEmbeddedContextSource", embeddedLdapServerConfigBeanName); @@ -153,8 +154,8 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser { ldapContainer.getPropertyValues().addPropertyValue("port", getPort(element)); if (parserContext.getRegistry().containsBeanDefinition(BeanIds.EMBEDDED_APACHE_DS) || parserContext.getRegistry().containsBeanDefinition(BeanIds.EMBEDDED_UNBOUNDID)) { - parserContext.getReaderContext().error("Only one embedded server bean is allowed per application context", - element); + parserContext.getReaderContext() + .error("Only one embedded server bean is allowed per application context", element); } String beanId = resolveBeanId(mode); if (beanId != null) { diff --git a/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java index dec9a6ac41..a10f0b527b 100644 --- a/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/ldap/LdapUserServiceBeanDefinitionParser.java @@ -96,7 +96,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ if (StringUtils.hasText(userSearchBase)) { if (!StringUtils.hasText(userSearchFilter)) { parserContext.getReaderContext() - .error(ATT_USER_SEARCH_BASE + " cannot be used without a " + ATT_USER_SEARCH_FILTER, source); + .error(ATT_USER_SEARCH_BASE + " cannot be used without a " + ATT_USER_SEARCH_FILTER, source); } } else { @@ -143,8 +143,9 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ String userDetailsClass = elt.getAttribute(ATT_USER_CLASS); String userMapperRef = elt.getAttribute(ATT_USER_CONTEXT_MAPPER_REF); if (StringUtils.hasText(userDetailsClass) && StringUtils.hasText(userMapperRef)) { - parserContext.getReaderContext().error("Attributes " + ATT_USER_CLASS + " and " - + ATT_USER_CONTEXT_MAPPER_REF + " cannot be used together.", parserContext.extractSource(elt)); + parserContext.getReaderContext() + .error("Attributes " + ATT_USER_CLASS + " and " + ATT_USER_CONTEXT_MAPPER_REF + + " cannot be used together.", parserContext.extractSource(elt)); } if (StringUtils.hasText(userMapperRef)) { return new RuntimeBeanReference(userMapperRef); diff --git a/config/src/main/java/org/springframework/security/config/method/AspectJMethodMatcher.java b/config/src/main/java/org/springframework/security/config/method/AspectJMethodMatcher.java index b3c10a9b03..2cd5bcb1f5 100644 --- a/config/src/main/java/org/springframework/security/config/method/AspectJMethodMatcher.java +++ b/config/src/main/java/org/springframework/security/config/method/AspectJMethodMatcher.java @@ -37,8 +37,8 @@ class AspectJMethodMatcher implements MethodMatcher, ClassFilter, Pointcut { supportedPrimitives.add(PointcutPrimitive.EXECUTION); supportedPrimitives.add(PointcutPrimitive.ARGS); supportedPrimitives.add(PointcutPrimitive.REFERENCE); - parser = PointcutParser.getPointcutParserSupportingSpecifiedPrimitivesAndUsingContextClassloaderForResolution( - supportedPrimitives); + parser = PointcutParser + .getPointcutParserSupportingSpecifiedPrimitivesAndUsingContextClassloaderForResolution(supportedPrimitives); } private final PointcutExpression expression; diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java index 628db4211b..70bb196579 100644 --- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java @@ -144,27 +144,28 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP Element prePostElt = DomUtils.getChildElementByTagName(element, Elements.INVOCATION_HANDLING); Element expressionHandlerElt = DomUtils.getChildElementByTagName(element, Elements.EXPRESSION_HANDLER); if (prePostElt != null && expressionHandlerElt != null) { - pc.getReaderContext().error(Elements.INVOCATION_HANDLING + " and " + Elements.EXPRESSION_HANDLER - + " cannot be used together ", source); + pc.getReaderContext() + .error(Elements.INVOCATION_HANDLING + " and " + Elements.EXPRESSION_HANDLER + + " cannot be used together ", source); } BeanDefinitionBuilder preInvocationVoterBldr = BeanDefinitionBuilder - .rootBeanDefinition(PreInvocationAuthorizationAdviceVoter.class); + .rootBeanDefinition(PreInvocationAuthorizationAdviceVoter.class); // After-invocation provider to handle post-invocation filtering and // authorization expression annotations. BeanDefinitionBuilder afterInvocationBldr = BeanDefinitionBuilder - .rootBeanDefinition(PostInvocationAdviceProvider.class); + .rootBeanDefinition(PostInvocationAdviceProvider.class); // The metadata source for the security interceptor BeanDefinitionBuilder mds = BeanDefinitionBuilder - .rootBeanDefinition(PrePostAnnotationSecurityMetadataSource.class); + .rootBeanDefinition(PrePostAnnotationSecurityMetadataSource.class); if (prePostElt != null) { // Customized override of expression handling system String attributeFactoryRef = DomUtils - .getChildElementByTagName(prePostElt, Elements.INVOCATION_ATTRIBUTE_FACTORY) - .getAttribute("ref"); + .getChildElementByTagName(prePostElt, Elements.INVOCATION_ATTRIBUTE_FACTORY) + .getAttribute("ref"); String preAdviceRef = DomUtils.getChildElementByTagName(prePostElt, Elements.PRE_INVOCATION_ADVICE) - .getAttribute("ref"); + .getAttribute("ref"); String postAdviceRef = DomUtils.getChildElementByTagName(prePostElt, Elements.POST_INVOCATION_ADVICE) - .getAttribute("ref"); + .getAttribute("ref"); mds.addConstructorArgReference(attributeFactoryRef); preInvocationVoterBldr.addConstructorArgReference(preAdviceRef); afterInvocationBldr.addConstructorArgReference(postAdviceRef); @@ -181,16 +182,16 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP lazyInitPP.getConstructorArgumentValues().addGenericArgumentValue(expressionHandlerRef); pc.getReaderContext().registerWithGeneratedName(lazyInitPP); BeanDefinitionBuilder lazyMethodSecurityExpressionHandlerBldr = BeanDefinitionBuilder - .rootBeanDefinition(LazyInitTargetSource.class); + .rootBeanDefinition(LazyInitTargetSource.class); lazyMethodSecurityExpressionHandlerBldr.addPropertyValue("targetBeanName", expressionHandlerRef); BeanDefinitionBuilder expressionHandlerProxyBldr = BeanDefinitionBuilder - .rootBeanDefinition(ProxyFactoryBean.class); + .rootBeanDefinition(ProxyFactoryBean.class); expressionHandlerProxyBldr.addPropertyValue("targetSource", lazyMethodSecurityExpressionHandlerBldr.getBeanDefinition()); expressionHandlerProxyBldr.addPropertyValue("proxyInterfaces", MethodSecurityExpressionHandler.class); expressionHandlerRef = pc.getReaderContext() - .generateBeanName(expressionHandlerProxyBldr.getBeanDefinition()); + .generateBeanName(expressionHandlerProxyBldr.getBeanDefinition()); pc.registerBeanComponent(new BeanComponentDefinition(expressionHandlerProxyBldr.getBeanDefinition(), expressionHandlerRef)); } @@ -203,15 +204,15 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP + "was configured. All hasPermission() expressions will evaluate to false."); } BeanDefinitionBuilder expressionPreAdviceBldr = BeanDefinitionBuilder - .rootBeanDefinition(ExpressionBasedPreInvocationAdvice.class); + .rootBeanDefinition(ExpressionBasedPreInvocationAdvice.class); expressionPreAdviceBldr.addPropertyReference("expressionHandler", expressionHandlerRef); preInvocationVoterBldr.addConstructorArgValue(expressionPreAdviceBldr.getBeanDefinition()); BeanDefinitionBuilder expressionPostAdviceBldr = BeanDefinitionBuilder - .rootBeanDefinition(ExpressionBasedPostInvocationAdvice.class); + .rootBeanDefinition(ExpressionBasedPostInvocationAdvice.class); expressionPostAdviceBldr.addConstructorArgReference(expressionHandlerRef); afterInvocationBldr.addConstructorArgValue(expressionPostAdviceBldr.getBeanDefinition()); BeanDefinitionBuilder annotationInvocationFactory = BeanDefinitionBuilder - .rootBeanDefinition(ExpressionBasedAnnotationAttributeFactory.class); + .rootBeanDefinition(ExpressionBasedAnnotationAttributeFactory.class); annotationInvocationFactory.addConstructorArgReference(expressionHandlerRef); mds.addConstructorArgValue(annotationInvocationFactory.getBeanDefinition()); } @@ -221,7 +222,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP } if (useSecured) { delegates.add(BeanDefinitionBuilder.rootBeanDefinition(SecuredAnnotationSecurityMetadataSource.class) - .getBeanDefinition()); + .getBeanDefinition()); } if (jsr250Enabled) { RootBeanDefinition jsrMetadataSource = registerWithDefaultRolePrefix(pc, @@ -331,12 +332,12 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP String accessConfig = childElt.getAttribute(ATT_ACCESS); String expression = childElt.getAttribute(ATT_EXPRESSION); if (!StringUtils.hasText(accessConfig)) { - parserContext.getReaderContext().error("Access configuration required", - parserContext.extractSource(childElt)); + parserContext.getReaderContext() + .error("Access configuration required", parserContext.extractSource(childElt)); } if (!StringUtils.hasText(expression)) { - parserContext.getReaderContext().error("Pointcut expression required", - parserContext.extractSource(childElt)); + parserContext.getReaderContext() + .error("Pointcut expression required", parserContext.extractSource(childElt)); } String[] attributeTokens = StringUtils.commaDelimitedListToStringArray(accessConfig); List attributes = new ArrayList<>(attributeTokens.length); @@ -351,8 +352,8 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP private BeanReference registerMethodSecurityInterceptor(ParserContext pc, String authMgrRef, String accessManagerId, String runAsManagerId, BeanReference metadataSource, List afterInvocationProviders, Object source, boolean useAspectJ) { - BeanDefinitionBuilder bldr = BeanDefinitionBuilder.rootBeanDefinition( - useAspectJ ? AspectJMethodSecurityInterceptor.class : MethodSecurityInterceptor.class); + BeanDefinitionBuilder bldr = BeanDefinitionBuilder + .rootBeanDefinition(useAspectJ ? AspectJMethodSecurityInterceptor.class : MethodSecurityInterceptor.class); bldr.getRawBeanDefinition().setSource(source); bldr.addPropertyReference("accessDecisionManager", accessManagerId); RootBeanDefinition authMgr = new RootBeanDefinition(AuthenticationManagerDelegator.class); @@ -483,10 +484,10 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP @Override public final void setApplicationContext(ApplicationContext applicationContext) throws BeansException { String[] grantedAuthorityDefaultsBeanNames = applicationContext - .getBeanNamesForType(GrantedAuthorityDefaults.class); + .getBeanNamesForType(GrantedAuthorityDefaults.class); if (grantedAuthorityDefaultsBeanNames.length == 1) { GrantedAuthorityDefaults grantedAuthorityDefaults = applicationContext - .getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class); + .getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class); this.rolePrefix = grantedAuthorityDefaults.getRolePrefix(); } } diff --git a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java index 17a69335c0..aa3c4a51a3 100644 --- a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java +++ b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java @@ -79,7 +79,7 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe protected BeanDefinition createInterceptorDefinition(Node node) { Element interceptMethodsElt = (Element) node; BeanDefinitionBuilder interceptor = BeanDefinitionBuilder - .rootBeanDefinition(AuthorizationManagerBeforeMethodInterceptor.class); + .rootBeanDefinition(AuthorizationManagerBeforeMethodInterceptor.class); interceptor.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_BY_TYPE); Map managers = new ManagedMap<>(); List methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, Elements.PROTECT); @@ -88,7 +88,8 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe authorizationManager(interceptMethodsElt, protectElt)); } return interceptor.addConstructorArgValue(Pointcut.TRUE) - .addConstructorArgValue(authorizationManager(managers)).getBeanDefinition(); + .addConstructorArgValue(authorizationManager(managers)) + .getBeanDefinition(); } boolean supports(Node node) { @@ -112,12 +113,14 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe } String access = protectElt.getAttribute(ATT_ACCESS); return BeanDefinitionBuilder.rootBeanDefinition(MethodExpressionAuthorizationManager.class) - .addConstructorArgValue(access).getBeanDefinition(); + .addConstructorArgValue(access) + .getBeanDefinition(); } private BeanMetadataElement authorizationManager(Map managers) { return BeanDefinitionBuilder.rootBeanDefinition(PointcutDelegatingAuthorizationManager.class) - .addConstructorArgValue(managers).getBeanDefinition(); + .addConstructorArgValue(managers) + .getBeanDefinition(); } } @@ -143,7 +146,7 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe protected BeanDefinition createInterceptorDefinition(Node node) { Element interceptMethodsElt = (Element) node; BeanDefinitionBuilder interceptor = BeanDefinitionBuilder - .rootBeanDefinition(MethodSecurityInterceptor.class); + .rootBeanDefinition(MethodSecurityInterceptor.class); // Default to autowiring to pick up after invocation mgr interceptor.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_BY_TYPE); String accessManagerId = interceptMethodsElt.getAttribute(ATT_ACCESS_MGR); diff --git a/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java b/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java index f951d01446..d6808633af 100644 --- a/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java +++ b/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java @@ -38,8 +38,9 @@ abstract class MethodConfigUtils { @SuppressWarnings("unchecked") static void registerDefaultMethodAccessManagerIfNecessary(ParserContext parserContext) { if (!parserContext.getRegistry().containsBeanDefinition(BeanIds.METHOD_ACCESS_MANAGER)) { - parserContext.getRegistry().registerBeanDefinition(BeanIds.METHOD_ACCESS_MANAGER, - createAccessManagerBean(RoleVoter.class, AuthenticatedVoter.class)); + parserContext.getRegistry() + .registerBeanDefinition(BeanIds.METHOD_ACCESS_MANAGER, + createAccessManagerBean(RoleVoter.class, AuthenticatedVoter.class)); } } diff --git a/config/src/main/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParser.java index 63f3614536..ca0efaf905 100644 --- a/config/src/main/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParser.java @@ -94,21 +94,21 @@ public class MethodSecurityBeanDefinitionParser implements BeanDefinitionParser boolean useAspectJ = "aspectj".equals(element.getAttribute(ATT_MODE)); if (prePostAnnotationsEnabled) { BeanDefinitionBuilder preFilterInterceptor = BeanDefinitionBuilder - .rootBeanDefinition(PreFilterAuthorizationMethodInterceptor.class) - .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) - .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy); + .rootBeanDefinition(PreFilterAuthorizationMethodInterceptor.class) + .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) + .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy); BeanDefinitionBuilder preAuthorizeInterceptor = BeanDefinitionBuilder - .rootBeanDefinition(PreAuthorizeAuthorizationMethodInterceptor.class) - .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) - .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy); + .rootBeanDefinition(PreAuthorizeAuthorizationMethodInterceptor.class) + .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) + .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy); BeanDefinitionBuilder postAuthorizeInterceptor = BeanDefinitionBuilder - .rootBeanDefinition(PostAuthorizeAuthorizationMethodInterceptor.class) - .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) - .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy); + .rootBeanDefinition(PostAuthorizeAuthorizationMethodInterceptor.class) + .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) + .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy); BeanDefinitionBuilder postFilterInterceptor = BeanDefinitionBuilder - .rootBeanDefinition(PostFilterAuthorizationMethodInterceptor.class) - .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) - .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy); + .rootBeanDefinition(PostFilterAuthorizationMethodInterceptor.class) + .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) + .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy); Element expressionHandlerElt = DomUtils.getChildElementByTagName(element, Elements.EXPRESSION_HANDLER); if (expressionHandlerElt != null) { String expressionHandlerRef = expressionHandlerElt.getAttribute("ref"); @@ -119,46 +119,52 @@ public class MethodSecurityBeanDefinitionParser implements BeanDefinitionParser } else { BeanDefinition expressionHandler = BeanDefinitionBuilder - .rootBeanDefinition(MethodSecurityExpressionHandlerBean.class).getBeanDefinition(); + .rootBeanDefinition(MethodSecurityExpressionHandlerBean.class) + .getBeanDefinition(); preFilterInterceptor.addPropertyValue("expressionHandler", expressionHandler); preAuthorizeInterceptor.addPropertyValue("expressionHandler", expressionHandler); postAuthorizeInterceptor.addPropertyValue("expressionHandler", expressionHandler); postFilterInterceptor.addPropertyValue("expressionHandler", expressionHandler); } - pc.getRegistry().registerBeanDefinition("preFilterAuthorizationMethodInterceptor", - preFilterInterceptor.getBeanDefinition()); - pc.getRegistry().registerBeanDefinition("preAuthorizeAuthorizationMethodInterceptor", - preAuthorizeInterceptor.getBeanDefinition()); - pc.getRegistry().registerBeanDefinition("postAuthorizeAuthorizationMethodInterceptor", - postAuthorizeInterceptor.getBeanDefinition()); - pc.getRegistry().registerBeanDefinition("postFilterAuthorizationMethodInterceptor", - postFilterInterceptor.getBeanDefinition()); + pc.getRegistry() + .registerBeanDefinition("preFilterAuthorizationMethodInterceptor", + preFilterInterceptor.getBeanDefinition()); + pc.getRegistry() + .registerBeanDefinition("preAuthorizeAuthorizationMethodInterceptor", + preAuthorizeInterceptor.getBeanDefinition()); + pc.getRegistry() + .registerBeanDefinition("postAuthorizeAuthorizationMethodInterceptor", + postAuthorizeInterceptor.getBeanDefinition()); + pc.getRegistry() + .registerBeanDefinition("postFilterAuthorizationMethodInterceptor", + postFilterInterceptor.getBeanDefinition()); } boolean securedEnabled = "true".equals(element.getAttribute(ATT_USE_SECURED)); if (securedEnabled) { BeanDefinitionBuilder securedInterceptor = BeanDefinitionBuilder - .rootBeanDefinition(AuthorizationManagerBeforeMethodInterceptor.class) - .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) - .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy) - .setFactoryMethod("secured"); - pc.getRegistry().registerBeanDefinition("securedAuthorizationMethodInterceptor", - securedInterceptor.getBeanDefinition()); + .rootBeanDefinition(AuthorizationManagerBeforeMethodInterceptor.class) + .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) + .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy) + .setFactoryMethod("secured"); + pc.getRegistry() + .registerBeanDefinition("securedAuthorizationMethodInterceptor", + securedInterceptor.getBeanDefinition()); } boolean jsr250Enabled = "true".equals(element.getAttribute(ATT_USE_JSR250)); if (jsr250Enabled) { BeanDefinitionBuilder jsr250Interceptor = BeanDefinitionBuilder - .rootBeanDefinition(Jsr250AuthorizationMethodInterceptor.class) - .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) - .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy); - pc.getRegistry().registerBeanDefinition("jsr250AuthorizationMethodInterceptor", - jsr250Interceptor.getBeanDefinition()); + .rootBeanDefinition(Jsr250AuthorizationMethodInterceptor.class) + .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) + .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy); + pc.getRegistry() + .registerBeanDefinition("jsr250AuthorizationMethodInterceptor", jsr250Interceptor.getBeanDefinition()); } Map managers = new ManagedMap<>(); List methods = DomUtils.getChildElementsByTagName(element, Elements.PROTECT_POINTCUT); if (useAspectJ) { if (!methods.isEmpty()) { - pc.getReaderContext().error("Cannot use and mode='aspectj' together", - pc.extractSource(element)); + pc.getReaderContext() + .error("Cannot use and mode='aspectj' together", pc.extractSource(element)); } registerInterceptors(pc.getRegistry()); } @@ -168,13 +174,14 @@ public class MethodSecurityBeanDefinitionParser implements BeanDefinitionParser managers.put(pointcut(protectElt), authorizationManager(element, protectElt)); } BeanDefinitionBuilder protectPointcutInterceptor = BeanDefinitionBuilder - .rootBeanDefinition(AuthorizationManagerBeforeMethodInterceptor.class) - .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) - .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy) - .addConstructorArgValue(pointcut(managers.keySet())) - .addConstructorArgValue(authorizationManager(managers)); - pc.getRegistry().registerBeanDefinition("protectPointcutInterceptor", - protectPointcutInterceptor.getBeanDefinition()); + .rootBeanDefinition(AuthorizationManagerBeforeMethodInterceptor.class) + .setRole(BeanDefinition.ROLE_INFRASTRUCTURE) + .addPropertyValue("securityContextHolderStrategy", securityContextHolderStrategy) + .addConstructorArgValue(pointcut(managers.keySet())) + .addConstructorArgValue(authorizationManager(managers)); + pc.getRegistry() + .registerBeanDefinition("protectPointcutInterceptor", + protectPointcutInterceptor.getBeanDefinition()); } AopNamespaceUtils.registerAutoProxyCreatorIfNecessary(pc, element); } @@ -223,12 +230,14 @@ public class MethodSecurityBeanDefinitionParser implements BeanDefinitionParser } String access = protectElt.getAttribute(ATT_ACCESS); return BeanDefinitionBuilder.rootBeanDefinition(MethodExpressionAuthorizationManager.class) - .addConstructorArgValue(access).getBeanDefinition(); + .addConstructorArgValue(access) + .getBeanDefinition(); } private BeanMetadataElement authorizationManager(Map managers) { return BeanDefinitionBuilder.rootBeanDefinition(PointcutDelegatingAuthorizationManager.class) - .addConstructorArgValue(managers).getBeanDefinition(); + .addConstructorArgValue(managers) + .getBeanDefinition(); } private void registerInterceptors(BeanDefinitionRegistry registry) { @@ -279,10 +288,10 @@ public class MethodSecurityBeanDefinitionParser implements BeanDefinitionParser @Override public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { String[] grantedAuthorityDefaultsBeanNames = applicationContext - .getBeanNamesForType(GrantedAuthorityDefaults.class); + .getBeanNamesForType(GrantedAuthorityDefaults.class); if (grantedAuthorityDefaultsBeanNames.length == 1) { GrantedAuthorityDefaults grantedAuthorityDefaults = applicationContext - .getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class); + .getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class); this.expressionHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix()); } } @@ -293,14 +302,14 @@ public class MethodSecurityBeanDefinitionParser implements BeanDefinitionParser implements FactoryBean, ApplicationContextAware { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private final Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); @Override public AuthorizationManagerBeforeMethodInterceptor getObject() { AuthorizationManagerBeforeMethodInterceptor interceptor = AuthorizationManagerBeforeMethodInterceptor - .jsr250(this.manager); + .jsr250(this.manager); interceptor.setSecurityContextHolderStrategy(this.securityContextHolderStrategy); return interceptor; } @@ -313,10 +322,10 @@ public class MethodSecurityBeanDefinitionParser implements BeanDefinitionParser @Override public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { String[] grantedAuthorityDefaultsBeanNames = applicationContext - .getBeanNamesForType(GrantedAuthorityDefaults.class); + .getBeanNamesForType(GrantedAuthorityDefaults.class); if (grantedAuthorityDefaultsBeanNames.length == 1) { GrantedAuthorityDefaults grantedAuthorityDefaults = applicationContext - .getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class); + .getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class); this.manager.setRolePrefix(grantedAuthorityDefaults.getRolePrefix()); } } @@ -331,14 +340,14 @@ public class MethodSecurityBeanDefinitionParser implements BeanDefinitionParser implements FactoryBean { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private final PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager(); @Override public AuthorizationManagerBeforeMethodInterceptor getObject() { AuthorizationManagerBeforeMethodInterceptor interceptor = AuthorizationManagerBeforeMethodInterceptor - .preAuthorize(this.manager); + .preAuthorize(this.manager); interceptor.setSecurityContextHolderStrategy(this.securityContextHolderStrategy); return interceptor; } @@ -362,14 +371,14 @@ public class MethodSecurityBeanDefinitionParser implements BeanDefinitionParser implements FactoryBean { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private final PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager(); @Override public AuthorizationManagerAfterMethodInterceptor getObject() { AuthorizationManagerAfterMethodInterceptor interceptor = AuthorizationManagerAfterMethodInterceptor - .postAuthorize(this.manager); + .postAuthorize(this.manager); interceptor.setSecurityContextHolderStrategy(this.securityContextHolderStrategy); return interceptor; } diff --git a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java index 1ca166e4ac..0190c47764 100644 --- a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java +++ b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java @@ -97,8 +97,7 @@ final class ProtectPointcutPostProcessor implements BeanPostProcessor { // supportedPrimitives.add(PointcutPrimitive.AT_ARGS); // supportedPrimitives.add(PointcutPrimitive.AT_TARGET); this.parser = PointcutParser - .getPointcutParserSupportingSpecifiedPrimitivesAndUsingContextClassloaderForResolution( - supportedPrimitives); + .getPointcutParserSupportingSpecifiedPrimitivesAndUsingContextClassloaderForResolution(supportedPrimitives); } @Override diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java index 0cc175d6c7..91a308f68b 100644 --- a/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java @@ -91,10 +91,11 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini Map> providers = getProviders(element, parserContext); List clientRegistrations = getClientRegistrations(element, parserContext, providers); BeanDefinition clientRegistrationRepositoryBean = BeanDefinitionBuilder - .rootBeanDefinition(InMemoryClientRegistrationRepository.class) - .addConstructorArgValue(clientRegistrations).getBeanDefinition(); + .rootBeanDefinition(InMemoryClientRegistrationRepository.class) + .addConstructorArgValue(clientRegistrations) + .getBeanDefinition(); String clientRegistrationRepositoryId = parserContext.getReaderContext() - .generateBeanName(clientRegistrationRepositoryBean); + .generateBeanName(clientRegistrationRepositoryBean); parserContext.registerBeanComponent( new BeanComponentDefinition(clientRegistrationRepositoryBean, clientRegistrationRepositoryId)); parserContext.popAndRegisterContainingComponent(); @@ -120,19 +121,22 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini } } getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_CLIENT_ID)) - .ifPresent(builder::clientId); + .ifPresent(builder::clientId); getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_CLIENT_SECRET)) - .ifPresent(builder::clientSecret); + .ifPresent(builder::clientSecret); getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_CLIENT_AUTHENTICATION_METHOD)) - .map(ClientAuthenticationMethod::new).ifPresent(builder::clientAuthenticationMethod); + .map(ClientAuthenticationMethod::new) + .ifPresent(builder::clientAuthenticationMethod); getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_AUTHORIZATION_GRANT_TYPE)) - .map(AuthorizationGrantType::new).ifPresent(builder::authorizationGrantType); + .map(AuthorizationGrantType::new) + .ifPresent(builder::authorizationGrantType); getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_REDIRECT_URI)) - .ifPresent(builder::redirectUri); + .ifPresent(builder::redirectUri); getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_SCOPE)) - .map(StringUtils::commaDelimitedListToSet).ifPresent(builder::scope); + .map(StringUtils::commaDelimitedListToSet) + .ifPresent(builder::scope); getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_CLIENT_NAME)) - .ifPresent(builder::clientName); + .ifPresent(builder::clientName); clientRegistrations.add(builder.build()); } return clientRegistrations; @@ -146,19 +150,19 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini String providerId = providerElt.getAttribute(ATT_PROVIDER_ID); provider.put(ATT_PROVIDER_ID, providerId); getOptionalIfNotEmpty(parserContext, providerElt.getAttribute(ATT_AUTHORIZATION_URI)) - .ifPresent((value) -> provider.put(ATT_AUTHORIZATION_URI, value)); + .ifPresent((value) -> provider.put(ATT_AUTHORIZATION_URI, value)); getOptionalIfNotEmpty(parserContext, providerElt.getAttribute(ATT_TOKEN_URI)) - .ifPresent((value) -> provider.put(ATT_TOKEN_URI, value)); + .ifPresent((value) -> provider.put(ATT_TOKEN_URI, value)); getOptionalIfNotEmpty(parserContext, providerElt.getAttribute(ATT_USER_INFO_URI)) - .ifPresent((value) -> provider.put(ATT_USER_INFO_URI, value)); + .ifPresent((value) -> provider.put(ATT_USER_INFO_URI, value)); getOptionalIfNotEmpty(parserContext, providerElt.getAttribute(ATT_USER_INFO_AUTHENTICATION_METHOD)) - .ifPresent((value) -> provider.put(ATT_USER_INFO_AUTHENTICATION_METHOD, value)); + .ifPresent((value) -> provider.put(ATT_USER_INFO_AUTHENTICATION_METHOD, value)); getOptionalIfNotEmpty(parserContext, providerElt.getAttribute(ATT_USER_INFO_USER_NAME_ATTRIBUTE)) - .ifPresent((value) -> provider.put(ATT_USER_INFO_USER_NAME_ATTRIBUTE, value)); + .ifPresent((value) -> provider.put(ATT_USER_INFO_USER_NAME_ATTRIBUTE, value)); getOptionalIfNotEmpty(parserContext, providerElt.getAttribute(ATT_JWK_SET_URI)) - .ifPresent((value) -> provider.put(ATT_JWK_SET_URI, value)); + .ifPresent((value) -> provider.put(ATT_JWK_SET_URI, value)); getOptionalIfNotEmpty(parserContext, providerElt.getAttribute(ATT_ISSUER_URI)) - .ifPresent((value) -> provider.put(ATT_ISSUER_URI, value)); + .ifPresent((value) -> provider.put(ATT_ISSUER_URI, value)); providers.put(providerId, provider); } return providers; @@ -172,7 +176,7 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini String issuer = provider.get(ATT_ISSUER_URI); if (!StringUtils.isEmpty(issuer)) { ClientRegistration.Builder builder = ClientRegistrations.fromIssuerLocation(issuer) - .registrationId(registrationId); + .registrationId(registrationId); return getBuilder(parserContext, builder, provider); } } @@ -200,16 +204,18 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini getOptionalIfNotEmpty(parserContext, provider.get(ATT_TOKEN_URI)).ifPresent(builder::tokenUri); getOptionalIfNotEmpty(parserContext, provider.get(ATT_USER_INFO_URI)).ifPresent(builder::userInfoUri); getOptionalIfNotEmpty(parserContext, provider.get(ATT_USER_INFO_AUTHENTICATION_METHOD)) - .map(AuthenticationMethod::new).ifPresent(builder::userInfoAuthenticationMethod); + .map(AuthenticationMethod::new) + .ifPresent(builder::userInfoAuthenticationMethod); getOptionalIfNotEmpty(parserContext, provider.get(ATT_JWK_SET_URI)).ifPresent(builder::jwkSetUri); getOptionalIfNotEmpty(parserContext, provider.get(ATT_USER_INFO_USER_NAME_ATTRIBUTE)) - .ifPresent(builder::userNameAttributeName); + .ifPresent(builder::userNameAttributeName); return builder; } private static Optional getOptionalIfNotEmpty(ParserContext parserContext, String str) { - return Optional.ofNullable(str).filter((s) -> !s.isEmpty()) - .map(parserContext.getReaderContext().getEnvironment()::resolvePlaceholders); + return Optional.ofNullable(str) + .filter((s) -> !s.isEmpty()) + .map(parserContext.getReaderContext().getEnvironment()::resolvePlaceholders); } private static CommonOAuth2Provider getCommonProvider(String providerId) { @@ -244,8 +250,10 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini private static String getCanonicalName(String name) { StringBuilder canonicalName = new StringBuilder(name.length()); - name.chars().filter(Character::isLetterOrDigit).map(Character::toLowerCase) - .forEach((c) -> canonicalName.append((char) c)); + name.chars() + .filter(Character::isLetterOrDigit) + .map(Character::toLowerCase) + .forEach((c) -> canonicalName.append((char) c)); return canonicalName.toString(); } diff --git a/config/src/main/java/org/springframework/security/config/saml2/RelyingPartyRegistrationsBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/saml2/RelyingPartyRegistrationsBeanDefinitionParser.java index 7026b7e238..5a06e2d314 100644 --- a/config/src/main/java/org/springframework/security/config/saml2/RelyingPartyRegistrationsBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/saml2/RelyingPartyRegistrationsBeanDefinitionParser.java @@ -105,10 +105,11 @@ public final class RelyingPartyRegistrationsBeanDefinitionParser implements Bean List relyingPartyRegistrations = getRelyingPartyRegistrations(element, assertingParties, parserContext); BeanDefinition relyingPartyRegistrationRepositoryBean = BeanDefinitionBuilder - .rootBeanDefinition(InMemoryRelyingPartyRegistrationRepository.class) - .addConstructorArgValue(relyingPartyRegistrations).getBeanDefinition(); + .rootBeanDefinition(InMemoryRelyingPartyRegistrationRepository.class) + .addConstructorArgValue(relyingPartyRegistrations) + .getBeanDefinition(); String relyingPartyRegistrationRepositoryId = parserContext.getReaderContext() - .generateBeanName(relyingPartyRegistrationRepositoryBean); + .generateBeanName(relyingPartyRegistrationRepositoryBean); parserContext.registerBeanComponent(new BeanComponentDefinition(relyingPartyRegistrationRepositoryBean, relyingPartyRegistrationRepositoryId)); parserContext.popAndRegisterContainingComponent(); @@ -128,7 +129,7 @@ public final class RelyingPartyRegistrationsBeanDefinitionParser implements Bean String signingAlgorithms = assertingPartyElt.getAttribute(ATT_SIGNING_ALGORITHMS); String singleLogoutServiceLocation = assertingPartyElt.getAttribute(ATT_SINGLE_LOGOUT_SERVICE_LOCATION); String singleLogoutServiceResponseLocation = assertingPartyElt - .getAttribute(ATT_SINGLE_LOGOUT_SERVICE_RESPONSE_LOCATION); + .getAttribute(ATT_SINGLE_LOGOUT_SERVICE_RESPONSE_LOCATION); String singleLogoutServiceBinding = assertingPartyElt.getAttribute(ATT_SINGLE_LOGOUT_SERVICE_BINDING); assertingParty.put(ATT_ASSERTING_PARTY_ID, assertingPartyId); assertingParty.put(ATT_ENTITY_ID, entityId); @@ -214,8 +215,8 @@ public final class RelyingPartyRegistrationsBeanDefinitionParser implements Bean } else { builder = RelyingPartyRegistration.withRegistrationId(registrationId) - .assertingPartyDetails((apBuilder) -> buildAssertingParty(relyingPartyRegistrationElt, - assertingParties, apBuilder, parserContext)); + .assertingPartyDetails((apBuilder) -> buildAssertingParty(relyingPartyRegistrationElt, assertingParties, + apBuilder, parserContext)); } addRemainingProperties(relyingPartyRegistrationElt, builder); return builder; @@ -225,12 +226,12 @@ public final class RelyingPartyRegistrationsBeanDefinitionParser implements Bean RelyingPartyRegistration.Builder builder) { String entityId = relyingPartyRegistrationElt.getAttribute(ATT_ENTITY_ID); String singleLogoutServiceLocation = relyingPartyRegistrationElt - .getAttribute(ATT_SINGLE_LOGOUT_SERVICE_LOCATION); + .getAttribute(ATT_SINGLE_LOGOUT_SERVICE_LOCATION); String singleLogoutServiceResponseLocation = relyingPartyRegistrationElt - .getAttribute(ATT_SINGLE_LOGOUT_SERVICE_RESPONSE_LOCATION); + .getAttribute(ATT_SINGLE_LOGOUT_SERVICE_RESPONSE_LOCATION); Saml2MessageBinding singleLogoutServiceBinding = getSingleLogoutServiceBinding(relyingPartyRegistrationElt); String assertionConsumerServiceLocation = relyingPartyRegistrationElt - .getAttribute(ATT_ASSERTION_CONSUMER_SERVICE_LOCATION); + .getAttribute(ATT_ASSERTION_CONSUMER_SERVICE_LOCATION); Saml2MessageBinding assertionConsumerServiceBinding = getAssertionConsumerServiceBinding( relyingPartyRegistrationElt); if (StringUtils.hasText(entityId)) { @@ -259,7 +260,7 @@ public final class RelyingPartyRegistrationsBeanDefinitionParser implements Bean if (!assertingParties.containsKey(assertingPartyId)) { Object source = parserContext.extractSource(relyingPartyElt); parserContext.getReaderContext() - .error(String.format("Could not find asserting party with id %s", assertingPartyId), source); + .error(String.format("Could not find asserting party with id %s", assertingPartyId), source); } Map assertingParty = assertingParties.get(assertingPartyId); String entityId = getAsString(assertingParty, ATT_ENTITY_ID); @@ -274,12 +275,13 @@ public final class RelyingPartyRegistrationsBeanDefinitionParser implements Bean String singleLogoutServiceBinding = getAsString(assertingParty, ATT_SINGLE_LOGOUT_SERVICE_BINDING); Saml2MessageBinding saml2LogoutMessageBinding = StringUtils.hasText(singleLogoutServiceBinding) ? Saml2MessageBinding.valueOf(singleLogoutServiceBinding) : Saml2MessageBinding.REDIRECT; - builder.entityId(entityId).wantAuthnRequestsSigned(Boolean.parseBoolean(wantAuthnRequestsSigned)) - .singleSignOnServiceLocation(singleSignOnServiceLocation) - .singleSignOnServiceBinding(saml2MessageBinding) - .singleLogoutServiceLocation(singleLogoutServiceLocation) - .singleLogoutServiceResponseLocation(singleLogoutServiceResponseLocation) - .singleLogoutServiceBinding(saml2LogoutMessageBinding); + builder.entityId(entityId) + .wantAuthnRequestsSigned(Boolean.parseBoolean(wantAuthnRequestsSigned)) + .singleSignOnServiceLocation(singleSignOnServiceLocation) + .singleSignOnServiceBinding(saml2MessageBinding) + .singleLogoutServiceLocation(singleLogoutServiceLocation) + .singleLogoutServiceResponseLocation(singleLogoutServiceResponseLocation) + .singleLogoutServiceBinding(saml2LogoutMessageBinding); addSigningAlgorithms(assertingParty, builder); addVerificationCredentials(assertingParty, builder); addEncryptionCredentials(assertingParty, builder); @@ -324,7 +326,7 @@ public final class RelyingPartyRegistrationsBeanDefinitionParser implements Bean private static Saml2MessageBinding getAssertionConsumerServiceBinding(Element relyingPartyRegistrationElt) { String assertionConsumerServiceBinding = relyingPartyRegistrationElt - .getAttribute(ATT_ASSERTION_CONSUMER_SERVICE_BINDING); + .getAttribute(ATT_ASSERTION_CONSUMER_SERVICE_BINDING); if (StringUtils.hasText(assertionConsumerServiceBinding)) { return Saml2MessageBinding.valueOf(assertionConsumerServiceBinding); } diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java index 5e72f7ea12..79410f57d9 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java @@ -1522,8 +1522,9 @@ public class ServerHttpSecurity { } ServerWebExchangeDelegatingServerAccessDeniedHandler result = new ServerWebExchangeDelegatingServerAccessDeniedHandler( this.defaultAccessDeniedHandlers); - result.setDefaultAccessDeniedHandler(this.defaultAccessDeniedHandlers - .get(this.defaultAccessDeniedHandlers.size() - 1).getAccessDeniedHandler()); + result.setDefaultAccessDeniedHandler( + this.defaultAccessDeniedHandlers.get(this.defaultAccessDeniedHandlers.size() - 1) + .getAccessDeniedHandler()); return result; } @@ -1599,7 +1600,7 @@ public class ServerHttpSecurity { private static final String REQUEST_MAPPING_HANDLER_MAPPING_BEAN_NAME = "requestMappingHandlerMapping"; private DelegatingReactiveAuthorizationManager.Builder managerBldr = DelegatingReactiveAuthorizationManager - .builder(); + .builder(); private ServerWebExchangeMatcher matcher; @@ -1747,7 +1748,7 @@ public class ServerHttpSecurity { */ public AuthorizeExchangeSpec access(ReactiveAuthorizationManager manager) { AuthorizeExchangeSpec.this.managerBldr - .add(new ServerWebExchangeMatcherEntry<>(AuthorizeExchangeSpec.this.matcher, manager)); + .add(new ServerWebExchangeMatcherEntry<>(AuthorizeExchangeSpec.this.matcher, manager)); AuthorizeExchangeSpec.this.matcher = null; return AuthorizeExchangeSpec.this; } @@ -1933,7 +1934,7 @@ public class ServerHttpSecurity { this.filter.setCsrfTokenRepository(this.csrfTokenRepository); if (ServerHttpSecurity.this.logout != null) { ServerHttpSecurity.this.logout - .addLogoutHandler(new CsrfServerLogoutHandler(this.csrfTokenRepository)); + .addLogoutHandler(new CsrfServerLogoutHandler(this.csrfTokenRepository)); } } http.addFilterAt(this.filter, SecurityWebFiltersOrder.CSRF); @@ -2047,9 +2048,9 @@ public class ServerHttpSecurity { public final class HttpBasicSpec { private final ServerWebExchangeMatcher xhrMatcher = (exchange) -> Mono.just(exchange.getRequest().getHeaders()) - .filter((h) -> h.getOrEmpty("X-Requested-With").contains("XMLHttpRequest")) - .flatMap((h) -> ServerWebExchangeMatcher.MatchResult.match()) - .switchIfEmpty(ServerWebExchangeMatcher.MatchResult.notMatch()); + .filter((h) -> h.getOrEmpty("X-Requested-With").contains("XMLHttpRequest")) + .flatMap((h) -> ServerWebExchangeMatcher.MatchResult.match()) + .switchIfEmpty(ServerWebExchangeMatcher.MatchResult.notMatch()); private ReactiveAuthenticationManager authenticationManager; @@ -2062,7 +2063,7 @@ public class ServerHttpSecurity { private HttpBasicSpec() { List entryPoints = new ArrayList<>(); entryPoints - .add(new DelegateEntry(this.xhrMatcher, new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED))); + .add(new DelegateEntry(this.xhrMatcher, new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED))); DelegatingServerAuthenticationEntryPoint defaultEntryPoint = new DelegatingServerAuthenticationEntryPoint( entryPoints); defaultEntryPoint.setDefaultEntryPoint(new HttpBasicServerAuthenticationEntryPoint()); @@ -3544,7 +3545,7 @@ public class ServerHttpSecurity { oauth2Manager.setAuthoritiesMapper(authoritiesMapper); } boolean oidcAuthenticationProviderEnabled = ClassUtils - .isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader()); + .isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader()); if (!oidcAuthenticationProviderEnabled) { return oauth2Manager; } @@ -3580,9 +3581,9 @@ public class ServerHttpSecurity { ServerOAuth2AuthorizationCodeAuthenticationTokenConverter delegate = new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter( clientRegistrationRepository); delegate.setAuthorizationRequestRepository(getAuthorizationRequestRepository()); - ServerAuthenticationConverter authenticationConverter = (exchange) -> delegate.convert(exchange).onErrorMap( - OAuth2AuthorizationException.class, - (e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString())); + ServerAuthenticationConverter authenticationConverter = (exchange) -> delegate.convert(exchange) + .onErrorMap(OAuth2AuthorizationException.class, + (e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString())); this.authenticationConverter = authenticationConverter; return authenticationConverter; } @@ -3683,7 +3684,7 @@ public class ServerHttpSecurity { authorizedClientRepository); authenticationFilter.setRequiresAuthenticationMatcher(getAuthenticationMatcher()); authenticationFilter - .setServerAuthenticationConverter(getAuthenticationConverter(clientRegistrationRepository)); + .setServerAuthenticationConverter(getAuthenticationConverter(clientRegistrationRepository)); authenticationFilter.setAuthenticationSuccessHandler(getAuthenticationSuccessHandler(http)); authenticationFilter.setAuthenticationFailureHandler(getAuthenticationFailureHandler()); authenticationFilter.setSecurityContextRepository(this.securityContextRepository); @@ -4215,9 +4216,9 @@ public class ServerHttpSecurity { private void registerDefaultAccessDeniedHandler(ServerHttpSecurity http) { if (http.exceptionHandling != null) { http.defaultAccessDeniedHandlers - .add(new ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry( - this.authenticationConverterServerWebExchangeMatcher, - OAuth2ResourceServerSpec.this.accessDeniedHandler)); + .add(new ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry( + this.authenticationConverterServerWebExchangeMatcher, + OAuth2ResourceServerSpec.this.accessDeniedHandler)); } } diff --git a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java index 830bb87f9b..c46c4078b8 100644 --- a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java @@ -173,7 +173,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements XmlReaderContext context = parserContext.getReaderContext(); String mdsId = createAuthorizationManager(element, parserContext); BeanDefinitionBuilder inboundChannelSecurityInterceptor = BeanDefinitionBuilder - .rootBeanDefinition(AuthorizationChannelInterceptor.class); + .rootBeanDefinition(AuthorizationChannelInterceptor.class); inboundChannelSecurityInterceptor.addConstructorArgReference(mdsId); String holderStrategyRef = element.getAttribute(SECURITY_CONTEXT_HOLDER_STRATEGY_REF_ATTR); if (StringUtils.hasText(holderStrategyRef)) { @@ -181,8 +181,9 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements new RuntimeBeanReference(holderStrategyRef)); } else { - inboundChannelSecurityInterceptor.addPropertyValue("securityContextHolderStrategy", BeanDefinitionBuilder - .rootBeanDefinition(SecurityContextHolderStrategyFactory.class).getBeanDefinition()); + inboundChannelSecurityInterceptor.addPropertyValue("securityContextHolderStrategy", + BeanDefinitionBuilder.rootBeanDefinition(SecurityContextHolderStrategyFactory.class) + .getBeanDefinition()); } return context.registerWithGeneratedName(inboundChannelSecurityInterceptor.getBeanDefinition()); @@ -204,7 +205,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements String messageType = interceptMessage.getAttribute(TYPE_ATTR); BeanDefinition matcher = createMatcher(matcherPattern, messageType, parserContext, interceptMessage); BeanDefinitionBuilder authorizationManager = BeanDefinitionBuilder - .rootBeanDefinition(ExpressionBasedAuthorizationManager.class); + .rootBeanDefinition(ExpressionBasedAuthorizationManager.class); if (StringUtils.hasText(expressionHandlerRef)) { authorizationManager.addConstructorArgReference(expressionHandlerRef); } @@ -212,7 +213,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements matcherToExpression.put(matcher, authorizationManager.getBeanDefinition()); } BeanDefinitionBuilder mds = BeanDefinitionBuilder - .rootBeanDefinition(MessageMatcherDelegatingAuthorizationManagerFactory.class); + .rootBeanDefinition(MessageMatcherDelegatingAuthorizationManagerFactory.class); mds.setFactoryMethod("createMessageMatcherDelegatingAuthorizationManager"); mds.addConstructorArgValue(matcherToExpression); return context.registerWithGeneratedName(mds.getBeanDefinition()); @@ -234,7 +235,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements matcherToExpression.put(matcher, accessExpression); } BeanDefinitionBuilder mds = BeanDefinitionBuilder - .rootBeanDefinition(ExpressionBasedMessageSecurityMetadataSourceFactory.class); + .rootBeanDefinition(ExpressionBasedMessageSecurityMetadataSourceFactory.class); mds.setFactoryMethod("createExpressionMessageMetadataSource"); mds.addConstructorArgValue(matcherToExpression); if (expressionHandlerDefined) { @@ -243,7 +244,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements String mdsId = context.registerWithGeneratedName(mds.getBeanDefinition()); ManagedList voters = new ManagedList<>(); BeanDefinitionBuilder messageExpressionVoterBldr = BeanDefinitionBuilder - .rootBeanDefinition(MessageExpressionVoter.class); + .rootBeanDefinition(MessageExpressionVoter.class); if (expressionHandlerDefined) { messageExpressionVoterBldr.addPropertyReference("expressionHandler", expressionHandlerRef); } @@ -251,7 +252,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements BeanDefinitionBuilder adm = BeanDefinitionBuilder.rootBeanDefinition(ConsensusBased.class); adm.addConstructorArgValue(voters); BeanDefinitionBuilder inboundChannelSecurityInterceptor = BeanDefinitionBuilder - .rootBeanDefinition(ChannelSecurityInterceptor.class); + .rootBeanDefinition(ChannelSecurityInterceptor.class); inboundChannelSecurityInterceptor.addConstructorArgValue(registry.getBeanDefinition(mdsId)); inboundChannelSecurityInterceptor.addPropertyValue("accessDecisionManager", adm.getBeanDefinition()); return context.registerWithGeneratedName(inboundChannelSecurityInterceptor.getBeanDefinition()); @@ -276,8 +277,9 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements factoryName = "createSubscribeMatcher"; } else { - parserContext.getReaderContext().error("Cannot use intercept-websocket@message-type=" + messageType - + " with a pattern because the type does not have a destination.", interceptMessage); + parserContext.getReaderContext() + .error("Cannot use intercept-websocket@message-type=" + messageType + + " with a pattern because the type does not have a destination.", interceptMessage); } } BeanDefinitionBuilder matcher = BeanDefinitionBuilder.rootBeanDefinition(SimpDestinationMessageMatcher.class); @@ -333,15 +335,15 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements } } else if ("org.springframework.web.socket.server.support.WebSocketHttpRequestHandler" - .equals(beanClassName)) { + .equals(beanClassName)) { addCsrfTokenHandshakeInterceptor(bd); } else if ("org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsService" - .equals(beanClassName)) { + .equals(beanClassName)) { addCsrfTokenHandshakeInterceptor(bd); } else if ("org.springframework.web.socket.sockjs.transport.handler.DefaultSockJsService" - .equals(beanClassName)) { + .equals(beanClassName)) { addCsrfTokenHandshakeInterceptor(bd); } } @@ -356,7 +358,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements interceptors.add(registry.getBeanDefinition(this.inboundSecurityInterceptorId)); BeanDefinition inboundChannel = registry.getBeanDefinition(CLIENT_INBOUND_CHANNEL_BEAN_ID); PropertyValue currentInterceptorsPv = inboundChannel.getPropertyValues() - .getPropertyValue(INTERCEPTORS_PROP); + .getPropertyValue(INTERCEPTORS_PROP); if (currentInterceptorsPv != null) { ManagedList currentInterceptors = (ManagedList) currentInterceptorsPv.getValue(); interceptors.addAll(currentInterceptors); @@ -464,9 +466,9 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements private static AuthorizationManager> createMessageMatcherDelegatingAuthorizationManager( Map, AuthorizationManager>> beans) { MessageMatcherDelegatingAuthorizationManager.Builder builder = MessageMatcherDelegatingAuthorizationManager - .builder(); + .builder(); for (Map.Entry, AuthorizationManager>> entry : beans - .entrySet()) { + .entrySet()) { builder.matchers(entry.getKey()).access(entry.getValue()); } return builder.anyMessage().permitAll().build(); diff --git a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java index edd33b4b10..6d0f47501f 100644 --- a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java @@ -115,7 +115,7 @@ public class FilterChainProxyConfigTests { assertThat(getPattern(chains.get(0))).isEqualTo("/login*"); assertThat(getPattern(chains.get(1))).isEqualTo("/logout"); assertThat(((DefaultSecurityFilterChain) chains.get(2)).getRequestMatcher() instanceof AnyRequestMatcher) - .isTrue(); + .isTrue(); } private String getPattern(SecurityFilterChain chain) { diff --git a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java index ba8313406f..542356c89d 100644 --- a/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/InvalidConfigurationTests.java @@ -50,25 +50,26 @@ public class InvalidConfigurationTests { @Test public void passwordEncoderCannotAppearAtTopLevel() { assertThatExceptionOfType(XmlBeanDefinitionStoreException.class) - .isThrownBy(() -> setContext("")); + .isThrownBy(() -> setContext("")); } @Test public void authenticationProviderCannotAppearAtTopLevel() { assertThatExceptionOfType(XmlBeanDefinitionStoreException.class) - .isThrownBy(() -> setContext("")); + .isThrownBy(() -> setContext("")); } @Test public void missingAuthenticationManagerGivesSensibleErrorMessage() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> setContext("")).satisfies((ex) -> { - Throwable cause = ultimateCause(ex); - assertThat(cause).isInstanceOf(NoSuchBeanDefinitionException.class); - NoSuchBeanDefinitionException nsbe = (NoSuchBeanDefinitionException) cause; - assertThat(nsbe.getBeanName()).isEqualTo(BeanIds.AUTHENTICATION_MANAGER); - assertThat(nsbe.getMessage()).endsWith(AuthenticationManagerFactoryBean.MISSING_BEAN_ERROR_MESSAGE); - }); + .isThrownBy(() -> setContext("")) + .satisfies((ex) -> { + Throwable cause = ultimateCause(ex); + assertThat(cause).isInstanceOf(NoSuchBeanDefinitionException.class); + NoSuchBeanDefinitionException nsbe = (NoSuchBeanDefinitionException) cause; + assertThat(nsbe.getBeanName()).isEqualTo(BeanIds.AUTHENTICATION_MANAGER); + assertThat(nsbe.getMessage()).endsWith(AuthenticationManagerFactoryBean.MISSING_BEAN_ERROR_MESSAGE); + }); } private Throwable ultimateCause(Throwable ex) { diff --git a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java index 46a4aaa010..ff195a85db 100644 --- a/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java +++ b/config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java @@ -74,10 +74,10 @@ public class SecurityNamespaceHandlerTests { @Test public void pre32SchemaAreNotSupported() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> new InMemoryXmlApplicationContext( - "", - "3.0.3", null)) - .withMessageContaining("You cannot use a spring-security-2.0.xsd"); + .isThrownBy(() -> new InMemoryXmlApplicationContext( + "", + "3.0.3", null)) + .withMessageContaining("You cannot use a spring-security-2.0.xsd"); } // SEC-1868 @@ -97,8 +97,8 @@ public class SecurityNamespaceHandlerTests { String className = "javax.servlet.Filter"; expectClassUtilsForNameThrowsNoClassDefFoundError(className); assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER + XML_HTTP_BLOCK)) - .withMessageContaining("NoClassDefFoundError: " + className); + .isThrownBy(() -> new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER + XML_HTTP_BLOCK)) + .withMessageContaining("NoClassDefFoundError: " + className); } @Test @@ -114,8 +114,8 @@ public class SecurityNamespaceHandlerTests { String className = FILTER_CHAIN_PROXY_CLASSNAME; expectClassUtilsForNameThrowsClassNotFoundException(className); assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER + XML_HTTP_BLOCK)) - .withMessageContaining("ClassNotFoundException: " + className); + .isThrownBy(() -> new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER + XML_HTTP_BLOCK)) + .withMessageContaining("ClassNotFoundException: " + className); } @Test @@ -137,18 +137,18 @@ public class SecurityNamespaceHandlerTests { @Test public void configureWhenOldVersionThenErrorMessageContainsCorrectVersion() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER, "3.0", null)) - .withMessageContaining(SpringSecurityVersions.getCurrentXsdVersionFromSpringSchemas()); + .isThrownBy(() -> new InMemoryXmlApplicationContext(XML_AUTHENTICATION_MANAGER, "3.0", null)) + .withMessageContaining(SpringSecurityVersions.getCurrentXsdVersionFromSpringSchemas()); } private void expectClassUtilsForNameThrowsNoClassDefFoundError(String className) { this.classUtils.when(() -> ClassUtils.forName(eq(FILTER_CHAIN_PROXY_CLASSNAME), any())) - .thenThrow(new NoClassDefFoundError(className)); + .thenThrow(new NoClassDefFoundError(className)); } private void expectClassUtilsForNameThrowsClassNotFoundException(String className) { this.classUtils.when(() -> ClassUtils.forName(eq(FILTER_CHAIN_PROXY_CLASSNAME), any())) - .thenThrow(new ClassNotFoundException(className)); + .thenThrow(new ClassNotFoundException(className)); } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java index 888188f961..84411b8503 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/SecurityConfigurerAdapterTests.java @@ -37,7 +37,7 @@ public class SecurityConfigurerAdapterTests { this.adapter.addObjectPostProcessor(new OrderedObjectPostProcessor(Ordered.LOWEST_PRECEDENCE)); this.adapter.addObjectPostProcessor(new OrderedObjectPostProcessor(Ordered.HIGHEST_PRECEDENCE)); assertThat(this.adapter.postProcess("hi")) - .isEqualTo("hi " + Ordered.HIGHEST_PRECEDENCE + " " + Ordered.LOWEST_PRECEDENCE); + .isEqualTo("hi " + Ordered.HIGHEST_PRECEDENCE + " " + Ordered.LOWEST_PRECEDENCE); } static class OrderedObjectPostProcessor implements ObjectPostProcessor, Ordered { diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java index 1565ea5c90..6541e4334d 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java @@ -92,19 +92,22 @@ public class AuthenticationManagerBuilderTests { AuthenticationEventPublisher aep = mock(AuthenticationEventPublisher.class); given(opp.postProcess(any())).willAnswer((a) -> a.getArgument(0)); AuthenticationManager am = new AuthenticationManagerBuilder(opp).authenticationEventPublisher(aep) - .inMemoryAuthentication().and().build(); - assertThatExceptionOfType(AuthenticationException.class).isThrownBy( - () -> am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"))); + .inMemoryAuthentication() + .and() + .build(); + assertThatExceptionOfType(AuthenticationException.class) + .isThrownBy(() -> am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"))); verify(aep).publishAuthenticationFailure(any(), any()); } @Test public void getAuthenticationManagerWhenGlobalPasswordEncoderBeanThenUsed() throws Exception { this.spring.register(PasswordEncoderGlobalConfig.class).autowire(); - AuthenticationManager manager = this.spring.getContext().getBean(AuthenticationConfiguration.class) - .getAuthenticationManager(); + AuthenticationManager manager = this.spring.getContext() + .getBean(AuthenticationConfiguration.class) + .getAuthenticationManager(); Authentication auth = manager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); assertThat(auth.getName()).isEqualTo("user"); assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER"); } @@ -112,10 +115,11 @@ public class AuthenticationManagerBuilderTests { @Test public void getAuthenticationManagerWhenProtectedPasswordEncoderBeanThenUsed() throws Exception { this.spring.register(PasswordEncoderGlobalConfig.class).autowire(); - AuthenticationManager manager = this.spring.getContext().getBean(AuthenticationConfiguration.class) - .getAuthenticationManager(); + AuthenticationManager manager = this.spring.getContext() + .getBean(AuthenticationConfiguration.class) + .getAuthenticationManager(); Authentication auth = manager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); assertThat(auth.getName()).isEqualTo("user"); assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER"); } @@ -124,10 +128,10 @@ public class AuthenticationManagerBuilderTests { public void authenticationManagerWhenMultipleProvidersThenWorks() throws Exception { this.spring.register(MultiAuthenticationProvidersConfig.class).autowire(); SecurityMockMvcResultMatchers.AuthenticatedMatcher user = authenticated().withUsername("user") - .withRoles("USER"); + .withRoles("USER"); this.mockMvc.perform(formLogin()).andExpect(user); SecurityMockMvcResultMatchers.AuthenticatedMatcher admin = authenticated().withUsername("admin") - .withRoles("USER", "ADMIN"); + .withRoles("USER", "ADMIN"); this.mockMvc.perform(formLogin().user("admin")).andExpect(admin); } @@ -162,7 +166,7 @@ public class AuthenticationManagerBuilderTests { public void buildWhenUserFromProperties() throws Exception { this.spring.register(UserFromPropertiesConfig.class).autowire(); this.mockMvc.perform(formLogin().user("joe", "joespassword")) - .andExpect(authenticated().withUsername("joe").withRoles("USER")); + .andExpect(authenticated().withUsername("joe").withRoles("USER")); } @EnableWebSecurity diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java index 04986acee0..357a28c11a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java @@ -48,7 +48,7 @@ public class NamespaceAuthenticationManagerTests { public void authenticationMangerWhenDefaultThenEraseCredentialsIsTrue() throws Exception { this.spring.register(EraseCredentialsTrueDefaultConfig.class).autowire(); SecurityMockMvcResultMatchers.AuthenticatedMatcher nullCredentials = authenticated() - .withAuthentication((a) -> assertThat(a.getCredentials()).isNull()); + .withAuthentication((a) -> assertThat(a.getCredentials()).isNull()); this.mockMvc.perform(formLogin()).andExpect(nullCredentials); this.mockMvc.perform(formLogin()).andExpect(nullCredentials); // no exception due to username being cleared out @@ -58,7 +58,7 @@ public class NamespaceAuthenticationManagerTests { public void authenticationMangerWhenEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception { this.spring.register(EraseCredentialsFalseConfig.class).autowire(); SecurityMockMvcResultMatchers.AuthenticatedMatcher notNullCredentials = authenticated() - .withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull()); + .withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull()); this.mockMvc.perform(formLogin()).andExpect(notNullCredentials); this.mockMvc.perform(formLogin()).andExpect(notNullCredentials); // no exception due to username being cleared out @@ -69,7 +69,7 @@ public class NamespaceAuthenticationManagerTests { public void authenticationManagerWhenGlobalAndEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception { this.spring.register(GlobalEraseCredentialsFalseConfig.class).autowire(); SecurityMockMvcResultMatchers.AuthenticatedMatcher notNullCredentials = authenticated() - .withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull()); + .withAuthentication((a) -> assertThat(a.getCredentials()).isNotNull()); this.mockMvc.perform(formLogin()).andExpect(notNullCredentials); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java index 1940bf567d..e5f88984a0 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.java @@ -151,8 +151,8 @@ public class NamespaceJdbcUserServiceTests { @Bean DataSource dataSource() { EmbeddedDatabaseBuilder builder = new EmbeddedDatabaseBuilder() - // simulate that the DB already has the schema loaded and users in it - .addScript("CustomJdbcUserServiceSampleConfig.sql"); + // simulate that the DB already has the schema loaded and users in it + .addScript("CustomJdbcUserServiceSampleConfig.sql"); return builder.setType(EmbeddedDatabaseType.HSQL).build(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java index fc0931cf96..d4e172ebf7 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationPublishTests.java @@ -48,7 +48,7 @@ public class AuthenticationConfigurationPublishTests { @Test public void authenticationEventPublisherBeanUsedByDefault() { this.authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); assertThat(this.listener.getEvents()).hasSize(1); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java index ffaab17e87..53f9a00318 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java @@ -91,28 +91,34 @@ public class AuthenticationConfigurationTests { @Test public void orderingAutowiredOnEnableGlobalMethodSecurity() { - this.spring.register(AuthenticationTestConfiguration.class, GlobalMethodSecurityAutowiredConfig.class, - ServicesConfig.class).autowire(); + this.spring + .register(AuthenticationTestConfiguration.class, GlobalMethodSecurityAutowiredConfig.class, + ServicesConfig.class) + .autowire(); SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); this.service.run(); } @Test public void orderingAutowiredOnEnableWebSecurity() { - this.spring.register(AuthenticationTestConfiguration.class, WebSecurityConfig.class, - GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire(); + this.spring + .register(AuthenticationTestConfiguration.class, WebSecurityConfig.class, + GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class) + .autowire(); SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); this.service.run(); } @Test public void orderingAutowiredOnEnableWebMvcSecurity() { - this.spring.register(AuthenticationTestConfiguration.class, WebMvcSecurityConfig.class, - GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire(); + this.spring + .register(AuthenticationTestConfiguration.class, WebMvcSecurityConfig.class, + GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class) + .autowire(); SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); this.service.run(); } @@ -120,25 +126,30 @@ public class AuthenticationConfigurationTests { public void getAuthenticationManagerWhenNoAuthenticationThenNull() throws Exception { this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire(); assertThat(this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager()) - .isNull(); + .isNull(); } @Test public void getAuthenticationManagerWhenNoOpGlobalAuthenticationConfigurerAdapterThenNull() throws Exception { - this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, - NoOpGlobalAuthenticationConfigurerAdapter.class).autowire(); + this.spring + .register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, + NoOpGlobalAuthenticationConfigurerAdapter.class) + .autowire(); assertThat(this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager()) - .isNull(); + .isNull(); } @Test public void getAuthenticationWhenGlobalAuthenticationConfigurerAdapterThenAuthenticates() throws Exception { UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.unauthenticated("user", "password"); - this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, - UserGlobalAuthenticationConfigurerAdapter.class).autowire(); - AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class) - .getAuthenticationManager(); + this.spring + .register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, + UserGlobalAuthenticationConfigurerAdapter.class) + .autowire(); + AuthenticationManager authentication = this.spring.getContext() + .getBean(AuthenticationConfiguration.class) + .getAuthenticationManager(); assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName()); } @@ -146,18 +157,23 @@ public class AuthenticationConfigurationTests { public void getAuthenticationWhenAuthenticationManagerBeanThenAuthenticates() throws Exception { UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.unauthenticated("user", "password"); - this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, - AuthenticationManagerBeanConfig.class).autowire(); - AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class) - .getAuthenticationManager(); + this.spring + .register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, + AuthenticationManagerBeanConfig.class) + .autowire(); + AuthenticationManager authentication = this.spring.getContext() + .getBean(AuthenticationConfiguration.class) + .getAuthenticationManager(); given(authentication.authenticate(token)).willReturn(TestAuthentication.authenticatedUser()); assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName()); } @Test public void getAuthenticationWhenMultipleThenOrdered() throws Exception { - this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, - AuthenticationManagerBeanConfig.class).autowire(); + this.spring + .register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, + AuthenticationManagerBeanConfig.class) + .autowire(); AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class); config.setGlobalAuthenticationConfigurers(Arrays.asList(new LowestOrderGlobalAuthenticationConfigurerAdapter(), new HighestOrderGlobalAuthenticationConfigurerAdapter(), @@ -173,7 +189,7 @@ public class AuthenticationConfigurationTests { AuthenticationManager authenticationManager = config.getAuthenticationManager(); authenticationManager.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("boot", "password"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("boot", "password"))); } @Test @@ -209,12 +225,13 @@ public class AuthenticationConfigurationTests { throws Exception { this.spring.register(UserDetailsServiceBeanConfig.class).autowire(); UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class); - AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class) - .getAuthenticationManager(); + AuthenticationManager am = this.spring.getContext() + .getBean(AuthenticationConfiguration.class) + .getAuthenticationManager(); given(uds.loadUserByUsername("user")).willReturn(PasswordEncodedUser.user(), PasswordEncodedUser.user()); am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); - assertThatExceptionOfType(AuthenticationException.class).isThrownBy( - () -> am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "invalid"))); + assertThatExceptionOfType(AuthenticationException.class) + .isThrownBy(() -> am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "invalid"))); } @Test @@ -223,13 +240,14 @@ public class AuthenticationConfigurationTests { AuthorityUtils.createAuthorityList("ROLE_USER")); this.spring.register(UserDetailsServiceBeanWithPasswordEncoderConfig.class).autowire(); UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class); - AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class) - .getAuthenticationManager(); + AuthenticationManager am = this.spring.getContext() + .getBean(AuthenticationConfiguration.class) + .getAuthenticationManager(); given(uds.loadUserByUsername("user")).willReturn(User.withUserDetails(user).build(), User.withUserDetails(user).build()); am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); - assertThatExceptionOfType(AuthenticationException.class).isThrownBy( - () -> am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "invalid"))); + assertThatExceptionOfType(AuthenticationException.class) + .isThrownBy(() -> am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "invalid"))); } @Test @@ -237,9 +255,10 @@ public class AuthenticationConfigurationTests { UserDetails user = new User("user", "{noop}password", AuthorityUtils.createAuthorityList("ROLE_USER")); this.spring.register(UserDetailsPasswordManagerBeanConfig.class).autowire(); UserDetailsPasswordManagerBeanConfig.Manager manager = this.spring.getContext() - .getBean(UserDetailsPasswordManagerBeanConfig.Manager.class); - AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class) - .getAuthenticationManager(); + .getBean(UserDetailsPasswordManagerBeanConfig.Manager.class); + AuthenticationManager am = this.spring.getContext() + .getBean(AuthenticationConfiguration.class) + .getAuthenticationManager(); given(manager.loadUserByUsername("user")).willReturn(User.withUserDetails(user).build(), User.withUserDetails(user).build()); given(manager.updatePassword(any(), any())).willReturn(user); @@ -252,8 +271,9 @@ public class AuthenticationConfigurationTests { throws Exception { this.spring.register(AuthenticationProviderBeanAndUserDetailsServiceConfig.class).autowire(); AuthenticationProvider ap = this.spring.getContext().getBean(AuthenticationProvider.class); - AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class) - .getAuthenticationManager(); + AuthenticationManager am = this.spring.getContext() + .getBean(AuthenticationConfiguration.class) + .getAuthenticationManager(); given(ap.supports(any())).willReturn(true); given(ap.authenticate(any())).willReturn(TestAuthentication.authenticatedUser()); am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); @@ -264,8 +284,9 @@ public class AuthenticationConfigurationTests { public void getAuthenticationWhenAuthenticationProviderBeanThenUsed() throws Exception { this.spring.register(AuthenticationProviderBeanConfig.class).autowire(); AuthenticationProvider ap = this.spring.getContext().getBean(AuthenticationProvider.class); - AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class) - .getAuthenticationManager(); + AuthenticationManager am = this.spring.getContext() + .getBean(AuthenticationConfiguration.class) + .getAuthenticationManager(); given(ap.supports(any())).willReturn(true); given(ap.authenticate(any())).willReturn(TestAuthentication.authenticatedUser()); am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); @@ -274,14 +295,16 @@ public class AuthenticationConfigurationTests { @Test public void enableGlobalMethodSecurityWhenPreAuthorizeThenNoException() { this.spring.register(UsesPreAuthorizeMethodSecurityConfig.class, AuthenticationManagerBeanConfig.class) - .autowire(); + .autowire(); // no exception } @Test public void enableGlobalMethodSecurityWhenPreAuthorizeThenUsesMethodSecurityService() { - this.spring.register(ServicesConfig.class, UsesPreAuthorizeMethodSecurityConfig.class, - AuthenticationManagerBeanConfig.class).autowire(); + this.spring + .register(ServicesConfig.class, UsesPreAuthorizeMethodSecurityConfig.class, + AuthenticationManagerBeanConfig.class) + .autowire(); // no exception } @@ -304,22 +327,24 @@ public class AuthenticationConfigurationTests { public void configureWhenDefaultsThenDefaultAuthenticationEventPublisher() { this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire(); AuthenticationManagerBuilder authenticationManagerBuilder = this.spring.getContext() - .getBean(AuthenticationManagerBuilder.class); + .getBean(AuthenticationManagerBuilder.class); AuthenticationEventPublisher eventPublisher = (AuthenticationEventPublisher) ReflectionTestUtils - .getField(authenticationManagerBuilder, "eventPublisher"); + .getField(authenticationManagerBuilder, "eventPublisher"); assertThat(eventPublisher).isInstanceOf(DefaultAuthenticationEventPublisher.class); } @Test public void configureWhenCustomAuthenticationEventPublisherThenCustomAuthenticationEventPublisher() { - this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, - CustomAuthenticationEventPublisherConfig.class).autowire(); + this.spring + .register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, + CustomAuthenticationEventPublisherConfig.class) + .autowire(); AuthenticationManagerBuilder authenticationManagerBuilder = this.spring.getContext() - .getBean(AuthenticationManagerBuilder.class); + .getBean(AuthenticationManagerBuilder.class); AuthenticationEventPublisher eventPublisher = (AuthenticationEventPublisher) ReflectionTestUtils - .getField(authenticationManagerBuilder, "eventPublisher"); + .getField(authenticationManagerBuilder, "eventPublisher"); assertThat(eventPublisher) - .isInstanceOf(CustomAuthenticationEventPublisherConfig.MyAuthenticationEventPublisher.class); + .isInstanceOf(CustomAuthenticationEventPublisherConfig.MyAuthenticationEventPublisher.class); } @EnableGlobalMethodSecurity(securedEnabled = true) diff --git a/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java b/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java index 668f45f212..f22ead2a13 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/issue50/Issue50Tests.java @@ -58,7 +58,7 @@ public class Issue50Tests { @BeforeEach public void setup() { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("test", null, "ROLE_ADMIN")); + .setAuthentication(new TestingAuthenticationToken("test", null, "ROLE_ADMIN")); } @AfterEach @@ -75,21 +75,21 @@ public class Issue50Tests { @Test public void authenticateWhenMissingUserThenUsernameNotFoundException() { assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> this.authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("test", "password"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("test", "password"))); } @Test public void authenticateWhenInvalidPasswordThenBadCredentialsException() { this.userRepo.save(User.withUsernameAndPassword("test", "password")); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("test", "invalid"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("test", "invalid"))); } @Test public void authenticateWhenValidUserThenAuthenticates() { this.userRepo.save(User.withUsernameAndPassword("test", "password")); Authentication result = this.authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("test", "password")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("test", "password")); assertThat(result.getName()).isEqualTo("test"); } @@ -98,7 +98,7 @@ public class Issue50Tests { SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("test", null, "ROLE_USER")); this.userRepo.save(User.withUsernameAndPassword("denied", "password")); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("test", "password"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("test", "password"))); } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableAuthorizationManagerReactiveMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableAuthorizationManagerReactiveMethodSecurityTests.java index 4db37b61f6..c7a1c79435 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableAuthorizationManagerReactiveMethodSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableAuthorizationManagerReactiveMethodSecurityTests.java @@ -58,10 +58,10 @@ public class EnableAuthorizationManagerReactiveMethodSecurityTests { TestPublisher result = TestPublisher.create(); Context withAdmin = ReactiveSecurityContextHolder - .withAuthentication(new TestingAuthenticationToken("admin", "password", "ROLE_USER", "ROLE_ADMIN")); + .withAuthentication(new TestingAuthenticationToken("admin", "password", "ROLE_USER", "ROLE_ADMIN")); Context withUser = ReactiveSecurityContextHolder - .withAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .withAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); @AfterEach public void cleanup() { @@ -76,10 +76,10 @@ public class EnableAuthorizationManagerReactiveMethodSecurityTests { @Test public void notPublisherPreAuthorizeFindByIdThenThrowsIllegalStateException() { assertThatIllegalStateException().isThrownBy(() -> this.messageService.notPublisherPreAuthorizeFindById(1L)) - .withMessage("The returnType class java.lang.String on public abstract java.lang.String " - + "org.springframework.security.config.annotation.method.configuration.ReactiveMessageService" - + ".notPublisherPreAuthorizeFindById(long) must return an instance of org.reactivestreams" - + ".Publisher (for example, a Mono or Flux) in order to support Reactor Context"); + .withMessage("The returnType class java.lang.String on public abstract java.lang.String " + + "org.springframework.security.config.annotation.method.configuration.ReactiveMessageService" + + ".notPublisherPreAuthorizeFindById(long) must return an instance of org.reactivestreams" + + ".Publisher (for example, a Mono or Flux) in order to support Reactor Context"); } @Test @@ -152,7 +152,7 @@ public class EnableAuthorizationManagerReactiveMethodSecurityTests { public void monoPreAuthorizeBeanReactiveExpressionWhenGrantedThenSuccess() { given(this.delegate.monoPreAuthorizeBeanFindByIdReactiveExpression(2L)).willReturn(Mono.just("result")); Mono findById = this.messageService.monoPreAuthorizeBeanFindByIdReactiveExpression(2L) - .contextWrite(this.withAdmin); + .contextWrite(this.withAdmin); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -175,7 +175,7 @@ public class EnableAuthorizationManagerReactiveMethodSecurityTests { public void monoPreAuthorizeBeanReactiveExpressionWhenNotAuthorizedThenDenied() { given(this.delegate.monoPreAuthorizeBeanFindByIdReactiveExpression(1L)).willReturn(Mono.from(this.result)); Mono findById = this.messageService.monoPreAuthorizeBeanFindByIdReactiveExpression(1L) - .contextWrite(this.withUser); + .contextWrite(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); this.result.assertNoSubscribers(); } @@ -320,29 +320,29 @@ public class EnableAuthorizationManagerReactiveMethodSecurityTests { @Test public void fluxManyAnnotationsWhenMeetsConditionsThenReturnsFilteredFlux() { Flux flux = this.messageService.fluxManyAnnotations(Flux.just("harold", "jonathan", "pete", "bo")) - .contextWrite(this.withAdmin); + .contextWrite(this.withAdmin); StepVerifier.create(flux).expectNext("harold", "jonathan").verifyComplete(); } @Test public void fluxManyAnnotationsWhenUserThenFails() { Flux flux = this.messageService.fluxManyAnnotations(Flux.just("harold", "jonathan", "pete", "bo")) - .contextWrite(this.withUser); + .contextWrite(this.withUser); StepVerifier.create(flux).expectError(AccessDeniedException.class).verify(); } @Test public void fluxManyAnnotationsWhenNameNotAllowedThenFails() { Flux flux = this.messageService - .fluxManyAnnotations(Flux.just("harold", "jonathan", "michael", "pete", "bo")) - .contextWrite(this.withAdmin); + .fluxManyAnnotations(Flux.just("harold", "jonathan", "michael", "pete", "bo")) + .contextWrite(this.withAdmin); StepVerifier.create(flux).expectNext("harold", "jonathan").expectError(AccessDeniedException.class).verify(); } @Test public void fluxPostFilterWhenFilteringThenWorks() { Flux flux = this.messageService.fluxPostFilter(Flux.just("harold", "jonathan", "michael", "pete", "bo")) - .contextWrite(this.withAdmin); + .contextWrite(this.withAdmin); StepVerifier.create(flux).expectNext("harold", "jonathan", "michael").verifyComplete(); } @@ -364,7 +364,7 @@ public class EnableAuthorizationManagerReactiveMethodSecurityTests { public void publisherPreAuthorizeHasRoleWhenGrantedThenSuccess() { given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(publisherJust("result")); Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L)) - .contextWrite(this.withAdmin); + .contextWrite(this.withAdmin); StepVerifier.create(findById).consumeNextWith((s) -> assertThat(s).isEqualTo("result")).verifyComplete(); } @@ -380,7 +380,7 @@ public class EnableAuthorizationManagerReactiveMethodSecurityTests { public void publisherPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() { given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(this.result); Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L)) - .contextWrite(this.withUser); + .contextWrite(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); this.result.assertNoSubscribers(); } @@ -389,7 +389,7 @@ public class EnableAuthorizationManagerReactiveMethodSecurityTests { public void publisherPreAuthorizeBeanWhenGrantedThenSuccess() { given(this.delegate.publisherPreAuthorizeBeanFindById(2L)).willReturn(publisherJust("result")); Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(2L)) - .contextWrite(this.withAdmin); + .contextWrite(this.withAdmin); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -412,7 +412,7 @@ public class EnableAuthorizationManagerReactiveMethodSecurityTests { public void publisherPreAuthorizeBeanWhenNotAuthorizedThenDenied() { given(this.delegate.publisherPreAuthorizeBeanFindById(1L)).willReturn(this.result); Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(1L)) - .contextWrite(this.withUser); + .contextWrite(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); this.result.assertNoSubscribers(); } @@ -421,7 +421,7 @@ public class EnableAuthorizationManagerReactiveMethodSecurityTests { public void publisherPostAuthorizeWhenAuthorizedThenSuccess() { given(this.delegate.publisherPostAuthorizeFindById(1L)).willReturn(publisherJust("user")); Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeFindById(1L)) - .contextWrite(this.withUser); + .contextWrite(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); } @@ -429,7 +429,7 @@ public class EnableAuthorizationManagerReactiveMethodSecurityTests { public void publisherPostAuthorizeWhenNotAuthorizedThenDenied() { given(this.delegate.publisherPostAuthorizeBeanFindById(1L)).willReturn(publisherJust("not-authorized")); Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L)) - .contextWrite(this.withUser); + .contextWrite(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); } @@ -437,7 +437,7 @@ public class EnableAuthorizationManagerReactiveMethodSecurityTests { public void publisherPostAuthorizeWhenBeanAndAuthorizedThenSuccess() { given(this.delegate.publisherPostAuthorizeBeanFindById(2L)).willReturn(publisherJust("user")); Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(2L)) - .contextWrite(this.withUser); + .contextWrite(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); } @@ -452,7 +452,7 @@ public class EnableAuthorizationManagerReactiveMethodSecurityTests { public void publisherPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() { given(this.delegate.publisherPostAuthorizeBeanFindById(1L)).willReturn(publisherJust("not-authorized")); Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L)) - .contextWrite(this.withUser); + .contextWrite(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java index 0bf6d46113..bc54745c31 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurityTests.java @@ -56,10 +56,10 @@ public class EnableReactiveMethodSecurityTests { TestPublisher result = TestPublisher.create(); Context withAdmin = ReactiveSecurityContextHolder - .withAuthentication(new TestingAuthenticationToken("admin", "password", "ROLE_USER", "ROLE_ADMIN")); + .withAuthentication(new TestingAuthenticationToken("admin", "password", "ROLE_USER", "ROLE_ADMIN")); Context withUser = ReactiveSecurityContextHolder - .withAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .withAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); @AfterEach public void cleanup() { @@ -74,11 +74,11 @@ public class EnableReactiveMethodSecurityTests { @Test public void notPublisherPreAuthorizeFindByIdThenThrowsIllegalStateException() { assertThatIllegalStateException().isThrownBy(() -> this.messageService.notPublisherPreAuthorizeFindById(1L)) - .withMessage("The returnType class java.lang.String on public abstract java.lang.String " - + "org.springframework.security.config.annotation.method.configuration.ReactiveMessageService" - + ".notPublisherPreAuthorizeFindById(long) must return an instance of org.reactivestreams" - + ".Publisher (i.e. Mono / Flux) or the function must be a Kotlin coroutine " - + "function in order to support Reactor Context"); + .withMessage("The returnType class java.lang.String on public abstract java.lang.String " + + "org.springframework.security.config.annotation.method.configuration.ReactiveMessageService" + + ".notPublisherPreAuthorizeFindById(long) must return an instance of org.reactivestreams" + + ".Publisher (i.e. Mono / Flux) or the function must be a Kotlin coroutine " + + "function in order to support Reactor Context"); } @Test @@ -98,7 +98,7 @@ public class EnableReactiveMethodSecurityTests { public void monoPreAuthorizeHasRoleWhenGrantedThenSuccess() { given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.just("result")); Mono findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L) - .subscriberContext(this.withAdmin); + .subscriberContext(this.withAdmin); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -114,7 +114,7 @@ public class EnableReactiveMethodSecurityTests { public void monoPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() { given(this.delegate.monoPreAuthorizeHasRoleFindById(1L)).willReturn(Mono.from(this.result)); Mono findById = this.messageService.monoPreAuthorizeHasRoleFindById(1L) - .subscriberContext(this.withUser); + .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); this.result.assertNoSubscribers(); } @@ -202,7 +202,7 @@ public class EnableReactiveMethodSecurityTests { public void fluxPreAuthorizeHasRoleWhenGrantedThenSuccess() { given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.just("result")); Flux findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L) - .subscriberContext(this.withAdmin); + .subscriberContext(this.withAdmin); StepVerifier.create(findById).consumeNextWith((s) -> assertThat(s).isEqualTo("result")).verifyComplete(); } @@ -218,7 +218,7 @@ public class EnableReactiveMethodSecurityTests { public void fluxPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() { given(this.delegate.fluxPreAuthorizeHasRoleFindById(1L)).willReturn(Flux.from(this.result)); Flux findById = this.messageService.fluxPreAuthorizeHasRoleFindById(1L) - .subscriberContext(this.withUser); + .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); this.result.assertNoSubscribers(); } @@ -306,7 +306,7 @@ public class EnableReactiveMethodSecurityTests { public void publisherPreAuthorizeHasRoleWhenGrantedThenSuccess() { given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(publisherJust("result")); Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L)) - .subscriberContext(this.withAdmin); + .subscriberContext(this.withAdmin); StepVerifier.create(findById).consumeNextWith((s) -> assertThat(s).isEqualTo("result")).verifyComplete(); } @@ -322,7 +322,7 @@ public class EnableReactiveMethodSecurityTests { public void publisherPreAuthorizeHasRoleWhenNotAuthorizedThenDenied() { given(this.delegate.publisherPreAuthorizeHasRoleFindById(1L)).willReturn(this.result); Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeHasRoleFindById(1L)) - .subscriberContext(this.withUser); + .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); this.result.assertNoSubscribers(); } @@ -331,7 +331,7 @@ public class EnableReactiveMethodSecurityTests { public void publisherPreAuthorizeBeanWhenGrantedThenSuccess() { given(this.delegate.publisherPreAuthorizeBeanFindById(2L)).willReturn(publisherJust("result")); Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(2L)) - .subscriberContext(this.withAdmin); + .subscriberContext(this.withAdmin); StepVerifier.create(findById).expectNext("result").verifyComplete(); } @@ -354,7 +354,7 @@ public class EnableReactiveMethodSecurityTests { public void publisherPreAuthorizeBeanWhenNotAuthorizedThenDenied() { given(this.delegate.publisherPreAuthorizeBeanFindById(1L)).willReturn(this.result); Publisher findById = Flux.from(this.messageService.publisherPreAuthorizeBeanFindById(1L)) - .subscriberContext(this.withUser); + .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); this.result.assertNoSubscribers(); } @@ -363,7 +363,7 @@ public class EnableReactiveMethodSecurityTests { public void publisherPostAuthorizeWhenAuthorizedThenSuccess() { given(this.delegate.publisherPostAuthorizeFindById(1L)).willReturn(publisherJust("user")); Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeFindById(1L)) - .subscriberContext(this.withUser); + .subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); } @@ -371,7 +371,7 @@ public class EnableReactiveMethodSecurityTests { public void publisherPostAuthorizeWhenNotAuthorizedThenDenied() { given(this.delegate.publisherPostAuthorizeBeanFindById(1L)).willReturn(publisherJust("not-authorized")); Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L)) - .subscriberContext(this.withUser); + .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); } @@ -379,7 +379,7 @@ public class EnableReactiveMethodSecurityTests { public void publisherPostAuthorizeWhenBeanAndAuthorizedThenSuccess() { given(this.delegate.publisherPostAuthorizeBeanFindById(2L)).willReturn(publisherJust("user")); Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(2L)) - .subscriberContext(this.withUser); + .subscriberContext(this.withUser); StepVerifier.create(findById).expectNext("user").verifyComplete(); } @@ -394,7 +394,7 @@ public class EnableReactiveMethodSecurityTests { public void publisherPostAuthorizeWhenBeanAndNotAuthorizedThenDenied() { given(this.delegate.publisherPostAuthorizeBeanFindById(1L)).willReturn(publisherJust("not-authorized")); Publisher findById = Flux.from(this.messageService.publisherPostAuthorizeBeanFindById(1L)) - .subscriberContext(this.withUser); + .subscriberContext(this.withUser); StepVerifier.create(findById).expectError(AccessDeniedException.class).verify(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java index b7f0a2cf85..fc70d83aee 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java @@ -95,7 +95,7 @@ public class GlobalMethodSecurityConfigurationTests { @Test public void configureWhenGlobalMethodSecurityIsMissingMetadataSourceThenException() { assertThatExceptionOfType(UnsatisfiedDependencyException.class) - .isThrownBy(() -> this.spring.register(IllegalStateGlobalMethodSecurityConfig.class).autowire()); + .isThrownBy(() -> this.spring.register(IllegalStateGlobalMethodSecurityConfig.class).autowire()); } @Test @@ -107,9 +107,9 @@ public class GlobalMethodSecurityConfigurationTests { public void methodSecurityAuthenticationManagerPublishesEvent() { this.spring.register(InMemoryAuthWithGlobalMethodSecurityConfig.class).autowire(); assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> this.authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("foo", "bar"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("foo", "bar"))); assertThat(this.events.getEvents()).extracting(Object::getClass) - .containsOnly((Class) AuthenticationFailureBadCredentialsEvent.class); + .containsOnly((Class) AuthenticationFailureBadCredentialsEvent.class); } @Test @@ -119,7 +119,7 @@ public class GlobalMethodSecurityConfigurationTests { AuthenticationTrustResolver trustResolver = this.spring.getContext().getBean(AuthenticationTrustResolver.class); given(trustResolver.isAnonymous(any())).willReturn(true, false); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.service.preAuthorizeNotAnonymous()); + .isThrownBy(() -> this.service.preAuthorizeNotAnonymous()); this.service.preAuthorizeNotAnonymous(); verify(trustResolver, atLeastOnce()).isAnonymous(any()); } @@ -152,7 +152,7 @@ public class GlobalMethodSecurityConfigurationTests { this.service.hasPermission("something"); // no exception assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.service.hasPermission("something")); + .isThrownBy(() -> this.service.hasPermission("something")); } @Test @@ -250,7 +250,7 @@ public class GlobalMethodSecurityConfigurationTests { public void grantedAuthorityDefaultsAutowires() { this.spring.register(CustomGrantedAuthorityConfig.class).autowire(); CustomGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext() - .getBean(CustomGrantedAuthorityConfig.CustomAuthorityService.class); + .getBean(CustomGrantedAuthorityConfig.CustomAuthorityService.class); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorize()); customService.customPrefixRoleUser(); // no exception @@ -261,7 +261,7 @@ public class GlobalMethodSecurityConfigurationTests { public void grantedAuthorityDefaultsWithEmptyRolePrefix() { this.spring.register(EmptyRolePrefixGrantedAuthorityConfig.class).autowire(); EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService customService = this.spring.getContext() - .getBean(EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService.class); + .getBean(EmptyRolePrefixGrantedAuthorityConfig.CustomAuthorityService.class); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.securedUser()); customService.emptyPrefixRoleUser(); // no exception @@ -271,9 +271,9 @@ public class GlobalMethodSecurityConfigurationTests { public void methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() { this.spring.register(CustomMetadataSourceBeanProxyEnabledConfig.class).autowire(); MethodSecurityInterceptor methodInterceptor = (MethodSecurityInterceptor) this.spring.getContext() - .getBean(MethodInterceptor.class); + .getBean(MethodInterceptor.class); MethodSecurityMetadataSource methodSecurityMetadataSource = this.spring.getContext() - .getBean(MethodSecurityMetadataSource.class); + .getBean(MethodSecurityMetadataSource.class); assertThat(methodInterceptor.getSecurityMetadataSource()).isSameAs(methodSecurityMetadataSource); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java index 2344159fdc..9f98fdc633 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.java @@ -63,7 +63,7 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests { this.spring.register(CustomAccessDecisionManagerConfig.class, MethodSecurityServiceConfig.class).autowire(); assertThat(this.service.postHasPermission("granted")).isNull(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.service.postHasPermission("denied")); + .isThrownBy(() -> this.service.postHasPermission("denied")); } @EnableGlobalMethodSecurity(prePostEnabled = true) diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java index 8a3fc13f81..2d0b589afc 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java @@ -108,7 +108,7 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenCustomMethodSecurityMetadataSourceThenAuthorizes() { this.spring.register(CustomMethodSecurityMetadataSourceConfig.class, MethodSecurityServiceConfig.class) - .autowire(); + .autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.preAuthorize()); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.secured()); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.jsr250()); @@ -118,9 +118,10 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void contextRefreshWhenUsingAspectJThenAutowire() throws Exception { this.spring.register(AspectJModeConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThat(this.spring.getContext().getBean( - Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect"))) - .isNotNull(); + assertThat(this.spring.getContext() + .getBean(Class + .forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect"))) + .isNotNull(); assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull(); // TODO diagnose why aspectj isn't weaving method security advice around // MethodSecurityServiceImpl @@ -130,9 +131,10 @@ public class NamespaceGlobalMethodSecurityTests { public void contextRefreshWhenUsingAspectJAndCustomGlobalMethodSecurityConfigurationThenAutowire() throws Exception { this.spring.register(AspectJModeExtendsGMSCConfig.class).autowire(); - assertThat(this.spring.getContext().getBean( - Class.forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect"))) - .isNotNull(); + assertThat(this.spring.getContext() + .getBean(Class + .forName("org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect"))) + .isNotNull(); assertThat(this.spring.getContext().getBean(AspectJMethodSecurityInterceptor.class)).isNotNull(); } @@ -140,8 +142,9 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenOrderSpecifiedThenConfigured() { this.spring.register(CustomOrderConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class) - .getOrder()).isEqualTo(-135); + assertThat(this.spring.getContext() + .getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class) + .getOrder()).isEqualTo(-135); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.jsr250()); } @@ -149,8 +152,9 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenOrderUnspecifiedThenConfiguredToLowestPrecedence() { this.spring.register(DefaultOrderConfig.class, MethodSecurityServiceConfig.class).autowire(); - assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class) - .getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE); + assertThat(this.spring.getContext() + .getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class) + .getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE); assertThatExceptionOfType(UnsupportedOperationException.class).isThrownBy(() -> this.service.jsr250()); } @@ -158,9 +162,10 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenOrderUnspecifiedAndCustomGlobalMethodSecurityConfigurationThenConfiguredToLowestPrecedence() { this.spring.register(DefaultOrderExtendsMethodSecurityConfig.class, MethodSecurityServiceConfig.class) - .autowire(); - assertThat(this.spring.getContext().getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class) - .getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE); + .autowire(); + assertThat(this.spring.getContext() + .getBean("metaDataSourceAdvisor", MethodSecurityMetadataSourceAdvisor.class) + .getOrder()).isEqualTo(Ordered.LOWEST_PRECEDENCE); assertThatExceptionOfType(UnsupportedOperationException.class).isThrownBy(() -> this.service.jsr250()); } @@ -204,7 +209,7 @@ public class NamespaceGlobalMethodSecurityTests { public void methodSecurityWhenCustomRunAsManagerThenRunAsWrapsAuthentication() { this.spring.register(CustomRunAsManagerConfig.class, MethodSecurityServiceConfig.class).autowire(); assertThat(this.service.runAs().getAuthorities()) - .anyMatch((authority) -> "ROLE_RUN_AS_SUPER".equals(authority.getAuthority())); + .anyMatch((authority) -> "ROLE_RUN_AS_SUPER".equals(authority.getAuthority())); } @Test @@ -221,8 +226,8 @@ public class NamespaceGlobalMethodSecurityTests { @WithMockUser public void methodSecurityWhenMissingEnableAnnotationThenShowsHelpfulError() { assertThatExceptionOfType(Exception.class) - .isThrownBy(() -> this.spring.register(ExtendsNoEnableAnntotationConfig.class).autowire()) - .withStackTraceContaining(EnableGlobalMethodSecurity.class.getName() + " is required"); + .isThrownBy(() -> this.spring.register(ExtendsNoEnableAnntotationConfig.class).autowire()) + .withStackTraceContaining(EnableGlobalMethodSecurity.class.getName() + " is required"); } @Test @@ -360,7 +365,7 @@ public class NamespaceGlobalMethodSecurityTests { BeanDefinitionBuilder advice = BeanDefinitionBuilder.rootBeanDefinition(ExceptingInterceptor.class); registry.registerBeanDefinition("exceptingInterceptor", advice.getBeanDefinition()); BeanDefinitionBuilder advisor = BeanDefinitionBuilder - .rootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class); + .rootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class); advisor.setRole(BeanDefinition.ROLE_INFRASTRUCTURE); advisor.addConstructorArgValue("exceptingInterceptor"); advisor.addConstructorArgReference("methodSecurityMetadataSource"); diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfigurationTests.java index 6dd01ace26..282c01cffe 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfigurationTests.java @@ -100,7 +100,7 @@ public class PrePostMethodSecurityConfigurationTests { public void preAuthorizeWhenRoleAdminThenAccessDeniedException() { this.spring.register(MethodSecurityServiceConfig.class).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::preAuthorize) - .withMessage("Access Denied"); + .withMessage("Access Denied"); } @WithAnonymousUser @@ -116,7 +116,8 @@ public class PrePostMethodSecurityConfigurationTests { public void preAuthorizeNotAnonymousWhenRoleAnonymousThenAccessDeniedException() { this.spring.register(MethodSecurityServiceConfig.class).autowire(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(this.methodSecurityService::preAuthorizeNotAnonymous).withMessage("Access Denied"); + .isThrownBy(this.methodSecurityService::preAuthorizeNotAnonymous) + .withMessage("Access Denied"); } @WithMockUser @@ -131,7 +132,7 @@ public class PrePostMethodSecurityConfigurationTests { public void securedWhenRoleUserThenAccessDeniedException() { this.spring.register(MethodSecurityServiceEnabledConfig.class).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::secured) - .withMessage("Access Denied"); + .withMessage("Access Denied"); } @WithMockUser(roles = "ADMIN") @@ -147,7 +148,7 @@ public class PrePostMethodSecurityConfigurationTests { public void securedUserWhenRoleAdminThenAccessDeniedException() { this.spring.register(MethodSecurityServiceEnabledConfig.class).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::securedUser) - .withMessage("Access Denied"); + .withMessage("Access Denied"); SecurityContextHolderStrategy strategy = this.spring.getContext().getBean(SecurityContextHolderStrategy.class); verify(strategy, atLeastOnce()).getContext(); } @@ -165,7 +166,7 @@ public class PrePostMethodSecurityConfigurationTests { public void preAuthorizeAdminWhenRoleUserThenAccessDeniedException() { this.spring.register(MethodSecurityServiceConfig.class).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::preAuthorizeAdmin) - .withMessage("Access Denied"); + .withMessage("Access Denied"); } @WithMockUser(roles = "ADMIN") @@ -196,7 +197,8 @@ public class PrePostMethodSecurityConfigurationTests { public void postHasPermissionWhenParameterIsNotGrantThenAccessDeniedException() { this.spring.register(CustomPermissionEvaluatorConfig.class, MethodSecurityServiceConfig.class).autowire(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.methodSecurityService.postHasPermission("deny")).withMessage("Access Denied"); + .isThrownBy(() -> this.methodSecurityService.postHasPermission("deny")) + .withMessage("Access Denied"); } @WithMockUser @@ -212,7 +214,8 @@ public class PrePostMethodSecurityConfigurationTests { public void postAnnotationWhenParameterIsNotGrantThenAccessDeniedException() { this.spring.register(MethodSecurityServiceConfig.class).autowire(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.methodSecurityService.postAnnotation("deny")).withMessage("Access Denied"); + .isThrownBy(() -> this.methodSecurityService.postAnnotation("deny")) + .withMessage("Access Denied"); } @WithMockUser @@ -253,7 +256,7 @@ public class PrePostMethodSecurityConfigurationTests { @Test public void securedUserWhenCustomBeforeAdviceConfiguredAndNameBobThenPasses() { this.spring.register(CustomAuthorizationManagerBeforeAdviceConfig.class, MethodSecurityServiceConfig.class) - .autowire(); + .autowire(); String result = this.methodSecurityService.securedUser(); assertThat(result).isNull(); } @@ -262,16 +265,16 @@ public class PrePostMethodSecurityConfigurationTests { @Test public void securedUserWhenCustomBeforeAdviceConfiguredAndNameNotBobThenAccessDeniedException() { this.spring.register(CustomAuthorizationManagerBeforeAdviceConfig.class, MethodSecurityServiceConfig.class) - .autowire(); + .autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::securedUser) - .withMessage("Access Denied"); + .withMessage("Access Denied"); } @WithMockUser("bob") @Test public void securedUserWhenCustomAfterAdviceConfiguredAndNameBobThenGranted() { this.spring.register(CustomAuthorizationManagerAfterAdviceConfig.class, MethodSecurityServiceConfig.class) - .autowire(); + .autowire(); String result = this.methodSecurityService.securedUser(); assertThat(result).isEqualTo("granted"); } @@ -280,9 +283,9 @@ public class PrePostMethodSecurityConfigurationTests { @Test public void securedUserWhenCustomAfterAdviceConfiguredAndNameNotBobThenAccessDeniedException() { this.spring.register(CustomAuthorizationManagerAfterAdviceConfig.class, MethodSecurityServiceConfig.class) - .autowire(); + .autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::securedUser) - .withMessage("Access Denied for User 'joe'"); + .withMessage("Access Denied for User 'joe'"); } @WithMockUser(roles = "ADMIN") @@ -290,7 +293,7 @@ public class PrePostMethodSecurityConfigurationTests { public void jsr250WhenRoleAdminThenAccessDeniedException() { this.spring.register(MethodSecurityServiceEnabledConfig.class).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::jsr250) - .withMessage("Access Denied"); + .withMessage("Access Denied"); } @WithAnonymousUser @@ -306,7 +309,7 @@ public class PrePostMethodSecurityConfigurationTests { public void rolesAllowedUserWhenRoleAdminThenAccessDeniedException() { this.spring.register(BusinessServiceConfig.class).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.businessService::rolesAllowedUser) - .withMessage("Access Denied"); + .withMessage("Access Denied"); SecurityContextHolderStrategy strategy = this.spring.getContext().getBean(SecurityContextHolderStrategy.class); verify(strategy, atLeastOnce()).getContext(); } @@ -336,7 +339,7 @@ public class PrePostMethodSecurityConfigurationTests { List names = Arrays.asList("harold", "jonathan", "pete", "bo"); this.spring.register(MethodSecurityServiceEnabledConfig.class).autowire(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.methodSecurityService.manyAnnotations(new ArrayList<>(names))); + .isThrownBy(() -> this.methodSecurityService.manyAnnotations(new ArrayList<>(names))); } @WithMockUser @@ -345,7 +348,7 @@ public class PrePostMethodSecurityConfigurationTests { List names = Arrays.asList("harold", "jonathan", "pete"); this.spring.register(MethodSecurityServiceEnabledConfig.class).autowire(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.methodSecurityService.manyAnnotations(new ArrayList<>(names))); + .isThrownBy(() -> this.methodSecurityService.manyAnnotations(new ArrayList<>(names))); } @WithMockUser(roles = "ADMIN") @@ -354,7 +357,7 @@ public class PrePostMethodSecurityConfigurationTests { List names = Arrays.asList("harold", "jonathan", "pete", "bo"); this.spring.register(MethodSecurityServiceEnabledConfig.class).autowire(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.methodSecurityService.manyAnnotations(new ArrayList<>(names))); + .isThrownBy(() -> this.methodSecurityService.manyAnnotations(new ArrayList<>(names))); } // gh-3183 @@ -362,7 +365,7 @@ public class PrePostMethodSecurityConfigurationTests { public void repeatedAnnotationsWhenPresentThenFails() { this.spring.register(MethodSecurityServiceConfig.class).autowire(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> this.methodSecurityService.repeatedAnnotations()); + .isThrownBy(() -> this.methodSecurityService.repeatedAnnotations()); } // gh-3183 @@ -370,7 +373,7 @@ public class PrePostMethodSecurityConfigurationTests { public void repeatedJsr250AnnotationsWhenPresentThenFails() { this.spring.register(Jsr250Config.class).autowire(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> this.businessService.repeatedAnnotations()); + .isThrownBy(() -> this.businessService.repeatedAnnotations()); } // gh-3183 @@ -378,7 +381,7 @@ public class PrePostMethodSecurityConfigurationTests { public void repeatedSecuredAnnotationsWhenPresentThenFails() { this.spring.register(SecuredConfig.class).autowire(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> this.businessService.repeatedAnnotations()); + .isThrownBy(() -> this.businessService.repeatedAnnotations()); } @WithMockUser @@ -386,7 +389,7 @@ public class PrePostMethodSecurityConfigurationTests { public void preAuthorizeWhenAuthorizationEventPublisherThenUses() { this.spring.register(MethodSecurityServiceConfig.class, AuthorizationEventPublisherConfig.class).autowire(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.methodSecurityService.preAuthorize()); + .isThrownBy(() -> this.methodSecurityService.preAuthorize()); AuthorizationEventPublisher publisher = this.spring.getContext().getBean(AuthorizationEventPublisher.class); verify(publisher).publishAuthorizationEvent(any(Supplier.class), any(MethodInvocation.class), any(AuthorizationDecision.class)); @@ -425,7 +428,8 @@ public class PrePostMethodSecurityConfigurationTests { @Test public void configureWhenBeanOverridingDisallowedThenWorks() { this.spring.register(MethodSecurityServiceConfig.class, BusinessServiceConfig.class) - .postProcessor(disallowBeanOverriding()).autowire(); + .postProcessor(disallowBeanOverriding()) + .autowire(); } private static Consumer disallowBeanOverriding() { diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java index 8d6b3790c6..ae64d04377 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.java @@ -55,7 +55,7 @@ public class SampleEnableGlobalMethodSecurityTests { @BeforeEach public void setup() { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); } @Test @@ -64,7 +64,7 @@ public class SampleEnableGlobalMethodSecurityTests { assertThat(this.methodSecurityService.secured()).isNull(); assertThat(this.methodSecurityService.jsr250()).isNull(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.methodSecurityService.preAuthorize()); + .isThrownBy(() -> this.methodSecurityService.preAuthorize()); } @Test @@ -72,7 +72,7 @@ public class SampleEnableGlobalMethodSecurityTests { this.spring.register(CustomPermissionEvaluatorWebSecurityConfig.class).autowire(); assertThat(this.methodSecurityService.hasPermission("allowed")).isNull(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.methodSecurityService.hasPermission("denied")); + .isThrownBy(() -> this.methodSecurityService.hasPermission("denied")); } @EnableGlobalMethodSecurity(prePostEnabled = true) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java index a7b55ef021..2d49ddb242 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractConfiguredSecurityBuilderTests.java @@ -129,7 +129,7 @@ public class AbstractConfiguredSecurityBuilderTests { builder.apply(configurer1); builder.apply(configurer2); List removedConfigurers = builder - .removeConfigurers(DelegateSecurityConfigurer.class); + .removeConfigurers(DelegateSecurityConfigurer.class); assertThat(removedConfigurers).hasSize(2); assertThat(removedConfigurers).containsExactly(configurer1, configurer2); assertThat(builder.getConfigurers(DelegateSecurityConfigurer.class)).isEmpty(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java index 53e50a386d..059fb6df83 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java @@ -38,31 +38,31 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests { @Test public void antMatchersCanNotWorkAfterAnyRequest() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> loadConfig(AntMatchersAfterAnyRequestConfig.class)); + .isThrownBy(() -> loadConfig(AntMatchersAfterAnyRequestConfig.class)); } @Test public void mvcMatchersCanNotWorkAfterAnyRequest() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> loadConfig(MvcMatchersAfterAnyRequestConfig.class)); + .isThrownBy(() -> loadConfig(MvcMatchersAfterAnyRequestConfig.class)); } @Test public void regexMatchersCanNotWorkAfterAnyRequest() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> loadConfig(RegexMatchersAfterAnyRequestConfig.class)); + .isThrownBy(() -> loadConfig(RegexMatchersAfterAnyRequestConfig.class)); } @Test public void anyRequestCanNotWorkAfterItself() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> loadConfig(AnyRequestAfterItselfConfig.class)); + .isThrownBy(() -> loadConfig(AnyRequestAfterItselfConfig.class)); } @Test public void requestMatchersCanNotWorkAfterAnyRequest() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> loadConfig(RequestMatchersAfterAnyRequestConfig.class)); + .isThrownBy(() -> loadConfig(RequestMatchersAfterAnyRequestConfig.class)); } private void loadConfig(Class... configs) { diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java index fa0a794151..391f131494 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryTests.java @@ -188,8 +188,9 @@ public class AbstractRequestMatcherRegistryTests { mockMvcPresentClasspath(true); mockMvcIntrospector(false); assertThatExceptionOfType(NoSuchBeanDefinitionException.class) - .isThrownBy(() -> this.matcherRegistry.requestMatchers("/path")).withMessageContaining( - "Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext"); + .isThrownBy(() -> this.matcherRegistry.requestMatchers("/path")) + .withMessageContaining( + "Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext"); } @Test @@ -215,7 +216,7 @@ public class AbstractRequestMatcherRegistryTests { servletContext.addServlet("dispatcherServlet", DispatcherServlet.class).addMapping("/"); servletContext.addServlet("servletTwo", Servlet.class).addMapping("/servlet/**"); assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> this.matcherRegistry.requestMatchers("/**")); + .isThrownBy(() -> this.matcherRegistry.requestMatchers("/**")); } @Test diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterMockitoTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterMockitoTests.java index 23816b37af..0cfb82b247 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterMockitoTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterMockitoTests.java @@ -78,9 +78,9 @@ public class WebSecurityConfigurerAdapterMockitoTests { @Test public void loadConfigWhenDefaultConfigurerAsSpringFactoryhenDefaultConfigurerApplied() { DefaultConfigurer configurer = new DefaultConfigurer(); - this.springFactoriesLoader.when( - () -> SpringFactoriesLoader.loadFactories(AbstractHttpConfigurer.class, getClass().getClassLoader())) - .thenReturn(Arrays.asList(configurer)); + this.springFactoriesLoader + .when(() -> SpringFactoriesLoader.loadFactories(AbstractHttpConfigurer.class, getClass().getClassLoader())) + .thenReturn(Arrays.asList(configurer)); loadConfig(Config.class); assertThat(configurer.init).isTrue(); assertThat(configurer.configure).isTrue(); @@ -92,13 +92,15 @@ public class WebSecurityConfigurerAdapterMockitoTests { WebAsyncManager webAsyncManager = mock(WebAsyncManager.class); this.mockMvc.perform(get("/").requestAttr(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE, webAsyncManager)); ArgumentCaptor callableProcessingInterceptorArgCaptor = ArgumentCaptor - .forClass(CallableProcessingInterceptor.class); + .forClass(CallableProcessingInterceptor.class); verify(webAsyncManager, atLeastOnce()).registerCallableInterceptor(any(), callableProcessingInterceptorArgCaptor.capture()); CallableProcessingInterceptor callableProcessingInterceptor = callableProcessingInterceptorArgCaptor - .getAllValues().stream() - .filter((e) -> SecurityContextCallableProcessingInterceptor.class.isAssignableFrom(e.getClass())) - .findFirst().orElse(null); + .getAllValues() + .stream() + .filter((e) -> SecurityContextCallableProcessingInterceptor.class.isAssignableFrom(e.getClass())) + .findFirst() + .orElse(null); assertThat(callableProcessingInterceptor).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java index 563696b794..d8ca40da9d 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java @@ -126,20 +126,20 @@ public class WebSecurityConfigurerAdapterTests { ContentNegotiationStrategy.class); this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class).autowire(); OverrideContentNegotiationStrategySharedObjectConfig securityConfig = this.spring.getContext() - .getBean(OverrideContentNegotiationStrategySharedObjectConfig.class); + .getBean(OverrideContentNegotiationStrategySharedObjectConfig.class); assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull(); assertThat(securityConfig.contentNegotiationStrategySharedObject) - .isSameAs(OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN); + .isSameAs(OverrideContentNegotiationStrategySharedObjectConfig.CONTENT_NEGOTIATION_STRATEGY_BEAN); } @Test public void loadConfigWhenDefaultContentNegotiationStrategyThenHeaderContentNegotiationStrategy() { this.spring.register(ContentNegotiationStrategyDefaultSharedObjectConfig.class).autowire(); ContentNegotiationStrategyDefaultSharedObjectConfig securityConfig = this.spring.getContext() - .getBean(ContentNegotiationStrategyDefaultSharedObjectConfig.class); + .getBean(ContentNegotiationStrategyDefaultSharedObjectConfig.class); assertThat(securityConfig.contentNegotiationStrategySharedObject).isNotNull(); assertThat(securityConfig.contentNegotiationStrategySharedObject) - .isInstanceOf(HeaderContentNegotiationStrategy.class); + .isInstanceOf(HeaderContentNegotiationStrategy.class); } @Test @@ -148,7 +148,7 @@ public class WebSecurityConfigurerAdapterTests { MyFilter myFilter = this.spring.getContext().getBean(MyFilter.class); myFilter.userDetailsService.loadUserByUsername("user"); assertThatExceptionOfType(UsernameNotFoundException.class) - .isThrownBy(() -> myFilter.userDetailsService.loadUserByUsername("admin")); + .isThrownBy(() -> myFilter.userDetailsService.loadUserByUsername("admin")); } // SEC-2274: WebSecurityConfigurer adds ApplicationContext as a shared object @@ -156,7 +156,7 @@ public class WebSecurityConfigurerAdapterTests { public void loadConfigWhenSharedObjectsCreatedThenApplicationContextAdded() { this.spring.register(ApplicationContextSharedObjectConfig.class).autowire(); ApplicationContextSharedObjectConfig securityConfig = this.spring.getContext() - .getBean(ApplicationContextSharedObjectConfig.class); + .getBean(ApplicationContextSharedObjectConfig.class); assertThat(securityConfig.applicationContextSharedObject).isNotNull(); assertThat(securityConfig.applicationContextSharedObject).isSameAs(this.spring.getContext()); } @@ -168,14 +168,14 @@ public class WebSecurityConfigurerAdapterTests { CustomTrustResolverConfig securityConfig = this.spring.getContext().getBean(CustomTrustResolverConfig.class); assertThat(securityConfig.authenticationTrustResolverSharedObject).isNotNull(); assertThat(securityConfig.authenticationTrustResolverSharedObject) - .isSameAs(CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN); + .isSameAs(CustomTrustResolverConfig.AUTHENTICATION_TRUST_RESOLVER_BEAN); } @Test public void compareOrderWebSecurityConfigurerAdapterWhenLowestOrderToDefaultOrderThenGreaterThanZero() { AnnotationAwareOrderComparator comparator = new AnnotationAwareOrderComparator(); assertThat(comparator.compare(new LowestPriorityWebSecurityConfig(), new DefaultOrderWebSecurityConfig())) - .isGreaterThan(0); + .isGreaterThan(0); } // gh-7515 @@ -183,7 +183,7 @@ public class WebSecurityConfigurerAdapterTests { public void performWhenUsingAuthenticationEventPublisherBeanThenUses() throws Exception { this.spring.register(CustomAuthenticationEventPublisherBean.class).autowire(); AuthenticationEventPublisher authenticationEventPublisher = this.spring.getContext() - .getBean(AuthenticationEventPublisher.class); + .getBean(AuthenticationEventPublisher.class); this.mockMvc.perform(get("/").with(httpBasic("user", "password"))); verify(authenticationEventPublisher).publishAuthenticationSuccess(any(Authentication.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java index 53635b93d8..44a4c215fb 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java @@ -64,10 +64,10 @@ public class HttpConfigurationTests { @Test public void configureWhenAddFilterUnregisteredThenThrowsBeanCreationException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(UnregisteredFilterConfig.class).autowire()) - .withMessageContaining("The Filter class " + UnregisteredFilter.class.getName() - + " does not have a registered order and cannot be added without a specified order." - + " Consider using addFilterBefore or addFilterAfter instead."); + .isThrownBy(() -> this.spring.register(UnregisteredFilterConfig.class).autowire()) + .withMessageContaining("The Filter class " + UnregisteredFilter.class.getName() + + " does not have a registered order and cannot be added without a specified order." + + " Consider using addFilterBefore or addFilterAfter instead."); } // https://github.com/spring-projects/spring-security-javaconfig/issues/104 diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpSecurityAddFilterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpSecurityAddFilterTests.java index 54c4a7e048..e66d266b94 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpSecurityAddFilterTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpSecurityAddFilterTests.java @@ -56,17 +56,17 @@ public class HttpSecurityAddFilterTests { @Test public void addFilterAfterFilterNotRegisteredYetThenThrowIllegalArgument() { assertThatExceptionOfType(UnsatisfiedDependencyException.class) - .isThrownBy( - () -> this.spring.register(MyOtherFilterAfterMyFilterNotRegisteredYetConfig.class).autowire()) - .havingRootCause().isInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(MyOtherFilterAfterMyFilterNotRegisteredYetConfig.class).autowire()) + .havingRootCause() + .isInstanceOf(IllegalArgumentException.class); } @Test public void addFilterBeforeFilterNotRegisteredYetThenThrowIllegalArgument() { assertThatExceptionOfType(UnsatisfiedDependencyException.class) - .isThrownBy( - () -> this.spring.register(MyOtherFilterBeforeMyFilterNotRegisteredYetConfig.class).autowire()) - .havingRootCause().isInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(MyOtherFilterBeforeMyFilterNotRegisteredYetConfig.class).autowire()) + .havingRootCause() + .isInstanceOf(IllegalArgumentException.class); } @Test @@ -135,8 +135,10 @@ public class HttpSecurityAddFilterTests { private ListAssert> assertThatFilters() { FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class); - List> filters = filterChain.getFilters("/").stream().map(Object::getClass) - .collect(Collectors.toList()); + List> filters = filterChain.getFilters("/") + .stream() + .map(Object::getClass) + .collect(Collectors.toList()); return assertThat(filters); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpSecurityAuthenticationManagerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpSecurityAuthenticationManagerTests.java index aa52773ea8..8eb8d6182b 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpSecurityAuthenticationManagerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpSecurityAuthenticationManagerTests.java @@ -52,7 +52,7 @@ public class HttpSecurityAuthenticationManagerTests { this.spring.register(AuthenticationManagerConfig.class).autowire(); given(AuthenticationManagerConfig.AUTHENTICATION_MANAGER.authenticate(any())) - .willReturn(new TestingAuthenticationToken("user", "test", "ROLE_USER")); + .willReturn(new TestingAuthenticationToken("user", "test", "ROLE_USER")); this.mvc.perform(get("/").with(httpBasic("user", "test"))); @@ -65,7 +65,7 @@ public class HttpSecurityAuthenticationManagerTests { this.spring.register(AuthenticationManagerBuilderConfig.class).autowire(); given(AuthenticationManagerBuilderConfig.AUTHENTICATION_MANAGER.authenticate(any())) - .willReturn(new TestingAuthenticationToken("user", "test", "ROLE_USER")); + .willReturn(new TestingAuthenticationToken("user", "test", "ROLE_USER")); this.mvc.perform(get("/").with(httpBasic("user", "test"))); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java index ae167e0e5c..198da076ec 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java @@ -93,7 +93,7 @@ public class NamespaceHttpTests { AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER = mock(AccessDecisionManager.class); given(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(FilterInvocation.class)).willReturn(true); given(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER.supports(any(ConfigAttribute.class))) - .willReturn(true); + .willReturn(true); this.spring.register(AccessDecisionManagerRefConfig.class).autowire(); this.mockMvc.perform(get("/")); verify(AccessDecisionManagerRefConfig.ACCESS_DECISION_MANAGER, times(1)).decide(any(Authentication.class), @@ -103,8 +103,9 @@ public class NamespaceHttpTests { @Test // http@access-denied-page public void configureWhenAccessDeniedPageSetAndRequestForbiddenThenForwardedToAccessDeniedPage() throws Exception { this.spring.register(AccessDeniedPageConfig.class).autowire(); - this.mockMvc.perform(get("/admin").with(user(PasswordEncodedUser.user()))).andExpect(status().isForbidden()) - .andExpect(forwardedUrl("/AccessDeniedPage")); + this.mockMvc.perform(get("/admin").with(user(PasswordEncodedUser.user()))) + .andExpect(status().isForbidden()) + .andExpect(forwardedUrl("/AccessDeniedPage")); } @Test // http@authentication-manager-ref @@ -191,7 +192,7 @@ public class NamespaceHttpTests { FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class); DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains() - .get(0); + .get(0); assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class); } @@ -201,7 +202,7 @@ public class NamespaceHttpTests { FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class); DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains() - .get(0); + .get(0); assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(RegexRequestMatcher.class); } @@ -211,9 +212,9 @@ public class NamespaceHttpTests { FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class); DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains() - .get(0); + .get(0); assertThat(securityFilterChain.getRequestMatcher()) - .isInstanceOf(RequestMatcherRefConfig.MyRequestMatcher.class); + .isInstanceOf(RequestMatcherRefConfig.MyRequestMatcher.class); } @Test // http@security=none @@ -222,16 +223,16 @@ public class NamespaceHttpTests { FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class); DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains() - .get(0); + .get(0); assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class); assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern()) - .isEqualTo("/resources/**"); + .isEqualTo("/resources/**"); assertThat(securityFilterChain.getFilters()).isEmpty(); assertThat(filterChainProxy.getFilterChains().get(1)).isInstanceOf(DefaultSecurityFilterChain.class); securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains().get(1); assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class); assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern()) - .isEqualTo("/public/**"); + .isEqualTo("/public/**"); assertThat(securityFilterChain.getFilters()).isEmpty(); } @@ -248,7 +249,7 @@ public class NamespaceHttpTests { this.spring.register(ServletApiProvisionConfig.class, MainController.class).autowire(); this.mockMvc.perform(get("/")); assertThat(MainController.HTTP_SERVLET_REQUEST_TYPE) - .isNotInstanceOf(SecurityContextHolderAwareRequestWrapper.class); + .isNotInstanceOf(SecurityContextHolderAwareRequestWrapper.class); } @Test // http@servlet-api-provision defaults to true @@ -256,7 +257,7 @@ public class NamespaceHttpTests { this.spring.register(ServletApiProvisionDefaultsConfig.class, MainController.class).autowire(); this.mockMvc.perform(get("/")); assertThat(SecurityContextHolderAwareRequestWrapper.class) - .isAssignableFrom(MainController.HTTP_SERVLET_REQUEST_TYPE); + .isAssignableFrom(MainController.HTTP_SERVLET_REQUEST_TYPE); } @Test // http@use-expressions=true @@ -264,7 +265,7 @@ public class NamespaceHttpTests { this.spring.register(UseExpressionsConfig.class).autowire(); UseExpressionsConfig config = this.spring.getContext().getBean(UseExpressionsConfig.class); assertThat(ExpressionBasedFilterInvocationSecurityMetadataSource.class) - .isAssignableFrom(config.filterInvocationSecurityMetadataSourceType); + .isAssignableFrom(config.filterInvocationSecurityMetadataSourceType); } @Test // http@use-expressions=false @@ -272,7 +273,7 @@ public class NamespaceHttpTests { this.spring.register(DisableUseExpressionsConfig.class).autowire(); DisableUseExpressionsConfig config = this.spring.getContext().getBean(DisableUseExpressionsConfig.class); assertThat(DefaultFilterInvocationSecurityMetadataSource.class) - .isAssignableFrom(config.filterInvocationSecurityMetadataSourceType); + .isAssignableFrom(config.filterInvocationSecurityMetadataSourceType); } @EnableWebSecurity @@ -610,7 +611,8 @@ public class NamespaceHttpTests { web.postBuildAction(() -> { FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class); UseExpressionsConfig.this.filterInvocationSecurityMetadataSourceType = securityInterceptor - .getSecurityMetadataSource().getClass(); + .getSecurityMetadataSource() + .getClass(); }); } @@ -639,7 +641,8 @@ public class NamespaceHttpTests { web.postBuildAction(() -> { FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class); DisableUseExpressionsConfig.this.filterInvocationSecurityMetadataSourceType = securityInterceptor - .getSecurityMetadataSource().getClass(); + .getSecurityMetadataSource() + .getClass(); }); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java index 0f50a172fa..b904ad85f8 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java @@ -60,7 +60,7 @@ public class EnableWebSecurityTests { this.spring.register(SecurityConfig.class).autowire(); AuthenticationManager authenticationManager = this.spring.getContext().getBean(AuthenticationManager.class); Authentication authentication = authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); assertThat(authentication.isAuthenticated()).isTrue(); } @@ -74,14 +74,14 @@ public class EnableWebSecurityTests { public void configureWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception { this.spring.register(AuthenticationPrincipalConfig.class).autowire(); this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password")))) - .andExpect(content().string("user1")); + .andExpect(content().string("user1")); } @Test public void securityFilterChainWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception { this.spring.register(SecurityFilterChainAuthenticationPrincipalConfig.class).autowire(); this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password")))) - .andExpect(content().string("user1")); + .andExpect(content().string("user1")); } @Test diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java index fdaffa8407..e760f40109 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java @@ -158,8 +158,10 @@ public class HttpSecurityConfigurationTests { @Test public void asyncDispatchWhenCustomSecurityContextHolderStrategyThenUses() throws Exception { - this.spring.register(DefaultWithFilterChainConfig.class, SecurityContextChangedListenerConfig.class, - NameController.class).autowire(); + this.spring + .register(DefaultWithFilterChainConfig.class, SecurityContextChangedListenerConfig.class, + NameController.class) + .autowire(); // @formatter:off MockHttpServletRequestBuilder requestWithBob = get("/name").with(user("Bob")); MvcResult mvcResult = this.mockMvc.perform(requestWithBob) @@ -251,8 +253,8 @@ public class HttpSecurityConfigurationTests { @Test public void loginWhenUsingDefaultThenAuthenticationEventPublished() throws Exception { this.spring - .register(SecurityEnabledConfig.class, UserDetailsConfig.class, AuthenticationEventListenerConfig.class) - .autowire(); + .register(SecurityEnabledConfig.class, UserDetailsConfig.class, AuthenticationEventListenerConfig.class) + .autowire(); AuthenticationEventListenerConfig.clearEvents(); this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection()); assertThat(AuthenticationEventListenerConfig.EVENTS).isNotEmpty(); @@ -262,8 +264,8 @@ public class HttpSecurityConfigurationTests { @Test public void loginWhenUsingDefaultAndNoUserDetailsServiceThenAuthenticationEventPublished() throws Exception { this.spring - .register(SecurityEnabledConfig.class, UserDetailsConfig.class, AuthenticationEventListenerConfig.class) - .autowire(); + .register(SecurityEnabledConfig.class, UserDetailsConfig.class, AuthenticationEventListenerConfig.class) + .autowire(); AuthenticationEventListenerConfig.clearEvents(); this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection()); assertThat(AuthenticationEventListenerConfig.EVENTS).isNotEmpty(); @@ -272,8 +274,10 @@ public class HttpSecurityConfigurationTests { @Test public void loginWhenUsingCustomAuthenticationEventPublisherThenAuthenticationEventPublished() throws Exception { - this.spring.register(SecurityEnabledConfig.class, UserDetailsConfig.class, - CustomAuthenticationEventPublisherConfig.class).autowire(); + this.spring + .register(SecurityEnabledConfig.class, UserDetailsConfig.class, + CustomAuthenticationEventPublisherConfig.class) + .autowire(); CustomAuthenticationEventPublisherConfig.clearEvents(); this.mockMvc.perform(formLogin()).andExpect(status().is3xxRedirection()); assertThat(CustomAuthenticationEventPublisherConfig.EVENTS).isNotEmpty(); @@ -293,27 +297,25 @@ public class HttpSecurityConfigurationTests { @Test public void configureWhenAuthorizeHttpRequestsBeforeAuthorizeRequestThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy( - () -> this.spring.register(AuthorizeHttpRequestsBeforeAuthorizeRequestsConfig.class).autowire()) - .withMessageContaining( - "authorizeHttpRequests cannot be used in conjunction with authorizeRequests. Please select just one."); + .isThrownBy(() -> this.spring.register(AuthorizeHttpRequestsBeforeAuthorizeRequestsConfig.class).autowire()) + .withMessageContaining( + "authorizeHttpRequests cannot be used in conjunction with authorizeRequests. Please select just one."); } @Test public void configureWhenAuthorizeHttpRequestsAfterAuthorizeRequestThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy( - () -> this.spring.register(AuthorizeHttpRequestsAfterAuthorizeRequestsConfig.class).autowire()) - .withMessageContaining( - "authorizeHttpRequests cannot be used in conjunction with authorizeRequests. Please select just one."); + .isThrownBy(() -> this.spring.register(AuthorizeHttpRequestsAfterAuthorizeRequestsConfig.class).autowire()) + .withMessageContaining( + "authorizeHttpRequests cannot be used in conjunction with authorizeRequests. Please select just one."); } @Test public void configureWhenDefaultConfigurerAsSpringFactoryThenDefaultConfigurerApplied() { DefaultConfigurer configurer = new DefaultConfigurer(); - this.springFactoriesLoader.when( - () -> SpringFactoriesLoader.loadFactories(AbstractHttpConfigurer.class, getClass().getClassLoader())) - .thenReturn(Arrays.asList(configurer)); + this.springFactoriesLoader + .when(() -> SpringFactoriesLoader.loadFactories(AbstractHttpConfigurer.class, getClass().getClassLoader())) + .thenReturn(Arrays.asList(configurer)); this.spring.register(DefaultWithFilterChainConfig.class).autowire(); assertThat(configurer.init).isTrue(); assertThat(configurer.configure).isTrue(); @@ -324,7 +326,7 @@ public class HttpSecurityConfigurationTests { this.spring.register(CustomContentNegotiationStrategyConfig.class).autowire(); this.mockMvc.perform(get("/")); verify(CustomContentNegotiationStrategyConfig.CNS, atLeastOnce()) - .resolveMediaTypes(any(NativeWebRequest.class)); + .resolveMediaTypes(any(NativeWebRequest.class)); } // gh-13203 diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java index 491b05429a..92460458a2 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java @@ -82,14 +82,16 @@ public class OAuth2ClientConfigurationTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password"); ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class); ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() - .registrationId(clientRegistrationId).build(); + .registrationId(clientRegistrationId) + .build(); given(clientRegistrationRepository.findByRegistrationId(eq(clientRegistrationId))) - .willReturn(clientRegistration); + .willReturn(clientRegistration); OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class); OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class); given(authorizedClient.getClientRegistration()).willReturn(clientRegistration); given(authorizedClientRepository.loadAuthorizedClient(eq(clientRegistrationId), eq(authentication), - any(HttpServletRequest.class))).willReturn(authorizedClient); + any(HttpServletRequest.class))) + .willReturn(authorizedClient); OAuth2AccessToken accessToken = mock(OAuth2AccessToken.class); given(authorizedClient.getAccessToken()).willReturn(accessToken); OAuth2AccessTokenResponseClient accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class); @@ -115,7 +117,8 @@ public class OAuth2ClientConfigurationTests { OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class); OAuth2AccessTokenResponseClient accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class); ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials() - .registrationId(clientRegistrationId).build(); + .registrationId(clientRegistrationId) + .build(); given(clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).willReturn(clientRegistration); // @formatter:off OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse @@ -125,13 +128,13 @@ public class OAuth2ClientConfigurationTests { .build(); // @formatter:on given(accessTokenResponseClient.getTokenResponse(any(OAuth2ClientCredentialsGrantRequest.class))) - .willReturn(accessTokenResponse); + .willReturn(accessTokenResponse); OAuth2AuthorizedClientArgumentResolverConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository; OAuth2AuthorizedClientArgumentResolverConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository; OAuth2AuthorizedClientArgumentResolverConfig.ACCESS_TOKEN_RESPONSE_CLIENT = accessTokenResponseClient; this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire(); MockHttpServletRequestBuilder authenticatedRequest = get("/authorized-client") - .with(authentication(authentication)); + .with(authentication(authentication)); // @formatter:off this.mockMvc.perform(authenticatedRequest) .andExpect(status().isOk()) @@ -143,20 +146,22 @@ public class OAuth2ClientConfigurationTests { // gh-5321 @Test public void loadContextWhenOAuth2AuthorizedClientRepositoryRegisteredTwiceThenThrowNoUniqueBeanDefinitionException() { - assertThatExceptionOfType(BeanCreationException.class).isThrownBy( - () -> this.spring.register(OAuth2AuthorizedClientRepositoryRegisteredTwiceConfig.class).autowire()) - .withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class).withMessageContaining( - "Expected single matching bean of type '" + OAuth2AuthorizedClientRepository.class.getName() - + "' but found 2: authorizedClientRepository1,authorizedClientRepository2"); + assertThatExceptionOfType(BeanCreationException.class) + .isThrownBy( + () -> this.spring.register(OAuth2AuthorizedClientRepositoryRegisteredTwiceConfig.class).autowire()) + .withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class) + .withMessageContaining( + "Expected single matching bean of type '" + OAuth2AuthorizedClientRepository.class.getName() + + "' but found 2: authorizedClientRepository1,authorizedClientRepository2"); } @Test public void loadContextWhenClientRegistrationRepositoryNotRegisteredThenThrowNoSuchBeanDefinitionException() { assertThatExceptionOfType(Exception.class) - .isThrownBy( - () -> this.spring.register(ClientRegistrationRepositoryNotRegisteredConfig.class).autowire()) - .withRootCauseInstanceOf(NoSuchBeanDefinitionException.class).withMessageContaining( - "No qualifying bean of type '" + ClientRegistrationRepository.class.getName() + "' available"); + .isThrownBy(() -> this.spring.register(ClientRegistrationRepositoryNotRegisteredConfig.class).autowire()) + .withRootCauseInstanceOf(NoSuchBeanDefinitionException.class) + .withMessageContaining( + "No qualifying bean of type '" + ClientRegistrationRepository.class.getName() + "' available"); } @Test @@ -192,7 +197,8 @@ public class OAuth2ClientConfigurationTests { OAuth2AuthorizedClientRepository authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class); OAuth2AuthorizedClientManager authorizedClientManager = mock(OAuth2AuthorizedClientManager.class); ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() - .registrationId(clientRegistrationId).build(); + .registrationId(clientRegistrationId) + .build(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principalName, TestOAuth2AccessTokens.noScopes()); given(authorizedClientManager.authorize(any())).willReturn(authorizedClient); @@ -201,7 +207,7 @@ public class OAuth2ClientConfigurationTests { OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_MANAGER = authorizedClientManager; this.spring.register(OAuth2AuthorizedClientManagerRegisteredConfig.class).autowire(); MockHttpServletRequestBuilder authenticatedRequest = get("/authorized-client") - .with(authentication(authentication)); + .with(authentication(authentication)); // @formatter:off this.mockMvc .perform(authenticatedRequest) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java index 7422f50070..c2539ac70f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.java @@ -46,13 +46,13 @@ public class Sec2515Tests { @Test public void loadConfigWhenAuthenticationManagerNotConfiguredAndRegisterBeanThenThrowFatalBeanException() { assertThatExceptionOfType(FatalBeanException.class) - .isThrownBy(() -> this.spring.register(StackOverflowSecurityConfig.class).autowire()); + .isThrownBy(() -> this.spring.register(StackOverflowSecurityConfig.class).autowire()); } @Test public void loadConfigWhenAuthenticationManagerNotConfiguredAndRegisterBeanCustomNameThenThrowFatalBeanException() { assertThatExceptionOfType(FatalBeanException.class) - .isThrownBy(() -> this.spring.register(CustomBeanNameStackOverflowSecurityConfig.class).autowire()); + .isThrownBy(() -> this.spring.register(CustomBeanNameStackOverflowSecurityConfig.class).autowire()); } // SEC-2549 @@ -61,7 +61,7 @@ public class Sec2515Tests { CanLoadWithChildConfig.AUTHENTICATION_MANAGER = mock(AuthenticationManager.class); this.spring.register(CanLoadWithChildConfig.class); AnnotationConfigWebApplicationContext context = (AnnotationConfigWebApplicationContext) this.spring - .getContext(); + .getContext(); context.setClassLoader(new URLClassLoader(new URL[0], context.getClassLoader())); this.spring.autowire(); assertThat(this.spring.getContext().getBean(AuthenticationManager.class)).isNotNull(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java index 4d60d83bd1..569ace05d1 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java @@ -93,8 +93,10 @@ public class SecurityReactorContextConfigurationResourceServerTests { @Test public void requestWhenCustomSecurityContextHolderStrategyThenUses() throws Exception { BearerTokenAuthentication authentication = TestBearerTokenAuthentications.bearer(); - this.spring.register(BearerFilterConfig.class, WebServerConfig.class, Controller.class, - SecurityContextChangedListenerConfig.class).autowire(); + this.spring + .register(BearerFilterConfig.class, WebServerConfig.class, Controller.class, + SecurityContextChangedListenerConfig.class) + .autowire(); MockHttpServletRequestBuilder authenticatedRequest = get("/token").with(authentication(authentication)); // @formatter:off this.mockMvc.perform(authenticatedRequest) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java index b6157e809e..b6bd4937a9 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationTests.java @@ -102,14 +102,14 @@ public class SecurityReactorContextConfigurationTests { } }; CoreSubscriber resultSubscriber = this.subscriberRegistrar - .createSubscriberIfNecessary(originalSubscriber); + .createSubscriberIfNecessary(originalSubscriber); assertThat(resultSubscriber).isSameAs(originalSubscriber); } @Test public void createSubscriberIfNecessaryWhenWebSecurityContextAvailableThenCreateWithParentContext() { RequestContextHolder - .setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse)); + .setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse)); SecurityContextHolder.getContext().setAuthentication(this.authentication); String testKey = "test_key"; String testValue = "test_value"; @@ -123,7 +123,7 @@ public class SecurityReactorContextConfigurationTests { Context resultContext = subscriber.currentContext(); assertThat(resultContext.getOrEmpty(testKey)).hasValue(testValue); Map securityContextAttributes = resultContext - .getOrDefault(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, null); + .getOrDefault(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, null); assertThat(securityContextAttributes).hasSize(3); assertThat(securityContextAttributes).contains(entry(HttpServletRequest.class, this.servletRequest), entry(HttpServletResponse.class, this.servletResponse), @@ -133,7 +133,7 @@ public class SecurityReactorContextConfigurationTests { @Test public void createSubscriberIfNecessaryWhenParentContextContainsSecurityContextAttributesThenUseParentContext() { RequestContextHolder - .setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse)); + .setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse)); SecurityContextHolder.getContext().setAuthentication(this.authentication); Context parentContext = Context.of(SecurityReactorContextSubscriber.SECURITY_CONTEXT_ATTRIBUTES, new HashMap<>()); @@ -189,7 +189,7 @@ public class SecurityReactorContextConfigurationTests { } }); CoreSubscriber subscriber = this.subscriberRegistrar - .createSubscriberIfNecessary(Operators.emptySubscriber()); + .createSubscriberIfNecessary(Operators.emptySubscriber()); assertThat(subscriber).isInstanceOf(SecurityReactorContextConfiguration.SecurityReactorContextSubscriber.class); } @@ -200,7 +200,7 @@ public class SecurityReactorContextConfigurationTests { this.spring.register(SecurityConfig.class).autowire(); // Setup for SecurityReactorContextSubscriberRegistrar RequestContextHolder - .setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse)); + .setRequestAttributes(new ServletRequestAttributes(this.servletRequest, this.servletResponse)); SecurityContextHolder.getContext().setAuthentication(this.authentication); ClientResponse clientResponseOk = ClientResponse.create(HttpStatus.OK).build(); // @formatter:off @@ -226,7 +226,7 @@ public class SecurityReactorContextConfigurationTests { expectedContextAttributes.put(HttpServletResponse.class, this.servletResponse); expectedContextAttributes.put(Authentication.class, this.authentication); Mono clientResponseMono = filter.filter(clientRequest, exchange) - .flatMap((response) -> filter.filter(clientRequest, exchange)); + .flatMap((response) -> filter.filter(clientRequest, exchange)); // @formatter:off StepVerifier.create(clientResponseMono) .expectAccessibleContext() @@ -257,7 +257,7 @@ public class SecurityReactorContextConfigurationTests { expectedContextAttributes.put(HttpServletResponse.class, null); expectedContextAttributes.put(Authentication.class, this.authentication); Mono clientResponseMono = filter.filter(clientRequest, exchange) - .flatMap((response) -> filter.filter(clientRequest, exchange)); + .flatMap((response) -> filter.filter(clientRequest, exchange)); // @formatter:off StepVerifier.create(clientResponseMono) .expectAccessibleContext() diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java index 9db832d7d9..d566615027 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfigurationTests.java @@ -79,15 +79,15 @@ public class WebMvcSecurityConfigurationTests { @Test public void authenticationPrincipalResolved() throws Exception { this.mockMvc.perform(get("/authentication-principal")) - .andExpect(assertResult(this.authentication.getPrincipal())) - .andExpect(view().name("authentication-principal-view")); + .andExpect(assertResult(this.authentication.getPrincipal())) + .andExpect(view().name("authentication-principal-view")); } @Test public void deprecatedAuthenticationPrincipalResolved() throws Exception { this.mockMvc.perform(get("/deprecated-authentication-principal")) - .andExpect(assertResult(this.authentication.getPrincipal())) - .andExpect(view().name("deprecated-authentication-principal-view")); + .andExpect(assertResult(this.authentication.getPrincipal())) + .andExpect(view().name("deprecated-authentication-principal-view")); } @Test diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java index 1f0b876d27..b0b535a5c8 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java @@ -153,10 +153,10 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenWebSecurityConfigurersHaveSameOrderThenThrowBeanCreationException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(DuplicateOrderConfig.class).autowire()) - .withMessageContaining("@Order on WebSecurityConfigurers must be unique") - .withMessageContaining(DuplicateOrderConfig.WebConfigurer1.class.getName()) - .withMessageContaining(DuplicateOrderConfig.WebConfigurer2.class.getName()); + .isThrownBy(() -> this.spring.register(DuplicateOrderConfig.class).autowire()) + .withMessageContaining("@Order on WebSecurityConfigurers must be unique") + .withMessageContaining(DuplicateOrderConfig.WebConfigurer1.class.getName()) + .withMessageContaining(DuplicateOrderConfig.WebConfigurer2.class.getName()); } @Test @@ -164,31 +164,32 @@ public class WebSecurityConfigurationTests { PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR = mock(WebInvocationPrivilegeEvaluator.class); this.spring.register(PrivilegeEvaluatorConfigurerAdapterConfig.class).autowire(); assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class)) - .isSameAs(PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR); + .isSameAs(PrivilegeEvaluatorConfigurerAdapterConfig.PRIVILEGE_EVALUATOR); } @Test public void loadConfigWhenSecurityExpressionHandlerSetThenIsRegistered() { WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER = mock(SecurityExpressionHandler.class); given(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER.getExpressionParser()) - .willReturn(mock(ExpressionParser.class)); + .willReturn(mock(ExpressionParser.class)); this.spring.register(WebSecurityExpressionHandlerConfig.class).autowire(); assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class)) - .isSameAs(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER); + .isSameAs(WebSecurityExpressionHandlerConfig.EXPRESSION_HANDLER); } @Test public void loadConfigWhenSecurityExpressionHandlerIsNullThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(NullWebSecurityExpressionHandlerConfig.class).autowire()) - .havingRootCause().isExactlyInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(NullWebSecurityExpressionHandlerConfig.class).autowire()) + .havingRootCause() + .isExactlyInstanceOf(IllegalArgumentException.class); } @Test public void loadConfigWhenDefaultSecurityExpressionHandlerThenDefaultIsRegistered() { this.spring.register(WebSecurityExpressionHandlerDefaultsConfig.class).autowire(); assertThat(this.spring.getContext().getBean(SecurityExpressionHandler.class)) - .isInstanceOf(DefaultWebSecurityExpressionHandler.class); + .isInstanceOf(DefaultWebSecurityExpressionHandler.class); } @Test @@ -198,7 +199,7 @@ public class WebSecurityConfigurationTests { FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""), new MockHttpServletResponse(), new MockFilterChain()); AbstractSecurityExpressionHandler handler = this.spring.getContext() - .getBean(AbstractSecurityExpressionHandler.class); + .getBean(AbstractSecurityExpressionHandler.class); EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation); Expression expression = handler.getExpressionParser().parseExpression("hasRole('ROLE_USER')"); boolean granted = expression.getValue(evaluationContext, Boolean.class); @@ -212,7 +213,7 @@ public class WebSecurityConfigurationTests { FilterInvocation invocation = new FilterInvocation(new MockHttpServletRequest("GET", ""), new MockHttpServletResponse(), new MockFilterChain()); AbstractSecurityExpressionHandler handler = this.spring.getContext() - .getBean(AbstractSecurityExpressionHandler.class); + .getBean(AbstractSecurityExpressionHandler.class); EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, invocation); Expression expression = handler.getExpressionParser().parseExpression("hasPermission(#study,'DELETE')"); boolean granted = expression.getValue(evaluationContext, Boolean.class); @@ -223,7 +224,7 @@ public class WebSecurityConfigurationTests { public void loadConfigWhenDefaultWebInvocationPrivilegeEvaluatorThenRequestMatcherIsRegistered() { this.spring.register(WebInvocationPrivilegeEvaluatorDefaultsConfig.class).autowire(); assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class)) - .isInstanceOf(RequestMatcherDelegatingWebInvocationPrivilegeEvaluator.class); + .isInstanceOf(RequestMatcherDelegatingWebInvocationPrivilegeEvaluator.class); } @Test @@ -231,7 +232,7 @@ public class WebSecurityConfigurationTests { this.spring.register(AuthorizeRequestsFilterChainConfig.class).autowire(); assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class)) - .isInstanceOf(RequestMatcherDelegatingWebInvocationPrivilegeEvaluator.class); + .isInstanceOf(RequestMatcherDelegatingWebInvocationPrivilegeEvaluator.class); } // SEC-2303 @@ -265,7 +266,7 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenBeanProxyingEnabledAndSubclassThenFilterChainsCreated() { this.spring.register(GlobalAuthenticationWebSecurityConfigurerAdaptersConfig.class, SubclassConfig.class) - .autowire(); + .autowire(); FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); List filterChains = filterChainProxy.getFilterChains(); assertThat(filterChains).hasSize(4); @@ -274,9 +275,9 @@ public class WebSecurityConfigurationTests { @Test public void loadConfigWhenBothAdapterAndFilterChainConfiguredThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(AdapterAndFilterChainConfig.class).autowire()) - .withRootCauseExactlyInstanceOf(IllegalStateException.class) - .withMessageContaining("Found WebSecurityConfigurerAdapter as well as SecurityFilterChain."); + .isThrownBy(() -> this.spring.register(AdapterAndFilterChainConfig.class).autowire()) + .withRootCauseExactlyInstanceOf(IllegalStateException.class) + .withMessageContaining("Found WebSecurityConfigurerAdapter as well as SecurityFilterChain."); } @Test @@ -381,14 +382,14 @@ public class WebSecurityConfigurationTests { public void loadConfigWhenTwoSecurityFilterChainsThenRequestMatcherDelegatingWebInvocationPrivilegeEvaluator() { this.spring.register(TwoSecurityFilterChainConfig.class).autowire(); assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class)) - .isInstanceOf(RequestMatcherDelegatingWebInvocationPrivilegeEvaluator.class); + .isInstanceOf(RequestMatcherDelegatingWebInvocationPrivilegeEvaluator.class); } @Test public void loadConfigWhenTwoSecurityFilterChainDebugThenRequestMatcherDelegatingWebInvocationPrivilegeEvaluator() { this.spring.register(TwoSecurityFilterChainConfig.class).autowire(); assertThat(this.spring.getContext().getBean(WebInvocationPrivilegeEvaluator.class)) - .isInstanceOf(RequestMatcherDelegatingWebInvocationPrivilegeEvaluator.class); + .isInstanceOf(RequestMatcherDelegatingWebInvocationPrivilegeEvaluator.class); } // gh-10554 @@ -396,7 +397,7 @@ public class WebSecurityConfigurationTests { public void loadConfigWhenMultipleSecurityFilterChainsThenWebInvocationPrivilegeEvaluatorApplySecurity() { this.spring.register(MultipleSecurityFilterChainConfig.class).autowire(); WebInvocationPrivilegeEvaluator privilegeEvaluator = this.spring.getContext() - .getBean(WebInvocationPrivilegeEvaluator.class); + .getBean(WebInvocationPrivilegeEvaluator.class); assertUserPermissions(privilegeEvaluator); assertAdminPermissions(privilegeEvaluator); assertAnotherUserPermission(privilegeEvaluator); @@ -407,7 +408,7 @@ public class WebSecurityConfigurationTests { public void loadConfigWhenMultipleSecurityFilterChainAndIgnoringThenWebInvocationPrivilegeEvaluatorAcceptsNullAuthenticationOnIgnored() { this.spring.register(MultipleSecurityFilterChainIgnoringConfig.class).autowire(); WebInvocationPrivilegeEvaluator privilegeEvaluator = this.spring.getContext() - .getBean(WebInvocationPrivilegeEvaluator.class); + .getBean(WebInvocationPrivilegeEvaluator.class); assertUserPermissions(privilegeEvaluator); assertAdminPermissions(privilegeEvaluator); assertAnotherUserPermission(privilegeEvaluator); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java index 9c396200b4..369fbc984c 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java @@ -69,11 +69,13 @@ public class AnonymousConfigurerTests { @Test public void requestWhenCustomSecurityContextHolderStrategyThenUses() throws Exception { - this.spring.register(AnonymousPrincipalInLambdaConfig.class, SecurityContextChangedListenerConfig.class, - PrincipalController.class).autowire(); + this.spring + .register(AnonymousPrincipalInLambdaConfig.class, SecurityContextChangedListenerConfig.class, + PrincipalController.class) + .autowire(); this.mockMvc.perform(get("/")).andExpect(content().string("principal")); SecurityContextChangedListener listener = this.spring.getContext() - .getBean(SecurityContextChangedListener.class); + .getBean(SecurityContextChangedListener.class); verify(listener).securityContextChanged(setAuthentication(AnonymousAuthenticationToken.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java index f8dbd95f15..44df0f2d0f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java @@ -86,37 +86,38 @@ public class AuthorizeHttpRequestsConfigurerTests { @Test public void configureWhenAuthorizedHttpRequestsAndNoRequestsThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(NoRequestsConfig.class).autowire()).withMessageContaining( - "At least one mapping is required (for example, authorizeHttpRequests().anyRequest().authenticated())"); + .isThrownBy(() -> this.spring.register(NoRequestsConfig.class).autowire()) + .withMessageContaining( + "At least one mapping is required (for example, authorizeHttpRequests().anyRequest().authenticated())"); } @Test public void configureNoParameterWhenAuthorizedHttpRequestsAndNoRequestsThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(NoRequestsNoParameterConfig.class).autowire()) - .withMessageContaining( - "At least one mapping is required (for example, authorizeHttpRequests().anyRequest().authenticated())"); + .isThrownBy(() -> this.spring.register(NoRequestsNoParameterConfig.class).autowire()) + .withMessageContaining( + "At least one mapping is required (for example, authorizeHttpRequests().anyRequest().authenticated())"); } @Test public void configureWhenAnyRequestIncompleteMappingThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(IncompleteMappingConfig.class).autowire()) - .withMessageContaining("An incomplete mapping was found for "); + .isThrownBy(() -> this.spring.register(IncompleteMappingConfig.class).autowire()) + .withMessageContaining("An incomplete mapping was found for "); } @Test public void configureNoParameterWhenAnyRequestIncompleteMappingThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(IncompleteMappingNoParameterConfig.class).autowire()) - .withMessageContaining("An incomplete mapping was found for "); + .isThrownBy(() -> this.spring.register(IncompleteMappingNoParameterConfig.class).autowire()) + .withMessageContaining("An incomplete mapping was found for "); } @Test public void configureWhenMvcMatcherAfterAnyRequestThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(AfterAnyRequestConfig.class).autowire()) - .withMessageContaining("Can't configure mvcMatchers after anyRequest"); + .isThrownBy(() -> this.spring.register(AfterAnyRequestConfig.class).autowire()) + .withMessageContaining("Can't configure mvcMatchers after anyRequest"); } @Test @@ -139,8 +140,8 @@ public class AuthorizeHttpRequestsConfigurerTests { public void configureMvcMatcherAccessAuthorizationManagerWhenNullThenException() { CustomAuthorizationManagerConfig.authorizationManager = null; assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(CustomAuthorizationManagerConfig.class).autowire()) - .withMessageContaining("manager cannot be null"); + .isThrownBy(() -> this.spring.register(CustomAuthorizationManagerConfig.class).autowire()) + .withMessageContaining("manager cannot be null"); } @Test diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java index ab0ab57b1a..926daa2907 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java @@ -152,8 +152,8 @@ public class AuthorizeRequestsTests { SecurityContext securityContext = new SecurityContextImpl(); securityContext.setAuthentication(UsernamePasswordAuthenticationToken.authenticated("test", "notused", AuthorityUtils.createAuthorityList("ROLE_USER"))); - this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, - securityContext); + this.request.getSession() + .setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, securityContext); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java index 602987a107..e018acea2a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java @@ -67,62 +67,69 @@ public class CorsConfigurerTests { @Test public void configureWhenNoMvcThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(DefaultCorsConfig.class).autowire()).withMessageContaining( - "Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext"); + .isThrownBy(() -> this.spring.register(DefaultCorsConfig.class).autowire()) + .withMessageContaining( + "Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext"); } @Test public void getWhenCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception { this.spring.register(MvcCorsConfig.class).autowire(); this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) - .andExpect(header().exists("Access-Control-Allow-Origin")) - .andExpect(header().exists("X-Content-Type-Options")); + .andExpect(header().exists("Access-Control-Allow-Origin")) + .andExpect(header().exists("X-Content-Type-Options")); } @Test public void optionsWhenCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception { this.spring.register(MvcCorsConfig.class).autowire(); - this.mvc.perform(options("/") + this.mvc + .perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) - .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) - .andExpect(header().exists("Access-Control-Allow-Origin")) - .andExpect(header().exists("X-Content-Type-Options")); + .header(HttpHeaders.ORIGIN, "https://example.com")) + .andExpect(status().isOk()) + .andExpect(header().exists("Access-Control-Allow-Origin")) + .andExpect(header().exists("X-Content-Type-Options")); } @Test public void getWhenDefaultsInLambdaAndCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception { this.spring.register(MvcCorsInLambdaConfig.class).autowire(); this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) - .andExpect(header().exists("Access-Control-Allow-Origin")) - .andExpect(header().exists("X-Content-Type-Options")); + .andExpect(header().exists("Access-Control-Allow-Origin")) + .andExpect(header().exists("X-Content-Type-Options")); } @Test public void optionsWhenDefaultsInLambdaAndCrossOriginAnnotationThenRespondsWithCorsHeaders() throws Exception { this.spring.register(MvcCorsInLambdaConfig.class).autowire(); - this.mvc.perform(options("/") + this.mvc + .perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) - .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) - .andExpect(header().exists("Access-Control-Allow-Origin")) - .andExpect(header().exists("X-Content-Type-Options")); + .header(HttpHeaders.ORIGIN, "https://example.com")) + .andExpect(status().isOk()) + .andExpect(header().exists("Access-Control-Allow-Origin")) + .andExpect(header().exists("X-Content-Type-Options")); } @Test public void getWhenCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(ConfigSourceConfig.class).autowire(); this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) - .andExpect(header().exists("Access-Control-Allow-Origin")) - .andExpect(header().exists("X-Content-Type-Options")); + .andExpect(header().exists("Access-Control-Allow-Origin")) + .andExpect(header().exists("X-Content-Type-Options")); } @Test public void optionsWhenCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(ConfigSourceConfig.class).autowire(); - this.mvc.perform(options("/") + this.mvc + .perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) - .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) - .andExpect(header().exists("Access-Control-Allow-Origin")) - .andExpect(header().exists("X-Content-Type-Options")); + .header(HttpHeaders.ORIGIN, "https://example.com")) + .andExpect(status().isOk()) + .andExpect(header().exists("Access-Control-Allow-Origin")) + .andExpect(header().exists("X-Content-Type-Options")); } @Test @@ -130,55 +137,61 @@ public class CorsConfigurerTests { throws Exception { this.spring.register(ConfigSourceInLambdaConfig.class).autowire(); this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) - .andExpect(header().exists("Access-Control-Allow-Origin")) - .andExpect(header().exists("X-Content-Type-Options")); + .andExpect(header().exists("Access-Control-Allow-Origin")) + .andExpect(header().exists("X-Content-Type-Options")); } @Test public void optionsWhenMvcCorsInLambdaConfigAndCorsConfigurationSourceBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(ConfigSourceInLambdaConfig.class).autowire(); - this.mvc.perform(options("/") + this.mvc + .perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) - .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) - .andExpect(header().exists("Access-Control-Allow-Origin")) - .andExpect(header().exists("X-Content-Type-Options")); + .header(HttpHeaders.ORIGIN, "https://example.com")) + .andExpect(status().isOk()) + .andExpect(header().exists("Access-Control-Allow-Origin")) + .andExpect(header().exists("X-Content-Type-Options")); } @Test public void getWhenCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(CorsFilterConfig.class).autowire(); this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) - .andExpect(header().exists("Access-Control-Allow-Origin")) - .andExpect(header().exists("X-Content-Type-Options")); + .andExpect(header().exists("Access-Control-Allow-Origin")) + .andExpect(header().exists("X-Content-Type-Options")); } @Test public void optionsWhenCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(CorsFilterConfig.class).autowire(); - this.mvc.perform(options("/") + this.mvc + .perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) - .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) - .andExpect(header().exists("Access-Control-Allow-Origin")) - .andExpect(header().exists("X-Content-Type-Options")); + .header(HttpHeaders.ORIGIN, "https://example.com")) + .andExpect(status().isOk()) + .andExpect(header().exists("Access-Control-Allow-Origin")) + .andExpect(header().exists("X-Content-Type-Options")); } @Test public void getWhenConfigSourceInLambdaConfigAndCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(CorsFilterInLambdaConfig.class).autowire(); this.mvc.perform(get("/").header(HttpHeaders.ORIGIN, "https://example.com")) - .andExpect(header().exists("Access-Control-Allow-Origin")) - .andExpect(header().exists("X-Content-Type-Options")); + .andExpect(header().exists("Access-Control-Allow-Origin")) + .andExpect(header().exists("X-Content-Type-Options")); } @Test public void optionsWhenConfigSourceInLambdaConfigAndCorsFilterBeanThenRespondsWithCorsHeaders() throws Exception { this.spring.register(CorsFilterInLambdaConfig.class).autowire(); - this.mvc.perform(options("/") + this.mvc + .perform(options("/") .header(org.springframework.http.HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()) - .header(HttpHeaders.ORIGIN, "https://example.com")).andExpect(status().isOk()) - .andExpect(header().exists("Access-Control-Allow-Origin")) - .andExpect(header().exists("X-Content-Type-Options")); + .header(HttpHeaders.ORIGIN, "https://example.com")) + .andExpect(status().isOk()) + .andExpect(header().exists("Access-Control-Allow-Origin")) + .andExpect(header().exists("X-Content-Type-Options")); } @EnableWebSecurity diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java index 3f0cc5a734..3fa91f37ce 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java @@ -63,7 +63,7 @@ public class CsrfConfigurerNoWebMvcTests { public void overrideCsrfRequestDataValueProcessor() { loadContext(EnableWebOverrideRequestDataConfig.class); assertThat(this.context.getBean(RequestDataValueProcessor.class).getClass()) - .isNotEqualTo(CsrfRequestDataValueProcessor.class); + .isNotEqualTo(CsrfRequestDataValueProcessor.class); } private void loadContext(Class configs) { diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java index 738c1a23e5..de2a60eeeb 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java @@ -114,72 +114,72 @@ public class CsrfConfigurerTests { @Test public void postWhenWebSecurityEnabledThenRespondsWithForbidden() throws Exception { this.spring - .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) - .autowire(); + .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) + .autowire(); this.mvc.perform(post("/")).andExpect(status().isForbidden()); } @Test public void putWhenWebSecurityEnabledThenRespondsWithForbidden() throws Exception { this.spring - .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) - .autowire(); + .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) + .autowire(); this.mvc.perform(put("/")).andExpect(status().isForbidden()); } @Test public void patchWhenWebSecurityEnabledThenRespondsWithForbidden() throws Exception { this.spring - .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) - .autowire(); + .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) + .autowire(); this.mvc.perform(patch("/")).andExpect(status().isForbidden()); } @Test public void deleteWhenWebSecurityEnabledThenRespondsWithForbidden() throws Exception { this.spring - .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) - .autowire(); + .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) + .autowire(); this.mvc.perform(delete("/")).andExpect(status().isForbidden()); } @Test public void invalidWhenWebSecurityEnabledThenRespondsWithForbidden() throws Exception { this.spring - .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) - .autowire(); + .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) + .autowire(); this.mvc.perform(request("INVALID", URI.create("/"))).andExpect(status().isForbidden()); } @Test public void getWhenWebSecurityEnabledThenRespondsWithOk() throws Exception { this.spring - .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) - .autowire(); + .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) + .autowire(); this.mvc.perform(get("/")).andExpect(status().isOk()); } @Test public void headWhenWebSecurityEnabledThenRespondsWithOk() throws Exception { this.spring - .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) - .autowire(); + .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) + .autowire(); this.mvc.perform(head("/")).andExpect(status().isOk()); } @Test public void traceWhenWebSecurityEnabledThenRespondsWithOk() throws Exception { this.spring - .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) - .autowire(); + .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) + .autowire(); this.mvc.perform(request(HttpMethod.TRACE, "/")).andExpect(status().isOk()); } @Test public void optionsWhenWebSecurityEnabledThenRespondsWithOk() throws Exception { this.spring - .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) - .autowire(); + .register(CsrfAppliedDefaultConfig.class, AllowHttpMethodsFirewallConfig.class, BasicController.class) + .autowire(); this.mvc.perform(options("/")).andExpect(status().isOk()); } @@ -206,9 +206,12 @@ public class CsrfConfigurerTests { public void loginWhenCsrfDisabledThenRedirectsToPreviousPostRequest() throws Exception { this.spring.register(DisableCsrfEnablesRequestCacheConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(post("/to-save")).andReturn(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password") - .session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound()) - .andExpect(redirectedUrl("http://localhost/to-save")); + this.mvc + .perform(post("/login").param("username", "user") + .param("password", "password") + .session((MockHttpSession) mvcResult.getRequest().getSession())) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("http://localhost/to-save")); } @Test @@ -216,14 +219,19 @@ public class CsrfConfigurerTests { CsrfDisablesPostRequestFromRequestCacheConfig.REPO = mock(CsrfTokenRepository.class); DefaultCsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"); given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadDeferredToken(any(HttpServletRequest.class), - any(HttpServletResponse.class))).willReturn(new TestDeferredCsrfToken(csrfToken)); + any(HttpServletResponse.class))) + .willReturn(new TestDeferredCsrfToken(csrfToken)); this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(post("/some-url")).andReturn(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()) - .session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound()) - .andExpect(redirectedUrl("/")); + this.mvc + .perform(post("/login").param("username", "user") + .param("password", "password") + .with(csrf()) + .session((MockHttpSession) mvcResult.getRequest().getSession())) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("/")); verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce()) - .loadDeferredToken(any(HttpServletRequest.class), any(HttpServletResponse.class)); + .loadDeferredToken(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @Test @@ -231,24 +239,31 @@ public class CsrfConfigurerTests { CsrfDisablesPostRequestFromRequestCacheConfig.REPO = mock(CsrfTokenRepository.class); DefaultCsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"); given(CsrfDisablesPostRequestFromRequestCacheConfig.REPO.loadDeferredToken(any(HttpServletRequest.class), - any(HttpServletResponse.class))).willReturn(new TestDeferredCsrfToken(csrfToken)); + any(HttpServletResponse.class))) + .willReturn(new TestDeferredCsrfToken(csrfToken)); this.spring.register(CsrfDisablesPostRequestFromRequestCacheConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/some-url")).andReturn(); - this.mvc.perform(post("/login").param("username", "user").param("password", "password").with(csrf()) - .session((MockHttpSession) mvcResult.getRequest().getSession())).andExpect(status().isFound()) - .andExpect(redirectedUrl("http://localhost/some-url")); + this.mvc + .perform(post("/login").param("username", "user") + .param("password", "password") + .with(csrf()) + .session((MockHttpSession) mvcResult.getRequest().getSession())) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("http://localhost/some-url")); verify(CsrfDisablesPostRequestFromRequestCacheConfig.REPO, atLeastOnce()) - .loadDeferredToken(any(HttpServletRequest.class), any(HttpServletResponse.class)); + .loadDeferredToken(any(HttpServletRequest.class), any(HttpServletResponse.class)); } // SEC-2422 @Test public void postWhenCsrfEnabledAndSessionIsExpiredThenRespondsWithForbidden() throws Exception { this.spring.register(InvalidSessionUrlConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/").param("_csrf", "abc")).andExpect(status().isFound()) - .andExpect(redirectedUrl("/error/sessionError")).andReturn(); + MvcResult mvcResult = this.mvc.perform(post("/").param("_csrf", "abc")) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("/error/sessionError")) + .andReturn(); this.mvc.perform(post("/").session((MockHttpSession) mvcResult.getRequest().getSession())) - .andExpect(status().isForbidden()); + .andExpect(status().isForbidden()); } @Test @@ -287,7 +302,7 @@ public class CsrfConfigurerTests { CsrfTokenRepositoryConfig.REPO = mock(CsrfTokenRepository.class); given(CsrfTokenRepositoryConfig.REPO.loadDeferredToken(any(HttpServletRequest.class), any(HttpServletResponse.class))) - .willReturn(new TestDeferredCsrfToken(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"))); + .willReturn(new TestDeferredCsrfToken(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"))); this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire(); this.mvc.perform(get("/")).andExpect(status().isOk()); verify(CsrfTokenRepositoryConfig.REPO).loadDeferredToken(any(HttpServletRequest.class), @@ -309,7 +324,8 @@ public class CsrfConfigurerTests { DefaultCsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"); given(CsrfTokenRepositoryConfig.REPO.loadToken(any())).willReturn(csrfToken); given(CsrfTokenRepositoryConfig.REPO.loadDeferredToken(any(HttpServletRequest.class), - any(HttpServletResponse.class))).willReturn(new TestDeferredCsrfToken(csrfToken)); + any(HttpServletResponse.class))) + .willReturn(new TestDeferredCsrfToken(csrfToken)); this.spring.register(CsrfTokenRepositoryConfig.class, BasicController.class).autowire(); // @formatter:off MockHttpServletRequestBuilder loginRequest = post("/login") @@ -328,7 +344,7 @@ public class CsrfConfigurerTests { CsrfTokenRepositoryInLambdaConfig.REPO = mock(CsrfTokenRepository.class); given(CsrfTokenRepositoryInLambdaConfig.REPO.loadDeferredToken(any(HttpServletRequest.class), any(HttpServletResponse.class))) - .willReturn(new TestDeferredCsrfToken(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"))); + .willReturn(new TestDeferredCsrfToken(new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"))); this.spring.register(CsrfTokenRepositoryInLambdaConfig.class, BasicController.class).autowire(); this.mvc.perform(get("/")).andExpect(status().isOk()); verify(CsrfTokenRepositoryInLambdaConfig.REPO).loadDeferredToken(any(HttpServletRequest.class), @@ -398,8 +414,8 @@ public class CsrfConfigurerTests { @Test public void configureWhenRequireCsrfProtectionMatcherNullThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(NullRequireCsrfProtectionMatcherConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(NullRequireCsrfProtectionMatcherConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } @Test @@ -412,8 +428,8 @@ public class CsrfConfigurerTests { @Test public void getWhenNullAuthenticationStrategyThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(NullAuthenticationStrategy.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(NullAuthenticationStrategy.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } @Test @@ -436,12 +452,13 @@ public class CsrfConfigurerTests { CsrfTokenRepository csrfTokenRepository = mock(CsrfTokenRepository.class); CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"); given(csrfTokenRepository.loadDeferredToken(any(HttpServletRequest.class), any(HttpServletResponse.class))) - .willReturn(new TestDeferredCsrfToken(csrfToken)); + .willReturn(new TestDeferredCsrfToken(csrfToken)); CsrfTokenRequestHandlerConfig.REPO = csrfTokenRepository; CsrfTokenRequestHandlerConfig.HANDLER = new CsrfTokenRequestAttributeHandler(); this.spring.register(CsrfTokenRequestHandlerConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/login")).andExpect(status().isOk()) - .andExpect(content().string(containsString(csrfToken.getToken()))); + this.mvc.perform(get("/login")) + .andExpect(status().isOk()) + .andExpect(content().string(containsString(csrfToken.getToken()))); verify(csrfTokenRepository).loadDeferredToken(any(HttpServletRequest.class), any(HttpServletResponse.class)); verifyNoMoreInteractions(csrfTokenRepository); } @@ -452,7 +469,7 @@ public class CsrfConfigurerTests { CsrfTokenRepository csrfTokenRepository = mock(CsrfTokenRepository.class); given(csrfTokenRepository.loadToken(any(HttpServletRequest.class))).willReturn(csrfToken); given(csrfTokenRepository.loadDeferredToken(any(HttpServletRequest.class), any(HttpServletResponse.class))) - .willReturn(new TestDeferredCsrfToken(csrfToken)); + .willReturn(new TestDeferredCsrfToken(csrfToken)); CsrfTokenRequestHandlerConfig.REPO = csrfTokenRepository; CsrfTokenRequestHandlerConfig.HANDLER = new CsrfTokenRequestAttributeHandler(); this.spring.register(CsrfTokenRequestHandlerConfig.class, BasicController.class).autowire(); @@ -476,12 +493,13 @@ public class CsrfConfigurerTests { CsrfTokenRepository csrfTokenRepository = mock(CsrfTokenRepository.class); CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "token"); given(csrfTokenRepository.loadDeferredToken(any(HttpServletRequest.class), any(HttpServletResponse.class))) - .willReturn(new TestDeferredCsrfToken(csrfToken)); + .willReturn(new TestDeferredCsrfToken(csrfToken)); CsrfTokenRequestHandlerConfig.REPO = csrfTokenRepository; CsrfTokenRequestHandlerConfig.HANDLER = new XorCsrfTokenRequestAttributeHandler(); this.spring.register(CsrfTokenRequestHandlerConfig.class, BasicController.class).autowire(); - this.mvc.perform(get("/login")).andExpect(status().isOk()) - .andExpect(content().string(not(containsString(csrfToken.getToken())))); + this.mvc.perform(get("/login")) + .andExpect(status().isOk()) + .andExpect(content().string(not(containsString(csrfToken.getToken())))); verify(csrfTokenRepository).loadDeferredToken(any(HttpServletRequest.class), any(HttpServletResponse.class)); verifyNoMoreInteractions(csrfTokenRepository); } @@ -492,7 +510,7 @@ public class CsrfConfigurerTests { CsrfTokenRepository csrfTokenRepository = mock(CsrfTokenRepository.class); given(csrfTokenRepository.loadToken(any(HttpServletRequest.class))).willReturn(csrfToken); given(csrfTokenRepository.loadDeferredToken(any(HttpServletRequest.class), any(HttpServletResponse.class))) - .willReturn(new TestDeferredCsrfToken(csrfToken)); + .willReturn(new TestDeferredCsrfToken(csrfToken)); CsrfTokenRequestHandlerConfig.REPO = csrfTokenRepository; CsrfTokenRequestHandlerConfig.HANDLER = new XorCsrfTokenRequestAttributeHandler(); this.spring.register(CsrfTokenRequestHandlerConfig.class, BasicController.class).autowire(); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java index 37f9b28c72..fd0c6bed0f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java @@ -82,29 +82,35 @@ public class DefaultFiltersTests { @Test public void nullWebInvocationPrivilegeEvaluator() { this.spring.register(NullWebInvocationPrivilegeEvaluatorConfig.class, UserDetailsServiceConfig.class); - List filterChains = this.spring.getContext().getBean(FilterChainProxy.class) - .getFilterChains(); + List filterChains = this.spring.getContext() + .getBean(FilterChainProxy.class) + .getFilterChains(); assertThat(filterChains.size()).isEqualTo(1); DefaultSecurityFilterChain filterChain = (DefaultSecurityFilterChain) filterChains.get(0); assertThat(filterChain.getRequestMatcher()).isInstanceOf(AnyRequestMatcher.class); assertThat(filterChain.getFilters().size()).isEqualTo(1); - long filter = filterChain.getFilters().stream() - .filter((it) -> it instanceof UsernamePasswordAuthenticationFilter).count(); + long filter = filterChain.getFilters() + .stream() + .filter((it) -> it instanceof UsernamePasswordAuthenticationFilter) + .count(); assertThat(filter).isEqualTo(1); } @Test public void filterChainProxyBuilderIgnoringResources() { this.spring.register(FilterChainProxyBuilderIgnoringConfig.class, UserDetailsServiceConfig.class); - List filterChains = this.spring.getContext().getBean(FilterChainProxy.class) - .getFilterChains(); + List filterChains = this.spring.getContext() + .getBean(FilterChainProxy.class) + .getFilterChains(); assertThat(filterChains.size()).isEqualTo(2); DefaultSecurityFilterChain firstFilter = (DefaultSecurityFilterChain) filterChains.get(0); DefaultSecurityFilterChain secondFilter = (DefaultSecurityFilterChain) filterChains.get(1); assertThat(firstFilter.getFilters().isEmpty()).isEqualTo(true); assertThat(secondFilter.getRequestMatcher()).isInstanceOf(AnyRequestMatcher.class); - List> classes = secondFilter.getFilters().stream().map(Filter::getClass) - .collect(Collectors.toList()); + List> classes = secondFilter.getFilters() + .stream() + .map(Filter::getClass) + .collect(Collectors.toList()); assertThat(classes.contains(WebAsyncManagerIntegrationFilter.class)).isTrue(); assertThat(classes.contains(SecurityContextPersistenceFilter.class)).isTrue(); assertThat(classes.contains(HeaderWriterFilter.class)).isTrue(); @@ -127,8 +133,9 @@ public class DefaultFiltersTests { CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "BaseSpringSpec_CSRFTOKEN"); new HttpSessionCsrfTokenRepository().saveToken(csrfToken, request, response); request.setParameter(csrfToken.getParameterName(), csrfToken.getToken()); - this.spring.getContext().getBean("springSecurityFilterChain", Filter.class).doFilter(request, response, - new MockFilterChain()); + this.spring.getContext() + .getBean("springSecurityFilterChain", Filter.class) + .doFilter(request, response, new MockFilterChain()); assertThat(response.getRedirectedUrl()).isEqualTo("/login?logout"); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java index 4f580a7a2d..b0324f249a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java @@ -353,7 +353,7 @@ public class DefaultLoginPageConfigurerTests { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); verify(ObjectPostProcessorConfig.objectPostProcessor) - .postProcess(any(UsernamePasswordAuthenticationFilter.class)); + .postProcess(any(UsernamePasswordAuthenticationFilter.class)); } @Test @@ -374,9 +374,12 @@ public class DefaultLoginPageConfigurerTests { public void configureWhenAuthenticationEntryPointThenNoDefaultLoginPageGeneratingFilter() { this.spring.register(DefaultLoginWithCustomAuthenticationEntryPointConfig.class).autowire(); FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class); - assertThat(filterChain.getFilterChains().get(0).getFilters().stream() - .filter((filter) -> filter.getClass().isAssignableFrom(DefaultLoginPageGeneratingFilter.class)).count()) - .isZero(); + assertThat(filterChain.getFilterChains() + .get(0) + .getFilters() + .stream() + .filter((filter) -> filter.getClass().isAssignableFrom(DefaultLoginPageGeneratingFilter.class)) + .count()).isZero(); } @Test diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java index bd65436027..aa33591c06 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java @@ -78,7 +78,7 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests { static class RequestMatcherBasedAccessDeniedHandlerConfig extends WebSecurityConfigurerAdapter { AccessDeniedHandler teapotDeniedHandler = (request, response, exception) -> response - .setStatus(HttpStatus.I_AM_A_TEAPOT.value()); + .setStatus(HttpStatus.I_AM_A_TEAPOT.value()); @Override protected void configure(HttpSecurity http) throws Exception { @@ -103,7 +103,7 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests { static class RequestMatcherBasedAccessDeniedHandlerInLambdaConfig extends WebSecurityConfigurerAdapter { AccessDeniedHandler teapotDeniedHandler = (request, response, exception) -> response - .setStatus(HttpStatus.I_AM_A_TEAPOT.value()); + .setStatus(HttpStatus.I_AM_A_TEAPOT.value()); @Override protected void configure(HttpSecurity http) throws Exception { @@ -133,7 +133,7 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests { static class SingleRequestMatcherAccessDeniedHandlerConfig extends WebSecurityConfigurerAdapter { AccessDeniedHandler teapotDeniedHandler = (request, response, exception) -> response - .setStatus(HttpStatus.I_AM_A_TEAPOT.value()); + .setStatus(HttpStatus.I_AM_A_TEAPOT.value()); @Override protected void configure(HttpSecurity http) throws Exception { diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java index 4c3550c4e2..41fd8ffdd2 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java @@ -81,7 +81,7 @@ public class ExceptionHandlingConfigurerTests { public void getWhenAcceptHeaderIsApplicationXhtmlXmlThenRespondsWith302() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_XHTML_XML)) - .andExpect(status().isFound()); + .andExpect(status().isFound()); } // SEC-2199 @@ -124,7 +124,7 @@ public class ExceptionHandlingConfigurerTests { public void getWhenAcceptHeaderIsApplicationAtomXmlThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_ATOM_XML)) - .andExpect(status().isUnauthorized()); + .andExpect(status().isUnauthorized()); } // SEC-2199 @@ -132,7 +132,7 @@ public class ExceptionHandlingConfigurerTests { public void getWhenAcceptHeaderIsApplicationFormUrlEncodedThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_FORM_URLENCODED)) - .andExpect(status().isUnauthorized()); + .andExpect(status().isUnauthorized()); } // SEC-2199 @@ -140,7 +140,7 @@ public class ExceptionHandlingConfigurerTests { public void getWhenAcceptHeaderIsApplicationJsonThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON)) - .andExpect(status().isUnauthorized()); + .andExpect(status().isUnauthorized()); } // SEC-2199 @@ -148,7 +148,7 @@ public class ExceptionHandlingConfigurerTests { public void getWhenAcceptHeaderIsApplicationOctetStreamThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.APPLICATION_OCTET_STREAM)) - .andExpect(status().isUnauthorized()); + .andExpect(status().isUnauthorized()); } // SEC-2199 @@ -156,7 +156,7 @@ public class ExceptionHandlingConfigurerTests { public void getWhenAcceptHeaderIsMultipartFormDataThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, MediaType.MULTIPART_FORM_DATA)) - .andExpect(status().isUnauthorized()); + .andExpect(status().isUnauthorized()); } // SEC-2199 @@ -176,25 +176,26 @@ public class ExceptionHandlingConfigurerTests { @Test public void getWhenAcceptIsChromeThenRespondsWith302() throws Exception { this.spring.register(DefaultSecurityConfig.class).autowire(); - this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, - "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8")) - .andExpect(status().isFound()); + this.mvc + .perform(get("/").header(HttpHeaders.ACCEPT, + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8")) + .andExpect(status().isFound()); } @Test public void getWhenAcceptIsTextPlainAndXRequestedWithIsXHRThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); this.mvc.perform(get("/").header("Accept", MediaType.TEXT_PLAIN).header("X-Requested-With", "XMLHttpRequest")) - .andExpect(status().isUnauthorized()); + .andExpect(status().isUnauthorized()); } @Test public void getWhenCustomContentNegotiationStrategyThenStrategyIsUsed() throws Exception { this.spring.register(OverrideContentNegotiationStrategySharedObjectConfig.class, DefaultSecurityConfig.class) - .autowire(); + .autowire(); this.mvc.perform(get("/")); verify(OverrideContentNegotiationStrategySharedObjectConfig.CNS, atLeastOnce()) - .resolveMediaTypes(any(NativeWebRequest.class)); + .resolveMediaTypes(any(NativeWebRequest.class)); } @Test @@ -204,7 +205,7 @@ public class ExceptionHandlingConfigurerTests { SecurityContextHolderStrategy strategy = this.spring.getContext().getBean(SecurityContextHolderStrategy.class); verify(strategy, atLeastOnce()).getContext(); SecurityContextChangedListener listener = this.spring.getContext() - .getBean(SecurityContextChangedListener.class); + .getBean(SecurityContextChangedListener.class); verify(listener).securityContextChanged(setAuthentication(AnonymousAuthenticationToken.class)); } @@ -212,7 +213,7 @@ public class ExceptionHandlingConfigurerTests { public void getWhenUsingDefaultsAndUnauthenticatedThenRedirectsToLogin() throws Exception { this.spring.register(DefaultHttpConfig.class).autowire(); this.mvc.perform(get("/").header(HttpHeaders.ACCEPT, "bogus/type")) - .andExpect(redirectedUrl("http://localhost/login")); + .andExpect(redirectedUrl("http://localhost/login")); } @Test diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java index 2eff3fe9df..3dc1ff2290 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java @@ -89,9 +89,10 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void configureWhenHasRoleStartingWithStringRoleThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(HasRoleStartingWithRoleConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class).withMessageContaining( - "role should not start with 'ROLE_' since it is automatically inserted. Got 'ROLE_USER'"); + .isThrownBy(() -> this.spring.register(HasRoleStartingWithRoleConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class) + .withMessageContaining( + "role should not start with 'ROLE_' since it is automatically inserted. Got 'ROLE_USER'"); } @Test @@ -103,15 +104,16 @@ public class ExpressionUrlAuthorizationConfigurerTests { @Test public void configureWhenAuthorizedRequestsAndNoRequestsThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(NoRequestsConfig.class).autowire()).withMessageContaining( - "At least one mapping is required (i.e. authorizeRequests().anyRequest().authenticated())"); + .isThrownBy(() -> this.spring.register(NoRequestsConfig.class).autowire()) + .withMessageContaining( + "At least one mapping is required (i.e. authorizeRequests().anyRequest().authenticated())"); } @Test public void configureWhenAnyRequestIncompleteMappingThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(IncompleteMappingConfig.class).autowire()) - .withMessageContaining("An incomplete mapping was found for "); + .isThrownBy(() -> this.spring.register(IncompleteMappingConfig.class).autowire()) + .withMessageContaining("An incomplete mapping was found for "); } @Test diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java index e8c4d12cdf..40f2aecbab 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java @@ -117,7 +117,7 @@ public class FormLoginConfigurerTests { SecurityContextHolderStrategy strategy = this.spring.getContext().getBean(SecurityContextHolderStrategy.class); verify(strategy, atLeastOnce()).getContext(); SecurityContextChangedListener listener = this.spring.getContext() - .getBean(SecurityContextChangedListener.class); + .getBean(SecurityContextChangedListener.class); verify(listener).securityContextChanged(setAuthentication(UsernamePasswordAuthenticationToken.class)); } @@ -358,7 +358,7 @@ public class FormLoginConfigurerTests { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); verify(ObjectPostProcessorConfig.objectPostProcessor) - .postProcess(any(UsernamePasswordAuthenticationFilter.class)); + .postProcess(any(UsernamePasswordAuthenticationFilter.class)); } @Test @@ -616,7 +616,8 @@ public class FormLoginConfigurerTests { .portMapper(PORT_MAPPER); // @formatter:on LoginUrlAuthenticationEntryPoint authenticationEntryPoint = (LoginUrlAuthenticationEntryPoint) http - .getConfigurer(FormLoginConfigurer.class).getAuthenticationEntryPoint(); + .getConfigurer(FormLoginConfigurer.class) + .getAuthenticationEntryPoint(); authenticationEntryPoint.setForceHttps(true); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java index 7369c2defa..7e26d94d80 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java @@ -49,13 +49,14 @@ public class HeadersConfigurerEagerHeadersTests { @Test public void requestWhenHeadersEagerlyConfiguredThenHeadersAreWritten() throws Exception { this.spring.register(HeadersAtTheBeginningOfRequestConfig.class).autowire(); - this.mvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff")) - .andExpect(header().string("X-Frame-Options", "DENY")) - .andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains")) - .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) - .andExpect(header().string(HttpHeaders.EXPIRES, "0")) - .andExpect(header().string(HttpHeaders.PRAGMA, "no-cache")) - .andExpect(header().string("X-XSS-Protection", "1; mode=block")); + this.mvc.perform(get("/").secure(true)) + .andExpect(header().string("X-Content-Type-Options", "nosniff")) + .andExpect(header().string("X-Frame-Options", "DENY")) + .andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains")) + .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) + .andExpect(header().string(HttpHeaders.EXPIRES, "0")) + .andExpect(header().string(HttpHeaders.PRAGMA, "no-cache")) + .andExpect(header().string("X-XSS-Protection", "1; mode=block")); } @EnableWebSecurity diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java index fb3d994a5d..d7409c3213 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java @@ -73,14 +73,14 @@ public class HeadersConfigurerTests { public void getWhenHeadersConfiguredThenDefaultHeadersInResponse() throws Exception { this.spring.register(HeadersConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) - .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")) - .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())) - .andExpect( - header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains")) - .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) - .andExpect(header().string(HttpHeaders.EXPIRES, "0")) - .andExpect(header().string(HttpHeaders.PRAGMA, "no-cache")) - .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn(); + .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")) + .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())) + .andExpect(header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains")) + .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) + .andExpect(header().string(HttpHeaders.EXPIRES, "0")) + .andExpect(header().string(HttpHeaders.PRAGMA, "no-cache")) + .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactlyInAnyOrder( HttpHeaders.X_CONTENT_TYPE_OPTIONS, HttpHeaders.X_FRAME_OPTIONS, HttpHeaders.STRICT_TRANSPORT_SECURITY, HttpHeaders.CACHE_CONTROL, HttpHeaders.EXPIRES, HttpHeaders.PRAGMA, HttpHeaders.X_XSS_PROTECTION); @@ -90,14 +90,14 @@ public class HeadersConfigurerTests { public void getWhenHeadersConfiguredInLambdaThenDefaultHeadersInResponse() throws Exception { this.spring.register(HeadersInLambdaConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) - .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")) - .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())) - .andExpect( - header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains")) - .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) - .andExpect(header().string(HttpHeaders.EXPIRES, "0")) - .andExpect(header().string(HttpHeaders.PRAGMA, "no-cache")) - .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn(); + .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")) + .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())) + .andExpect(header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains")) + .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) + .andExpect(header().string(HttpHeaders.EXPIRES, "0")) + .andExpect(header().string(HttpHeaders.PRAGMA, "no-cache")) + .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactlyInAnyOrder( HttpHeaders.X_CONTENT_TYPE_OPTIONS, HttpHeaders.X_FRAME_OPTIONS, HttpHeaders.STRICT_TRANSPORT_SECURITY, HttpHeaders.CACHE_CONTROL, HttpHeaders.EXPIRES, HttpHeaders.PRAGMA, HttpHeaders.X_XSS_PROTECTION); @@ -108,7 +108,8 @@ public class HeadersConfigurerTests { throws Exception { this.spring.register(ContentTypeOptionsConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/")) - .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")).andReturn(); + .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_CONTENT_TYPE_OPTIONS); } @@ -116,7 +117,8 @@ public class HeadersConfigurerTests { public void getWhenOnlyContentTypeConfiguredInLambdaThenOnlyContentTypeHeaderInResponse() throws Exception { this.spring.register(ContentTypeOptionsInLambdaConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/")) - .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")).andReturn(); + .andExpect(header().string(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff")) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_CONTENT_TYPE_OPTIONS); } @@ -125,7 +127,8 @@ public class HeadersConfigurerTests { throws Exception { this.spring.register(FrameOptionsConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/")) - .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())).andReturn(); + .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.DENY.name())) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_FRAME_OPTIONS); } @@ -134,9 +137,8 @@ public class HeadersConfigurerTests { throws Exception { this.spring.register(HstsConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) - .andExpect( - header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains")) - .andReturn(); + .andExpect(header().string(HttpHeaders.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains")) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.STRICT_TRANSPORT_SECURITY); } @@ -145,9 +147,10 @@ public class HeadersConfigurerTests { throws Exception { this.spring.register(CacheControlConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) - .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) - .andExpect(header().string(HttpHeaders.EXPIRES, "0")) - .andExpect(header().string(HttpHeaders.PRAGMA, "no-cache")).andReturn(); + .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) + .andExpect(header().string(HttpHeaders.EXPIRES, "0")) + .andExpect(header().string(HttpHeaders.PRAGMA, "no-cache")) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactlyInAnyOrder(HttpHeaders.CACHE_CONTROL, HttpHeaders.EXPIRES, HttpHeaders.PRAGMA); } @@ -157,9 +160,10 @@ public class HeadersConfigurerTests { throws Exception { this.spring.register(CacheControlInLambdaConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) - .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) - .andExpect(header().string(HttpHeaders.EXPIRES, "0")) - .andExpect(header().string(HttpHeaders.PRAGMA, "no-cache")).andReturn(); + .andExpect(header().string(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate")) + .andExpect(header().string(HttpHeaders.EXPIRES, "0")) + .andExpect(header().string(HttpHeaders.PRAGMA, "no-cache")) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactlyInAnyOrder(HttpHeaders.CACHE_CONTROL, HttpHeaders.EXPIRES, HttpHeaders.PRAGMA); } @@ -169,7 +173,8 @@ public class HeadersConfigurerTests { throws Exception { this.spring.register(XssProtectionConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) - .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn(); + .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION); } @@ -178,7 +183,8 @@ public class HeadersConfigurerTests { throws Exception { this.spring.register(XssProtectionValueDisabledConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) - .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "0")).andReturn(); + .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "0")) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION); } @@ -186,7 +192,8 @@ public class HeadersConfigurerTests { public void getWhenOnlyXssProtectionConfiguredInLambdaThenOnlyXssProtectionHeaderInResponse() throws Exception { this.spring.register(XssProtectionInLambdaConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) - .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")).andReturn(); + .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "1; mode=block")) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION); } @@ -195,7 +202,8 @@ public class HeadersConfigurerTests { throws Exception { this.spring.register(XssProtectionValueDisabledInLambdaConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/").secure(true)) - .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "0")).andReturn(); + .andExpect(header().string(HttpHeaders.X_XSS_PROTECTION, "0")) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.X_XSS_PROTECTION); } @@ -203,8 +211,8 @@ public class HeadersConfigurerTests { public void getWhenFrameOptionsSameOriginConfiguredThenFrameOptionsHeaderHasValueSameOrigin() throws Exception { this.spring.register(HeadersCustomSameOriginConfig.class).autowire(); this.mvc.perform(get("/").secure(true)) - .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.SAMEORIGIN.name())) - .andReturn(); + .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.SAMEORIGIN.name())) + .andReturn(); } @Test @@ -212,8 +220,8 @@ public class HeadersConfigurerTests { throws Exception { this.spring.register(HeadersCustomSameOriginInLambdaConfig.class).autowire(); this.mvc.perform(get("/").secure(true)) - .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.SAMEORIGIN.name())) - .andReturn(); + .andExpect(header().string(HttpHeaders.X_FRAME_OPTIONS, XFrameOptionsMode.SAMEORIGIN.name())) + .andReturn(); } @Test @@ -362,7 +370,7 @@ public class HeadersConfigurerTests { .andReturn(); // @formatter:on assertThat(mvcResult.getResponse().getHeaderNames()) - .containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY); + .containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY); } @Test @@ -377,21 +385,21 @@ public class HeadersConfigurerTests { .andReturn(); // @formatter:on assertThat(mvcResult.getResponse().getHeaderNames()) - .containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY); + .containsExactly(HttpHeaders.CONTENT_SECURITY_POLICY_REPORT_ONLY); } @Test public void configureWhenContentSecurityPolicyEmptyThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } @Test public void configureWhenContentSecurityPolicyEmptyInLambdaThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidInLambdaConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(ContentSecurityPolicyInvalidInLambdaConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } @Test @@ -470,8 +478,8 @@ public class HeadersConfigurerTests { @Test public void configureWhenFeaturePolicyEmptyThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(FeaturePolicyInvalidConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(FeaturePolicyInvalidConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } @Test @@ -501,15 +509,15 @@ public class HeadersConfigurerTests { @Test public void configureWhenPermissionsPolicyEmptyThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(PermissionsPolicyInvalidConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(PermissionsPolicyInvalidConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } @Test public void configureWhenPermissionsPolicyStringEmptyThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(PermissionsPolicyInvalidStringConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(PermissionsPolicyInvalidStringConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } @Test @@ -545,9 +553,10 @@ public class HeadersConfigurerTests { throws Exception { this.spring.register(CrossOriginCustomPoliciesInLambdaConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/")) - .andExpect(header().string(HttpHeaders.CROSS_ORIGIN_OPENER_POLICY, "same-origin")) - .andExpect(header().string(HttpHeaders.CROSS_ORIGIN_EMBEDDER_POLICY, "require-corp")) - .andExpect(header().string(HttpHeaders.CROSS_ORIGIN_RESOURCE_POLICY, "same-origin")).andReturn(); + .andExpect(header().string(HttpHeaders.CROSS_ORIGIN_OPENER_POLICY, "same-origin")) + .andExpect(header().string(HttpHeaders.CROSS_ORIGIN_EMBEDDER_POLICY, "require-corp")) + .andExpect(header().string(HttpHeaders.CROSS_ORIGIN_RESOURCE_POLICY, "same-origin")) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CROSS_ORIGIN_OPENER_POLICY, HttpHeaders.CROSS_ORIGIN_EMBEDDER_POLICY, HttpHeaders.CROSS_ORIGIN_RESOURCE_POLICY); } @@ -557,9 +566,10 @@ public class HeadersConfigurerTests { throws Exception { this.spring.register(CrossOriginCustomPoliciesConfig.class).autowire(); MvcResult mvcResult = this.mvc.perform(get("/")) - .andExpect(header().string(HttpHeaders.CROSS_ORIGIN_OPENER_POLICY, "same-origin")) - .andExpect(header().string(HttpHeaders.CROSS_ORIGIN_EMBEDDER_POLICY, "require-corp")) - .andExpect(header().string(HttpHeaders.CROSS_ORIGIN_RESOURCE_POLICY, "same-origin")).andReturn(); + .andExpect(header().string(HttpHeaders.CROSS_ORIGIN_OPENER_POLICY, "same-origin")) + .andExpect(header().string(HttpHeaders.CROSS_ORIGIN_EMBEDDER_POLICY, "require-corp")) + .andExpect(header().string(HttpHeaders.CROSS_ORIGIN_RESOURCE_POLICY, "same-origin")) + .andReturn(); assertThat(mvcResult.getResponse().getHeaderNames()).containsExactly(HttpHeaders.CROSS_ORIGIN_OPENER_POLICY, HttpHeaders.CROSS_ORIGIN_EMBEDDER_POLICY, HttpHeaders.CROSS_ORIGIN_RESOURCE_POLICY); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java index 38b1821e6f..c7c0af7887 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java @@ -126,25 +126,27 @@ public class HttpBasicConfigurerTests { public void httpBasicWhenRememberMeConfiguredThenSetsRememberMeCookie() throws Exception { this.spring.register(BasicUsesRememberMeConfig.class).autowire(); MockHttpServletRequestBuilder rememberMeRequest = get("/").with(httpBasic("user", "password")) - .param("remember-me", "true"); + .param("remember-me", "true"); this.mvc.perform(rememberMeRequest).andExpect(cookie().exists("remember-me")); } @Test public void httpBasicWhenDefaultsThenAcceptsBasicCredentials() throws Exception { this.spring.register(HttpBasic.class, Users.class, Home.class).autowire(); - this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk()) - .andExpect(content().string("user")); + this.mvc.perform(get("/").with(httpBasic("user", "password"))) + .andExpect(status().isOk()) + .andExpect(content().string("user")); } @Test public void httpBasicWhenCustomSecurityContextHolderStrategyThenUses() throws Exception { this.spring.register(HttpBasic.class, Users.class, Home.class, SecurityContextChangedListenerConfig.class) - .autowire(); - this.mvc.perform(get("/").with(httpBasic("user", "password"))).andExpect(status().isOk()) - .andExpect(content().string("user")); + .autowire(); + this.mvc.perform(get("/").with(httpBasic("user", "password"))) + .andExpect(status().isOk()) + .andExpect(content().string("user")); SecurityContextChangedListener listener = this.spring.getContext() - .getBean(SecurityContextChangedListener.class); + .getBean(SecurityContextChangedListener.class); verify(listener).securityContextChanged(setAuthentication(UsernamePasswordAuthenticationToken.class)); } @@ -318,7 +320,7 @@ public class HttpBasicConfigurerTests { @Bean SecurityFilterChain web(HttpSecurity http) throws Exception { http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()) - .httpBasic(Customizer.withDefaults()); + .httpBasic(Customizer.withDefaults()); return http.build(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java index f4d4c5db0b..dadae4f6a0 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java @@ -75,8 +75,8 @@ public class HttpSecurityLogoutTests { loadConfig(ClearAuthenticationFalseConfig.class); SecurityContext currentContext = SecurityContextHolder.createEmptyContext(); currentContext.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); - this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, - currentContext); + this.request.getSession() + .setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, currentContext); this.request.setMethod("POST"); this.request.setServletPath("/logout"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecuritySecurityMatchersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecuritySecurityMatchersTests.java index 7e2b25cf12..3bb278ede0 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecuritySecurityMatchersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecuritySecurityMatchersTests.java @@ -479,7 +479,7 @@ public class HttpSecuritySecurityMatchersTests { @Bean SecurityFilterChain appSecurity(HttpSecurity http, HandlerMappingIntrospector introspector) throws Exception { MvcRequestMatcher.Builder mvcMatcherBuilder = new MvcRequestMatcher.Builder(introspector) - .servletPath("/spring"); + .servletPath("/spring"); // @formatter:off http .securityMatchers() @@ -514,7 +514,7 @@ public class HttpSecuritySecurityMatchersTests { @Bean SecurityFilterChain appSecurity(HttpSecurity http, HandlerMappingIntrospector introspector) throws Exception { MvcRequestMatcher.Builder mvcMatcherBuilder = new MvcRequestMatcher.Builder(introspector) - .servletPath("/spring"); + .servletPath("/spring"); // @formatter:off http .securityMatchers((matchers) -> matchers @@ -546,8 +546,11 @@ public class HttpSecuritySecurityMatchersTests { @Bean UserDetailsService userDetailsService() { - UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER") - .build(); + UserDetails user = User.withDefaultPasswordEncoder() + .username("user") + .password("password") + .roles("USER") + .build(); return new InMemoryUserDetailsManager(user); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java index e0f25237b1..231feac53c 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/Issue55Tests.java @@ -72,7 +72,7 @@ public class Issue55Tests { FilterSecurityInterceptor secondFilter = (FilterSecurityInterceptor) findFilter(FilterSecurityInterceptor.class, 1); assertThat(secondFilter.getAuthenticationManager().authenticate(token)) - .isEqualTo(CustomAuthenticationManager.RESULT); + .isEqualTo(CustomAuthenticationManager.RESULT); } Filter findFilter(Class filter, int index) { diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java index e26dbc9a66..05c990d905 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java @@ -65,7 +65,7 @@ public class JeeConfigurerTests { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); verify(ObjectPostProcessorConfig.objectPostProcessor) - .postProcess(any(J2eePreAuthenticatedProcessingFilter.class)); + .postProcess(any(J2eePreAuthenticatedProcessingFilter.class)); } @Test @@ -73,7 +73,7 @@ public class JeeConfigurerTests { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); verify(ObjectPostProcessorConfig.objectPostProcessor) - .postProcess(any(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class)); + .postProcess(any(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class)); } @Test @@ -125,7 +125,7 @@ public class JeeConfigurerTests { }); // @formatter:on SecurityMockMvcResultMatchers.AuthenticatedMatcher authenticatedAsUser = authenticated() - .withAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER")); + .withAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER")); this.mvc.perform(authRequest).andExpect(authenticatedAsUser); } @@ -138,7 +138,7 @@ public class JeeConfigurerTests { AuthorityUtils.createAuthorityList("ROLE_USER")); given(user.getName()).willReturn("user"); given(JeeCustomAuthenticatedUserDetailsServiceConfig.authenticationUserDetailsService.loadUserDetails(any())) - .willReturn(userDetails); + .willReturn(userDetails); // @formatter:off MockHttpServletRequestBuilder authRequest = get("/") .principal(user) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java index 2e95c6e1d4..ed777bf505 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java @@ -82,36 +82,36 @@ public class LogoutConfigurerTests { @Test public void configureWhenDefaultLogoutSuccessHandlerForHasNullLogoutHandlerThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(NullLogoutSuccessHandlerConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(NullLogoutSuccessHandlerConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } @Test public void configureWhenDefaultLogoutSuccessHandlerForHasNullLogoutHandlerInLambdaThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(NullLogoutSuccessHandlerInLambdaConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(NullLogoutSuccessHandlerInLambdaConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } @Test public void configureWhenDefaultLogoutSuccessHandlerForHasNullMatcherThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(NullMatcherConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(NullMatcherConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } @Test public void configureWhenDefaultLogoutSuccessHandlerForHasNullMatcherInLambdaThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(NullMatcherInLambdaConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(NullMatcherInLambdaConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } @Test public void configureWhenRegisteringObjectPostProcessorThenInvokedOnLogoutFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); ObjectPostProcessor objectPostProcessor = this.spring.getContext() - .getBean(ObjectPostProcessor.class); + .getBean(ObjectPostProcessor.class); verify(objectPostProcessor).postProcess(any(LogoutFilter.class)); } @@ -221,23 +221,24 @@ public class LogoutConfigurerTests { @Test public void configureWhenLogoutHandlerNullThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(NullLogoutHandlerConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(NullLogoutHandlerConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } @Test public void configureWhenLogoutHandlerNullInLambdaThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(NullLogoutHandlerInLambdaConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.register(NullLogoutHandlerInLambdaConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } // SEC-3170 @Test public void rememberMeWhenRememberMeServicesNotLogoutHandlerThenRedirectsToLogin() throws Exception { this.spring.register(RememberMeNoLogoutHandler.class).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(status().isFound()) - .andExpect(redirectedUrl("/login?logout")); + this.mvc.perform(post("/logout").with(csrf())) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("/login?logout")); } @Test diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java index b38c450401..a84ab1b81f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java @@ -198,9 +198,10 @@ public class NamespaceHttpAnonymousTests { } Optional anonymousToken() { - return Optional.of(SecurityContextHolder.getContext()).map(SecurityContext::getAuthentication) - .filter((a) -> a instanceof AnonymousAuthenticationToken) - .map(AnonymousAuthenticationToken.class::cast); + return Optional.of(SecurityContextHolder.getContext()) + .map(SecurityContext::getAuthentication) + .filter((a) -> a instanceof AnonymousAuthenticationToken) + .map(AnonymousAuthenticationToken.class::cast); } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java index b66fa2de26..2e61977983 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java @@ -124,7 +124,7 @@ public class NamespaceHttpBasicTests { public void basicAuthenticationWhenUsingAuthenticationDetailsSourceRefThenMatchesNamespace() throws Exception { this.spring.register(AuthenticationDetailsSourceHttpBasicConfig.class, UserConfig.class).autowire(); AuthenticationDetailsSource source = this.spring.getContext() - .getBean(AuthenticationDetailsSource.class); + .getBean(AuthenticationDetailsSource.class); this.mvc.perform(get("/").with(httpBasic("user", "password"))); verify(source).buildDetails(any(HttpServletRequest.class)); } @@ -134,7 +134,7 @@ public class NamespaceHttpBasicTests { throws Exception { this.spring.register(AuthenticationDetailsSourceHttpBasicLambdaConfig.class, UserConfig.class).autowire(); AuthenticationDetailsSource source = this.spring.getContext() - .getBean(AuthenticationDetailsSource.class); + .getBean(AuthenticationDetailsSource.class); this.mvc.perform(get("/").with(httpBasic("user", "password"))); verify(source).buildDetails(any(HttpServletRequest.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java index cb0d6cc089..44d8c16746 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java @@ -94,8 +94,10 @@ public class NamespaceHttpCustomFilterTests { private ListAssert> assertThatFilters() { FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class); - List> filters = filterChain.getFilters("/").stream().map(Object::getClass) - .collect(Collectors.toList()); + List> filters = filterChain.getFilters("/") + .stream() + .map(Object::getClass) + .collect(Collectors.toList()); return assertThat(filters); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java index a2f2cbbde0..64dd2661b0 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFirewallTests.java @@ -56,21 +56,21 @@ public class NamespaceHttpFirewallTests { public void requestWhenPathContainsDoubleDotsThenBehaviorMatchesNamespace() { this.rule.register(HttpFirewallConfig.class).autowire(); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.mvc.perform(get("/public/../private/"))); + .isThrownBy(() -> this.mvc.perform(get("/public/../private/"))); } @Test public void requestWithCustomFirewallThenBehaviorMatchesNamespace() { this.rule.register(CustomHttpFirewallConfig.class).autowire(); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.mvc.perform(get("/").param("deny", "true"))); + .isThrownBy(() -> this.mvc.perform(get("/").param("deny", "true"))); } @Test public void requestWithCustomFirewallBeanThenBehaviorMatchesNamespace() { this.rule.register(CustomHttpFirewallBeanConfig.class).autowire(); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.mvc.perform(get("/").param("deny", "true"))); + .isThrownBy(() -> this.mvc.perform(get("/").param("deny", "true"))); } @EnableWebSecurity diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java index 90d8a2a6ed..d3ab6aef48 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java @@ -81,7 +81,7 @@ public class NamespaceHttpFormLoginTests { this.spring.register(FormLoginCustomConfig.class, UserDetailsServiceConfig.class).autowire(); this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/authentication/login")); this.mvc.perform(post("/authentication/login/process").with(csrf())) - .andExpect(redirectedUrl("/authentication/login?failed")); + .andExpect(redirectedUrl("/authentication/login?failed")); // @formatter:off MockHttpServletRequestBuilder request = post("/authentication/login/process") .param("username", "user") diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java index 76e2088eb1..fb7a6cd7f7 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java @@ -89,7 +89,7 @@ public class NamespaceHttpHeadersTests { public void requestWhenHstsCustomThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HstsCustomConfig.class).autowire(); this.mvc.perform(get("/")) - .andExpect(includes(Collections.singletonMap("Strict-Transport-Security", "max-age=15768000"))); + .andExpect(includes(Collections.singletonMap("Strict-Transport-Security", "max-age=15768000"))); } @Test @@ -102,7 +102,7 @@ public class NamespaceHttpHeadersTests { public void requestWhenFrameOptionsAllowFromThenBehaviorMatchesNamespace() throws Exception { this.spring.register(FrameOptionsAllowFromConfig.class).autowire(); this.mvc.perform(get("/")) - .andExpect(includes(Collections.singletonMap("X-Frame-Options", "ALLOW-FROM https://example.com"))); + .andExpect(includes(Collections.singletonMap("X-Frame-Options", "ALLOW-FROM https://example.com"))); } @Test @@ -127,7 +127,7 @@ public class NamespaceHttpHeadersTests { public void requestWhenCustomHeaderOnlyThenBehaviorMatchesNamespace() throws Exception { this.spring.register(HeaderRefConfig.class).autowire(); this.mvc.perform(get("/")) - .andExpect(includes(Collections.singletonMap("customHeaderName", "customHeaderValue"))); + .andExpect(includes(Collections.singletonMap("customHeaderName", "customHeaderValue"))); } private static ResultMatcher includesDefaults() { diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java index 4301210456..66ec960e21 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java @@ -87,7 +87,7 @@ public class NamespaceHttpInterceptUrlTests { MockHttpServletRequestBuilder postWithUser = post("/admin/post").with(authentication(user("ROLE_USER"))); this.mvc.perform(postWithUser).andExpect(status().isForbidden()); MockHttpServletRequestBuilder requestWithAdmin = post("/admin/post").with(csrf()) - .with(authentication(user("ROLE_ADMIN"))); + .with(authentication(user("ROLE_ADMIN"))); this.mvc.perform(requestWithAdmin).andExpect(status().isOk()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java index ae847aa25d..3b62b59747 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java @@ -81,8 +81,9 @@ public class NamespaceHttpJeeTests { User result = new User(user.getName(), "N/A", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_user")); given(bean(AuthenticationUserDetailsService.class).loadUserDetails(any())).willReturn(result); - this.mvc.perform(get("/roles").principal(user)).andExpect(status().isOk()) - .andExpect(content().string("ROLE_user")); + this.mvc.perform(get("/roles").principal(user)) + .andExpect(status().isOk()) + .andExpect(content().string("ROLE_user")); verifyBean(AuthenticationUserDetailsService.class).loadUserDetails(any()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java index a5d1884b29..bd4fdfd915 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java @@ -151,7 +151,8 @@ public class NamespaceHttpLogoutTests { ResultMatcher authenticated(boolean authenticated) { return (result) -> assertThat(Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication()) - .map(Authentication::isAuthenticated).orElse(false)).isEqualTo(authenticated); + .map(Authentication::isAuthenticated) + .orElse(false)).isEqualTo(authenticated); } ResultMatcher noCookies() { @@ -160,7 +161,7 @@ public class NamespaceHttpLogoutTests { ResultMatcher session(Predicate sessionPredicate) { return (result) -> assertThat(result.getRequest().getSession(false)) - .is(new Condition<>(sessionPredicate, "sessionPredicate failed")); + .is(new Condition<>(sessionPredicate, "sessionPredicate failed")); } @EnableWebSecurity diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java index d57a9ab8bf..f06d9a5538 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java @@ -102,31 +102,40 @@ public class NamespaceHttpOpenIDLoginTests { DiscoveryInformation mockDiscoveryInformation = mock(DiscoveryInformation.class); given(mockAuthRequest.getDestinationUrl(anyBoolean())).willReturn("mockUrl"); given(OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER.associate(any())) - .willReturn(mockDiscoveryInformation); + .willReturn(mockDiscoveryInformation); given(OpenIDLoginAttributeExchangeConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(), - any())).willReturn(mockAuthRequest); + any())) + .willReturn(mockAuthRequest); this.spring.register(OpenIDLoginAttributeExchangeConfig.class).autowire(); try (MockWebServer server = new MockWebServer()) { String endpoint = server.url("/").toString(); server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint)); server.enqueue(new MockResponse() - .setBody(String.format("%s", endpoint))); - MvcResult mvcResult = this.mvc.perform(get("/login/openid") - .param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "https://www.google.com/1")) - .andExpect(status().isFound()).andReturn(); - Object attributeObject = mvcResult.getRequest().getSession() - .getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"); + .setBody(String.format("%s", endpoint))); + MvcResult mvcResult = this.mvc + .perform(get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, + "https://www.google.com/1")) + .andExpect(status().isFound()) + .andReturn(); + Object attributeObject = mvcResult.getRequest() + .getSession() + .getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"); assertThat(attributeObject).isInstanceOf(List.class); List attributeList = (List) attributeObject; - assertThat(attributeList.stream().anyMatch((attribute) -> "firstname".equals(attribute.getName()) - && "https://axschema.org/namePerson/first".equals(attribute.getType()) && attribute.isRequired())) - .isTrue(); - assertThat(attributeList.stream().anyMatch((attribute) -> "lastname".equals(attribute.getName()) - && "https://axschema.org/namePerson/last".equals(attribute.getType()) && attribute.isRequired())) - .isTrue(); - assertThat(attributeList.stream().anyMatch((attribute) -> "email".equals(attribute.getName()) - && "https://axschema.org/contact/email".equals(attribute.getType()) && attribute.isRequired())) - .isTrue(); + assertThat(attributeList.stream() + .anyMatch((attribute) -> "firstname".equals(attribute.getName()) + && "https://axschema.org/namePerson/first".equals(attribute.getType()) + && attribute.isRequired())) + .isTrue(); + assertThat(attributeList.stream() + .anyMatch((attribute) -> "lastname".equals(attribute.getName()) + && "https://axschema.org/namePerson/last".equals(attribute.getType()) + && attribute.isRequired())) + .isTrue(); + assertThat(attributeList.stream() + .anyMatch((attribute) -> "email".equals(attribute.getName()) + && "https://axschema.org/contact/email".equals(attribute.getType()) && attribute.isRequired())) + .isTrue(); } } @@ -135,7 +144,7 @@ public class NamespaceHttpOpenIDLoginTests { this.spring.register(OpenIDLoginCustomConfig.class).autowire(); this.mvc.perform(get("/")).andExpect(redirectedUrl("http://localhost/authentication/login")); this.mvc.perform(post("/authentication/login/process").with(csrf())) - .andExpect(redirectedUrl("/authentication/login?failed")); + .andExpect(redirectedUrl("/authentication/login?failed")); } @Test @@ -149,7 +158,7 @@ public class NamespaceHttpOpenIDLoginTests { OpenIDLoginCustomRefsConfig.CONSUMER = mock(OpenIDConsumer.class); this.spring.register(OpenIDLoginCustomRefsConfig.class, UserDetailsServiceConfig.class).autowire(); given(OpenIDLoginCustomRefsConfig.CONSUMER.endConsumption(any(HttpServletRequest.class))) - .willThrow(new AuthenticationServiceException("boom")); + .willThrow(new AuthenticationServiceException("boom")); // @formatter:off MockHttpServletRequestBuilder login = post("/login/openid") .with(csrf()) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java index ed29351b54..90897caf0b 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java @@ -52,7 +52,7 @@ public class NamespaceHttpPortMappingsTests { this.spring.register(HttpInterceptUrlWithPortMapperConfig.class).autowire(); this.mvc.perform(get("http://localhost:9080/login")).andExpect(redirectedUrl("https://localhost:9443/login")); this.mvc.perform(get("http://localhost:9080/secured/a")) - .andExpect(redirectedUrl("https://localhost:9443/secured/a")); + .andExpect(redirectedUrl("https://localhost:9443/secured/a")); this.mvc.perform(get("https://localhost:9443/user")).andExpect(redirectedUrl("http://localhost:9080/user")); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java index 1a6ffbce86..4f944a0638 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java @@ -88,7 +88,7 @@ public class NamespaceRememberMeTests { Cookie rememberMe = result.getResponse().getCookie("remember-me"); assertThat(rememberMe).isNotNull(); this.mvc.perform(get("/authentication-class").cookie(rememberMe)) - .andExpect(content().string(RememberMeAuthenticationToken.class.getName())); + .andExpect(content().string(RememberMeAuthenticationToken.class.getName())); // @formatter:off MockHttpServletRequestBuilder logoutRequest = post("/logout") .with(csrf()) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java index c88a240965..ee6025f31f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java @@ -83,7 +83,7 @@ public class NamespaceSessionManagementTests { @Test public void authenticateWhenDefaultSessionManagementThenMatchesNamespace() throws Exception { this.spring.register(SessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) - .autowire(); + .autowire(); MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); MockHttpServletRequestBuilder request = get("/auth").session(session).with(httpBasic("user", "password")); @@ -120,16 +120,16 @@ public class NamespaceSessionManagementTests { @Test public void authenticateWhenUsingMaxSessionsThenMatchesNamespace() throws Exception { this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) - .autowire(); + .autowire(); this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(status().isOk()); this.mvc.perform(get("/auth").with(httpBasic("user", "password"))) - .andExpect(redirectedUrl("/session-auth-error")); + .andExpect(redirectedUrl("/session-auth-error")); } @Test public void authenticateWhenUsingFailureUrlThenMatchesNamespace() throws Exception { this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) - .autowire(); + .autowire(); MockHttpServletRequest mock = spy(MockHttpServletRequest.class); mock.setSession(new MockHttpSession()); given(mock.changeSessionId()).willThrow(SessionAuthenticationException.class); @@ -145,7 +145,7 @@ public class NamespaceSessionManagementTests { @Test public void authenticateWhenUsingSessionRegistryThenMatchesNamespace() throws Exception { this.spring.register(CustomSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) - .autowire(); + .autowire(); SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class); MockHttpServletRequestBuilder request = get("/auth").with(httpBasic("user", "password")); this.mvc.perform(request).andExpect(status().isOk()); @@ -169,7 +169,7 @@ public class NamespaceSessionManagementTests { @Test public void authenticateWhenUsingCustomSessionAuthenticationStrategyThenMatchesNamespace() throws Exception { this.spring.register(RefsSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) - .autowire(); + .autowire(); MockHttpServletRequestBuilder request = get("/auth").with(httpBasic("user", "password")); this.mvc.perform(request).andExpect(status().isOk()); verifyBean(SessionAuthenticationStrategy.class).onAuthentication(any(Authentication.class), @@ -179,8 +179,8 @@ public class NamespaceSessionManagementTests { @Test public void authenticateWhenNoSessionFixationProtectionThenMatchesNamespace() throws Exception { this.spring - .register(SFPNoneSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) - .autowire(); + .register(SFPNoneSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) + .autowire(); MockHttpSession givenSession = new MockHttpSession(); String givenSessionId = givenSession.getId(); // @formatter:off @@ -198,8 +198,9 @@ public class NamespaceSessionManagementTests { @Test public void authenticateWhenMigrateSessionFixationProtectionThenMatchesNamespace() throws Exception { - this.spring.register(SFPMigrateSessionManagementConfig.class, BasicController.class, - UserDetailsServiceConfig.class).autowire(); + this.spring + .register(SFPMigrateSessionManagementConfig.class, BasicController.class, UserDetailsServiceConfig.class) + .autowire(); MockHttpSession givenSession = new MockHttpSession(); String givenSessionId = givenSession.getId(); givenSession.setAttribute("name", "value"); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PasswordManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PasswordManagementConfigurerTests.java index e5aadfbc3f..ad4adea85b 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PasswordManagementConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PasswordManagementConfigurerTests.java @@ -51,37 +51,39 @@ public class PasswordManagementConfigurerTests { public void whenChangePasswordPageNotSetThenDefaultChangePasswordPageUsed() throws Exception { this.spring.register(PasswordManagementWithDefaultChangePasswordPageConfig.class).autowire(); - this.mvc.perform(get("/.well-known/change-password")).andExpect(status().isFound()) - .andExpect(redirectedUrl("/change-password")); + this.mvc.perform(get("/.well-known/change-password")) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("/change-password")); } @Test public void whenChangePasswordPageSetThenSpecifiedChangePasswordPageUsed() throws Exception { this.spring.register(PasswordManagementWithCustomChangePasswordPageConfig.class).autowire(); - this.mvc.perform(get("/.well-known/change-password")).andExpect(status().isFound()) - .andExpect(redirectedUrl("/custom-change-password-page")); + this.mvc.perform(get("/.well-known/change-password")) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("/custom-change-password-page")); } @Test public void whenSettingNullChangePasswordPage() { PasswordManagementConfigurer configurer = new PasswordManagementConfigurer(); assertThatIllegalArgumentException().isThrownBy(() -> configurer.changePasswordPage(null)) - .withMessage("changePasswordPage cannot be empty"); + .withMessage("changePasswordPage cannot be empty"); } @Test public void whenSettingEmptyChangePasswordPage() { PasswordManagementConfigurer configurer = new PasswordManagementConfigurer(); assertThatIllegalArgumentException().isThrownBy(() -> configurer.changePasswordPage("")) - .withMessage("changePasswordPage cannot be empty"); + .withMessage("changePasswordPage cannot be empty"); } @Test public void whenSettingBlankChangePasswordPage() { PasswordManagementConfigurer configurer = new PasswordManagementConfigurer(); assertThatIllegalArgumentException().isThrownBy(() -> configurer.changePasswordPage(" ")) - .withMessage("changePasswordPage cannot be empty"); + .withMessage("changePasswordPage cannot be empty"); } @EnableWebSecurity diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java index 9a5174f810..aee6d5217c 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java @@ -77,16 +77,17 @@ public class PermitAllSupportTests { @Test public void configureWhenNotAuthorizeRequestsThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(NoAuthorizedUrlsConfig.class).autowire()).withMessageContaining( - "permitAll only works with either HttpSecurity.authorizeRequests() or HttpSecurity.authorizeHttpRequests()"); + .isThrownBy(() -> this.spring.register(NoAuthorizedUrlsConfig.class).autowire()) + .withMessageContaining( + "permitAll only works with either HttpSecurity.authorizeRequests() or HttpSecurity.authorizeHttpRequests()"); } @Test public void configureWhenBothAuthorizeRequestsAndAuthorizeHttpRequestsThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(PermitAllConfigWithBothConfigs.class).autowire()) - .withMessageContaining( - "permitAll only works with either HttpSecurity.authorizeRequests() or HttpSecurity.authorizeHttpRequests()"); + .isThrownBy(() -> this.spring.register(PermitAllConfigWithBothConfigs.class).autowire()) + .withMessageContaining( + "permitAll only works with either HttpSecurity.authorizeRequests() or HttpSecurity.authorizeHttpRequests()"); } @EnableWebSecurity diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java index 705fb1a0d2..842bdc0f96 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java @@ -112,13 +112,13 @@ public class RememberMeConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnRememberMeAuthenticationFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); verify(this.spring.getContext().getBean(ObjectPostProcessor.class)) - .postProcess(any(RememberMeAuthenticationFilter.class)); + .postProcess(any(RememberMeAuthenticationFilter.class)); } @Test public void rememberMeWhenInvokedTwiceThenUsesOriginalUserDetailsService() throws Exception { given(DuplicateDoesNotOverrideConfig.userDetailsService.loadUserByUsername(anyString())) - .willReturn(new User("user", "password", Collections.emptyList())); + .willReturn(new User("user", "password", Collections.emptyList())); this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire(); // @formatter:off MockHttpServletRequestBuilder request = get("/") @@ -132,8 +132,12 @@ public class RememberMeConfigurerTests { @Test public void rememberMeWhenUserDetailsServiceNotConfiguredThenUsesBean() throws Exception { this.spring.register(UserDetailsServiceBeanConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user") - .param("password", "password").param("remember-me", "true")).andReturn(); + MvcResult mvcResult = this.mvc + .perform(post("/login").with(csrf()) + .param("username", "user") + .param("password", "password") + .param("remember-me", "true")) + .andReturn(); Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me"); // @formatter:off MockHttpServletRequestBuilder request = get("/abc").cookie(rememberMeCookie); @@ -146,8 +150,12 @@ public class RememberMeConfigurerTests { @Test public void rememberMeWhenCustomSecurityContextHolderStrategyThenUses() throws Exception { this.spring.register(UserDetailsServiceBeanConfig.class, SecurityContextChangedListenerConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user") - .param("password", "password").param("remember-me", "true")).andReturn(); + MvcResult mvcResult = this.mvc + .perform(post("/login").with(csrf()) + .param("username", "user") + .param("password", "password") + .param("remember-me", "true")) + .andReturn(); Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me"); // @formatter:off MockHttpServletRequestBuilder request = get("/abc").cookie(rememberMeCookie); @@ -174,8 +182,12 @@ public class RememberMeConfigurerTests { @Test public void getWhenRememberMeCookieThenAuthenticationIsRememberMeAuthenticationToken() throws Exception { this.spring.register(RememberMeConfig.class).autowire(); - MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user") - .param("password", "password").param("remember-me", "true")).andReturn(); + MvcResult mvcResult = this.mvc + .perform(post("/login").with(csrf()) + .param("username", "user") + .param("password", "password") + .param("remember-me", "true")) + .andReturn(); Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me"); // @formatter:off MockHttpServletRequestBuilder request = get("/abc").cookie(rememberMeCookie); @@ -284,10 +296,9 @@ public class RememberMeConfigurerTests { @Test public void configureWhenRememberMeCookieNameAndRememberMeServicesThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy( - () -> this.spring.register(RememberMeCookieNameAndRememberMeServicesConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class) - .withMessageContaining("Can not set rememberMeCookieName and custom rememberMeServices."); + .isThrownBy(() -> this.spring.register(RememberMeCookieNameAndRememberMeServicesConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class) + .withMessageContaining("Can not set rememberMeCookieName and custom rememberMeServices."); } @Test @@ -315,8 +326,12 @@ public class RememberMeConfigurerTests { public void getWhenCustomSecurityContextRepositoryThenUses() throws Exception { this.spring.register(SecurityContextRepositoryConfig.class).autowire(); SecurityContextRepository repository = this.spring.getContext().getBean(SecurityContextRepository.class); - MvcResult mvcResult = this.mvc.perform(post("/login").with(csrf()).param("username", "user") - .param("password", "password").param("remember-me", "true")).andReturn(); + MvcResult mvcResult = this.mvc + .perform(post("/login").with(csrf()) + .param("username", "user") + .param("password", "password") + .param("remember-me", "true")) + .andReturn(); Cookie rememberMeCookie = mvcResult.getResponse().getCookie("remember-me"); reset(repository); // @formatter:off diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java index c3a38ef24d..42c9cbaf86 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java @@ -227,8 +227,9 @@ public class RequestCacheConfigurerTests { // gh-6102 @Test public void getWhenRequestCacheIsDisabledThenExceptionTranslationFilterDoesNotStoreRequest() throws Exception { - this.spring.register(RequestCacheDisabledConfig.class, - ExceptionHandlingConfigurerTests.DefaultSecurityConfig.class).autowire(); + this.spring + .register(RequestCacheDisabledConfig.class, ExceptionHandlingConfigurerTests.DefaultSecurityConfig.class) + .autowire(); // @formatter:off MockHttpSession session = (MockHttpSession) this.mvc.perform(get("/bob")) .andReturn() diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java index 263f3922d4..20201abf9c 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java @@ -82,7 +82,7 @@ public class SecurityContextConfigurerTests { public void securityContextWhenInvokedTwiceThenUsesOriginalSecurityContextRepository() throws Exception { this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire(); given(DuplicateDoesNotOverrideConfig.SCR.loadContext(any(HttpRequestResponseHolder.class))) - .willReturn(mock(SecurityContext.class)); + .willReturn(mock(SecurityContext.class)); this.mvc.perform(get("/")); verify(DuplicateDoesNotOverrideConfig.SCR).loadContext(any(HttpRequestResponseHolder.class)); } @@ -135,7 +135,7 @@ public class SecurityContextConfigurerTests { // @formatter:on MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn(); SecurityContext securityContext = repository - .loadContext(new HttpRequestResponseHolder(mvcResult.getRequest(), mvcResult.getResponse())); + .loadContext(new HttpRequestResponseHolder(mvcResult.getRequest(), mvcResult.getResponse())); assertThat(securityContext.getAuthentication()).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java index f86916d26a..4b7173ac0b 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java @@ -92,7 +92,7 @@ public class ServletApiConfigurerTests { public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSecurityContextHolderAwareRequestFilter() { this.spring.register(ObjectPostProcessorConfig.class).autowire(); verify(ObjectPostProcessorConfig.objectPostProcessor) - .postProcess(any(SecurityContextHolderAwareRequestFilter.class)); + .postProcess(any(SecurityContextHolderAwareRequestFilter.class)); } // SEC-2215 @@ -153,7 +153,7 @@ public class ServletApiConfigurerTests { public void requestWhenServletApiWithDefaultsInLambdaThenUsesDefaultRolePrefix() throws Exception { this.spring.register(ServletApiWithDefaultsInLambdaConfig.class, AdminController.class).autowire(); MockHttpServletRequestBuilder request = get("/admin") - .with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))); + .with(user("user").authorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN"))); this.mvc.perform(request).andExpect(status().isOk()); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java index 1b68b8a866..7ee517d1dd 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java @@ -55,8 +55,8 @@ public class SessionManagementConfigurerSessionAuthenticationStrategyTests { public void requestWhenCustomSessionAuthenticationStrategyProvidedThenCalled() throws Exception { this.spring.register(CustomSessionAuthenticationStrategyConfig.class).autowire(); this.mvc.perform(formLogin().user("user").password("password")); - verify(CustomSessionAuthenticationStrategyConfig.customSessionAuthenticationStrategy).onAuthentication( - any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); + verify(CustomSessionAuthenticationStrategyConfig.customSessionAuthenticationStrategy) + .onAuthentication(any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @EnableWebSecurity diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java index ef1645da99..ab9f31ebaa 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java @@ -102,11 +102,11 @@ public class SessionManagementConfigurerTests { public void sessionManagementWhenConfiguredThenDoesNotOverrideSecurityContextRepository() throws Exception { SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO = mock(SecurityContextRepository.class); given(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO - .loadContext(any(HttpRequestResponseHolder.class))).willReturn(mock(SecurityContext.class)); + .loadContext(any(HttpRequestResponseHolder.class))).willReturn(mock(SecurityContext.class)); this.spring.register(SessionManagementSecurityContextRepositoryConfig.class).autowire(); this.mvc.perform(get("/")); verify(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO) - .saveContext(any(SecurityContext.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); + .saveContext(any(SecurityContext.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @Test @@ -246,7 +246,7 @@ public class SessionManagementConfigurerTests { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); verify(ObjectPostProcessorConfig.objectPostProcessor) - .postProcess(any(ConcurrentSessionControlAuthenticationStrategy.class)); + .postProcess(any(ConcurrentSessionControlAuthenticationStrategy.class)); } @Test @@ -254,7 +254,7 @@ public class SessionManagementConfigurerTests { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); verify(ObjectPostProcessorConfig.objectPostProcessor) - .postProcess(any(CompositeSessionAuthenticationStrategy.class)); + .postProcess(any(CompositeSessionAuthenticationStrategy.class)); } @Test @@ -262,7 +262,7 @@ public class SessionManagementConfigurerTests { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); verify(ObjectPostProcessorConfig.objectPostProcessor) - .postProcess(any(RegisterSessionAuthenticationStrategy.class)); + .postProcess(any(RegisterSessionAuthenticationStrategy.class)); } @Test @@ -270,7 +270,7 @@ public class SessionManagementConfigurerTests { ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(ObjectPostProcessorConfig.class).autowire(); verify(ObjectPostProcessorConfig.objectPostProcessor) - .postProcess(any(ChangeSessionIdAuthenticationStrategy.class)); + .postProcess(any(ChangeSessionIdAuthenticationStrategy.class)); } @Test diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java index b7f310aa44..4f02aa624b 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java @@ -287,8 +287,11 @@ public class UrlAuthorizationConfigurerTests { @Bean UserDetailsService userDetailsService() { - UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER") - .build(); + UserDetails user = User.withDefaultPasswordEncoder() + .username("user") + .password("password") + .roles("USER") + .build(); return new InMemoryUserDetailsManager(user); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java index e854043774..19f9e5b2e6 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java @@ -156,7 +156,8 @@ public class UrlAuthorizationsTests { protected void configure(HttpSecurity http) throws Exception { ApplicationContext context = getApplicationContext(); UrlAuthorizationConfigurer.StandardInterceptUrlRegistry registry = http - .apply(new UrlAuthorizationConfigurer(context)).getRegistry(); + .apply(new UrlAuthorizationConfigurer(context)) + .getRegistry(); // @formatter:off registry .antMatchers("/a").hasRole("ADMIN") diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java index b32dbc344f..25432902d5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java @@ -107,7 +107,7 @@ public class X509ConfigurerTests { SecurityContextHolderStrategy strategy = this.spring.getContext().getBean(SecurityContextHolderStrategy.class); verify(strategy, atLeastOnce()).getContext(); SecurityContextChangedListener listener = this.spring.getContext() - .getBean(SecurityContextChangedListener.class); + .getBean(SecurityContextChangedListener.class); verify(listener).securityContextChanged(setAuthentication(PreAuthenticatedAuthenticationToken.class)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java index 44fb7b7faf..01607bd0d8 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java @@ -138,10 +138,12 @@ public class OAuth2ClientConfigurerTests { "/oauth2/authorization"); authorizationRedirectStrategy = new DefaultRedirectStrategy(); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") - .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(300).build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .expiresIn(300) + .build(); accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class); given(accessTokenResponseClient.getTokenResponse(any(OAuth2AuthorizationCodeGrantRequest.class))) - .willReturn(accessTokenResponse); + .willReturn(accessTokenResponse); requestCache = mock(RequestCache.class); } @@ -161,10 +163,11 @@ public class OAuth2ClientConfigurerTests { public void configureWhenOauth2ClientInLambdaThenRedirectForAuthorization() throws Exception { this.spring.register(OAuth2ClientInLambdaConfig.class).autowire(); MvcResult mvcResult = this.mockMvc.perform(get("/oauth2/authorization/registration-1")) - .andExpect(status().is3xxRedirection()).andReturn(); + .andExpect(status().is3xxRedirection()) + .andReturn(); assertThat(mvcResult.getResponse().getRedirectedUrl()) - .matches("https://provider.com/oauth2/authorize\\?" + "response_type=code&client_id=client-1&" - + "scope=user&state=.{15,}&" + "redirect_uri=http://localhost/client-1"); + .matches("https://provider.com/oauth2/authorize\\?" + "response_type=code&client_id=client-1&" + + "scope=user&state=.{15,}&" + "redirect_uri=http://localhost/client-1"); } @Test @@ -200,7 +203,7 @@ public class OAuth2ClientConfigurerTests { .andExpect(redirectedUrl("http://localhost/client-1")); // @formatter:on OAuth2AuthorizedClient authorizedClient = authorizedClientRepository - .loadAuthorizedClient(this.registration1.getRegistrationId(), authentication, request); + .loadAuthorizedClient(this.registration1.getRegistrationId(), authentication, request); assertThat(authorizedClient).isNotNull(); } @@ -209,10 +212,11 @@ public class OAuth2ClientConfigurerTests { throws Exception { this.spring.register(OAuth2ClientConfig.class).autowire(); MvcResult mvcResult = this.mockMvc.perform(get("/resource1").with(user("user1"))) - .andExpect(status().is3xxRedirection()).andReturn(); + .andExpect(status().is3xxRedirection()) + .andReturn(); assertThat(mvcResult.getResponse().getRedirectedUrl()) - .matches("https://provider.com/oauth2/authorize\\?" + "response_type=code&client_id=client-1&" - + "scope=user&state=.{15,}&" + "redirect_uri=http://localhost/client-1"); + .matches("https://provider.com/oauth2/authorize\\?" + "response_type=code&client_id=client-1&" + + "scope=user&state=.{15,}&" + "redirect_uri=http://localhost/client-1"); verify(requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -258,7 +262,7 @@ public class OAuth2ClientConfigurerTests { OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = authorizationRequestResolver; authorizationRequestResolver = mock(OAuth2AuthorizationRequestResolver.class); given(authorizationRequestResolver.resolve(any())) - .willAnswer((invocation) -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0))); + .willAnswer((invocation) -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0))); this.spring.register(OAuth2ClientConfig.class).autowire(); // @formatter:off this.mockMvc.perform(get("/oauth2/authorization/registration-1")) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java index 7b14185467..2a9fab1e04 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java @@ -196,10 +196,12 @@ public class OAuth2LoginConfigurerTests { this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)) + .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(1); - assertThat(authentication.getAuthorities()).first().isInstanceOf(OAuth2UserAuthority.class) - .hasToString("ROLE_USER"); + assertThat(authentication.getAuthorities()).first() + .isInstanceOf(OAuth2UserAuthority.class) + .hasToString("ROLE_USER"); } @Test @@ -211,10 +213,12 @@ public class OAuth2LoginConfigurerTests { this.request.setParameter("state", authorizationRequest.getState()); this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); Authentication authentication = this.securityContextRepository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)) + .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(1); - assertThat(authentication.getAuthorities()).first().isInstanceOf(OAuth2UserAuthority.class) - .hasToString("ROLE_USER"); + assertThat(authentication.getAuthorities()).first() + .isInstanceOf(OAuth2UserAuthority.class) + .hasToString("ROLE_USER"); SecurityContextHolderStrategy strategy = this.context.getBean(SecurityContextHolderStrategy.class); verify(strategy, atLeastOnce()).getContext(); SecurityContextChangedListener listener = this.context.getBean(SecurityContextChangedListener.class); @@ -230,10 +234,12 @@ public class OAuth2LoginConfigurerTests { this.request.setParameter("state", authorizationRequest.getState()); this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); Authentication authentication = this.securityContextRepository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)) + .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(1); - assertThat(authentication.getAuthorities()).first().isInstanceOf(OAuth2UserAuthority.class) - .hasToString("ROLE_USER"); + assertThat(authentication.getAuthorities()).first() + .isInstanceOf(OAuth2UserAuthority.class) + .hasToString("ROLE_USER"); } // gh-6009 @@ -269,7 +275,8 @@ public class OAuth2LoginConfigurerTests { this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)) + .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(2); assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER"); assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OAUTH2_USER"); @@ -289,7 +296,8 @@ public class OAuth2LoginConfigurerTests { this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)) + .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(2); assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER"); assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OAUTH2_USER"); @@ -309,7 +317,8 @@ public class OAuth2LoginConfigurerTests { this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)) + .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(2); assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER"); assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OAUTH2_USER"); @@ -331,10 +340,12 @@ public class OAuth2LoginConfigurerTests { this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)) + .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(1); - assertThat(authentication.getAuthorities()).first().isInstanceOf(OAuth2UserAuthority.class) - .hasToString("ROLE_USER"); + assertThat(authentication.getAuthorities()).first() + .isInstanceOf(OAuth2UserAuthority.class) + .hasToString("ROLE_USER"); } // gh-5521 @@ -342,7 +353,7 @@ public class OAuth2LoginConfigurerTests { public void oauth2LoginWithCustomAuthorizationRequestParameters() throws Exception { loadConfig(OAuth2LoginConfigCustomAuthorizationRequestResolver.class); OAuth2AuthorizationRequestResolver resolver = this.context - .getBean(OAuth2LoginConfigCustomAuthorizationRequestResolver.class).resolver; + .getBean(OAuth2LoginConfigCustomAuthorizationRequestResolver.class).resolver; // @formatter:off OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri("https://accounts.google.com/authorize") @@ -366,7 +377,7 @@ public class OAuth2LoginConfigurerTests { throws Exception { loadConfig(OAuth2LoginConfigCustomAuthorizationRequestResolverInLambda.class); OAuth2AuthorizationRequestResolver resolver = this.context - .getBean(OAuth2LoginConfigCustomAuthorizationRequestResolverInLambda.class).resolver; + .getBean(OAuth2LoginConfigCustomAuthorizationRequestResolverInLambda.class).resolver; // @formatter:off OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri("https://accounts.google.com/authorize") @@ -390,7 +401,7 @@ public class OAuth2LoginConfigurerTests { throws Exception { loadConfig(OAuth2LoginConfigCustomAuthorizationRedirectStrategy.class); RedirectStrategy redirectStrategy = this.context - .getBean(OAuth2LoginConfigCustomAuthorizationRedirectStrategy.class).redirectStrategy; + .getBean(OAuth2LoginConfigCustomAuthorizationRedirectStrategy.class).redirectStrategy; String requestUri = "/oauth2/authorization/google"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); @@ -403,7 +414,7 @@ public class OAuth2LoginConfigurerTests { throws Exception { loadConfig(OAuth2LoginConfigCustomAuthorizationRedirectStrategyInLambda.class); RedirectStrategy redirectStrategy = this.context - .getBean(OAuth2LoginConfigCustomAuthorizationRedirectStrategyInLambda.class).redirectStrategy; + .getBean(OAuth2LoginConfigCustomAuthorizationRedirectStrategyInLambda.class).redirectStrategy; String requestUri = "/oauth2/authorization/google"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); @@ -540,10 +551,12 @@ public class OAuth2LoginConfigurerTests { this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)) + .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(1); - assertThat(authentication.getAuthorities()).first().isInstanceOf(OidcUserAuthority.class) - .hasToString("ROLE_USER"); + assertThat(authentication.getAuthorities()).first() + .isInstanceOf(OidcUserAuthority.class) + .hasToString("ROLE_USER"); } @Test @@ -560,10 +573,12 @@ public class OAuth2LoginConfigurerTests { this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)) + .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(1); - assertThat(authentication.getAuthorities()).first().isInstanceOf(OidcUserAuthority.class) - .hasToString("ROLE_USER"); + assertThat(authentication.getAuthorities()).first() + .isInstanceOf(OidcUserAuthority.class) + .hasToString("ROLE_USER"); } @Test @@ -580,7 +595,8 @@ public class OAuth2LoginConfigurerTests { this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)) + .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(2); assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER"); assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OIDC_USER"); @@ -600,7 +616,8 @@ public class OAuth2LoginConfigurerTests { this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)) + .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(2); assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER"); assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OIDC_USER"); @@ -609,11 +626,11 @@ public class OAuth2LoginConfigurerTests { @Test public void oidcLoginCustomWithNoUniqueJwtDecoderFactory() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> loadConfig(OAuth2LoginConfig.class, NoUniqueJwtDecoderFactoryConfig.class)) - .withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class) - .withMessageContaining("No qualifying bean of type " - + "'org.springframework.security.oauth2.jwt.JwtDecoderFactory' " - + "available: expected single matching bean but found 2: jwtDecoderFactory1,jwtDecoderFactory2"); + .isThrownBy(() -> loadConfig(OAuth2LoginConfig.class, NoUniqueJwtDecoderFactoryConfig.class)) + .withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class) + .withMessageContaining("No qualifying bean of type " + + "'org.springframework.security.oauth2.jwt.JwtDecoderFactory' " + + "available: expected single matching bean but found 2: jwtDecoderFactory1,jwtDecoderFactory2"); } @Test @@ -622,7 +639,7 @@ public class OAuth2LoginConfigurerTests { OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, "registration-id"); this.mvc.perform(post("/logout").with(authentication(token)).with(csrf())) - .andExpect(redirectedUrl("https://logout?id_token_hint=id-token")); + .andExpect(redirectedUrl("https://logout?id_token_hint=id-token")); } private void loadConfig(Class... configs) { @@ -658,8 +675,10 @@ public class OAuth2LoginConfigurerTests { if (request.getAuthorizationExchange().getAuthorizationRequest().getScopes().contains("openid")) { additionalParameters.put(OidcParameterNames.ID_TOKEN, "token123"); } - return OAuth2AccessTokenResponse.withToken("accessToken123").tokenType(OAuth2AccessToken.TokenType.BEARER) - .additionalParameters(additionalParameters).build(); + return OAuth2AccessTokenResponse.withToken("accessToken123") + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .additionalParameters(additionalParameters) + .build(); }; } @@ -1057,7 +1076,8 @@ public class OAuth2LoginConfigurerTests { ClientRegistrationRepository clientRegistrationRepository() { Map providerMetadata = Collections.singletonMap("end_session_endpoint", "https://logout"); return new InMemoryClientRegistrationRepository(TestClientRegistrations.clientRegistration() - .providerConfigurationMetadata(providerMetadata).build()); + .providerConfigurationMetadata(providerMetadata) + .build()); } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java index 681ccc9681..1a7c3192b6 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java @@ -227,8 +227,10 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenCustomSecurityContextHolderStrategyThenUses() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class, - SecurityContextChangedListenerConfig.class).autowire(); + this.spring + .register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class, + SecurityContextChangedListenerConfig.class) + .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); // @formatter:off @@ -241,8 +243,10 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenSecurityContextHolderStrategyThenUses() throws Exception { - this.spring.register(RestOperationsConfig.class, DefaultConfig.class, - SecurityContextChangedListenerConfig.class, BasicController.class).autowire(); + this.spring + .register(RestOperationsConfig.class, DefaultConfig.class, SecurityContextChangedListenerConfig.class, + BasicController.class) + .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); // @formatter:off @@ -640,7 +644,7 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenSessionManagementConfiguredThenUserConfigurationOverrides() throws Exception { this.spring.register(RestOperationsConfig.class, AlwaysSessionCreationConfig.class, BasicController.class) - .autowire(); + .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); // @formatter:off @@ -655,7 +659,7 @@ public class OAuth2ResourceServerConfigurerTests { public void requestWhenBearerTokenResolverAllowsRequestBodyThenEitherHeaderOrRequestBodyIsAccepted() throws Exception { this.spring.register(AllowBearerTokenInRequestBodyConfig.class, JwtDecoderConfig.class, BasicController.class) - .autowire(); + .autowire(); JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); // @formatter:off @@ -672,8 +676,8 @@ public class OAuth2ResourceServerConfigurerTests { public void requestWhenBearerTokenResolverAllowsQueryParameterThenEitherHeaderOrQueryParameterIsAccepted() throws Exception { this.spring - .register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class, BasicController.class) - .autowire(); + .register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class, BasicController.class) + .autowire(); JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); // @formatter:off @@ -690,7 +694,7 @@ public class OAuth2ResourceServerConfigurerTests { public void requestWhenBearerTokenResolverAllowsRequestBodyAndRequestContainsTwoTokensThenInvalidRequest() throws Exception { this.spring.register(AllowBearerTokenInRequestBodyConfig.class, JwtDecoderConfig.class, BasicController.class) - .autowire(); + .autowire(); JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); // @formatter:off @@ -709,8 +713,8 @@ public class OAuth2ResourceServerConfigurerTests { public void requestWhenBearerTokenResolverAllowsQueryParameterAndRequestContainsTwoTokensThenInvalidRequest() throws Exception { this.spring - .register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class, BasicController.class) - .autowire(); + .register(AllowBearerTokenAsQueryParameterConfig.class, JwtDecoderConfig.class, BasicController.class) + .autowire(); JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); // @formatter:off @@ -739,9 +743,9 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getBearerTokenResolverWhenDuplicateResolverBeansThenWiringException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring - .register(MultipleBearerTokenResolverBeansConfig.class, JwtDecoderConfig.class).autowire()) - .withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class); + .isThrownBy(() -> this.spring.register(MultipleBearerTokenResolverBeansConfig.class, JwtDecoderConfig.class) + .autowire()) + .withRootCauseInstanceOf(NoUniqueBeanDefinitionException.class); } @Test @@ -766,11 +770,12 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenCustomAuthenticationDetailsSourceThenUsed() throws Exception { this.spring.register(CustomAuthenticationDetailsSource.class, JwtDecoderConfig.class, BasicController.class) - .autowire(); + .autowire(); JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); - this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))).andExpect(status().isOk()) - .andExpect(content().string(JWT_SUBJECT)); + this.mvc.perform(get("/authenticated").with(bearerToken(JWT_TOKEN))) + .andExpect(status().isOk()) + .andExpect(content().string(JWT_SUBJECT)); verifyBean(AuthenticationDetailsSource.class).buildDetails(any()); } @@ -870,7 +875,7 @@ public class OAuth2ResourceServerConfigurerTests { this.spring.context(context).autowire(); OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); assertThatExceptionOfType(NoUniqueBeanDefinitionException.class) - .isThrownBy(() -> jwtConfigurer.getJwtDecoder()); + .isThrownBy(() -> jwtConfigurer.getJwtDecoder()); } @Test @@ -916,8 +921,9 @@ public class OAuth2ResourceServerConfigurerTests { this.spring.register(RestOperationsConfig.class, CustomJwtValidatorConfig.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); - OAuth2TokenValidator jwtValidator = this.spring.getContext().getBean(CustomJwtValidatorConfig.class) - .getJwtValidator(); + OAuth2TokenValidator jwtValidator = this.spring.getContext() + .getBean(CustomJwtValidatorConfig.class) + .getJwtValidator(); OAuth2Error error = new OAuth2Error("custom-error", "custom-description", "custom-uri"); given(jwtValidator.validate(any(Jwt.class))).willReturn(OAuth2TokenValidatorResult.failure(error)); // @formatter:off @@ -930,7 +936,7 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenClockSkewSetThenTimestampWindowRelaxedAccordingly() throws Exception { this.spring.register(RestOperationsConfig.class, UnexpiredJwtClockSkewConfig.class, BasicController.class) - .autowire(); + .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ExpiresAt4687177990"); // @formatter:off @@ -942,7 +948,7 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenClockSkewSetButJwtStillTooLateThenReportsExpired() throws Exception { this.spring.register(RestOperationsConfig.class, ExpiredJwtClockSkewConfig.class, BasicController.class) - .autowire(); + .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ExpiresAt4687177990"); // @formatter:off @@ -954,10 +960,12 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenJwtAuthenticationConverterConfiguredOnDslThenIsUsed() throws Exception { - this.spring.register(JwtDecoderConfig.class, JwtAuthenticationConverterConfiguredOnDsl.class, - BasicController.class).autowire(); + this.spring + .register(JwtDecoderConfig.class, JwtAuthenticationConverterConfiguredOnDsl.class, BasicController.class) + .autowire(); Converter jwtAuthenticationConverter = this.spring.getContext() - .getBean(JwtAuthenticationConverterConfiguredOnDsl.class).getJwtAuthenticationConverter(); + .getBean(JwtAuthenticationConverterConfiguredOnDsl.class) + .getJwtAuthenticationConverter(); given(jwtAuthenticationConverter.convert(JWT)).willReturn(JWT_AUTHENTICATION_TOKEN); JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class); given(jwtDecoder.decode(anyString())).willReturn(JWT); @@ -972,7 +980,7 @@ public class OAuth2ResourceServerConfigurerTests { public void requestWhenJwtAuthenticationConverterCustomizedAuthoritiesThenThoseAuthoritiesArePropagated() throws Exception { this.spring.register(JwtDecoderConfig.class, CustomAuthorityMappingConfig.class, BasicController.class) - .autowire(); + .autowire(); JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(JWT_TOKEN)).willReturn(JWT); // @formatter:off @@ -1018,14 +1026,14 @@ public class OAuth2ResourceServerConfigurerTests { given(bean(JwtDecoder.class).decode(anyString())).willThrow(new BadJwtException("problem")); this.mvc.perform(get("/").with(bearerToken("token"))); verifyBean(AuthenticationEventPublisher.class) - .publishAuthenticationFailure(any(OAuth2AuthenticationException.class), any(Authentication.class)); + .publishAuthenticationFailure(any(OAuth2AuthenticationException.class), any(Authentication.class)); } @Test public void getWhenCustomJwtAuthenticationManagerThenUsed() throws Exception { this.spring.register(JwtAuthenticationManagerConfig.class, BasicController.class).autowire(); given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class))) - .willReturn(JWT_AUTHENTICATION_TOKEN); + .willReturn(JWT_AUTHENTICATION_TOKEN); // @formatter:off this.mvc.perform(get("/authenticated").with(bearerToken("token"))) .andExpect(status().isOk()) @@ -1038,11 +1046,11 @@ public class OAuth2ResourceServerConfigurerTests { public void getWhenDefaultAndCustomJwtAuthenticationManagerThenCustomUsed() throws Exception { this.spring.register(DefaultAndJwtAuthenticationManagerConfig.class, BasicController.class).autowire(); DefaultAndJwtAuthenticationManagerConfig config = this.spring.getContext() - .getBean(DefaultAndJwtAuthenticationManagerConfig.class); + .getBean(DefaultAndJwtAuthenticationManagerConfig.class); AuthenticationManager defaultAuthenticationManager = config.defaultAuthenticationManager(); AuthenticationManager jwtAuthenticationManager = config.jwtAuthenticationManager(); given(defaultAuthenticationManager.authenticate(any())) - .willThrow(new RuntimeException("should not interact with default auth manager")); + .willThrow(new RuntimeException("should not interact with default auth manager")); given(jwtAuthenticationManager.authenticate(any())).willReturn(JWT_AUTHENTICATION_TOKEN); // @formatter:off this.mvc.perform(get("/authenticated").with(bearerToken("token"))) @@ -1066,7 +1074,7 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenOpaqueTokenInLambdaAndIntrospectingThenOk() throws Exception { this.spring.register(RestOperationsConfig.class, OpaqueTokenInLambdaConfig.class, BasicController.class) - .autowire(); + .autowire(); mockRestOperations(json("Active")); // @formatter:off this.mvc.perform(get("/authenticated").with(bearerToken("token"))) @@ -1101,7 +1109,7 @@ public class OAuth2ResourceServerConfigurerTests { public void getWhenCustomIntrospectionAuthenticationManagerThenUsed() throws Exception { this.spring.register(OpaqueTokenAuthenticationManagerConfig.class, BasicController.class).autowire(); given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class))) - .willReturn(INTROSPECTION_AUTHENTICATION_TOKEN); + .willReturn(INTROSPECTION_AUTHENTICATION_TOKEN); // @formatter:off this.mvc.perform(get("/authenticated").with(bearerToken("token"))) .andExpect(status().isOk()) @@ -1114,11 +1122,11 @@ public class OAuth2ResourceServerConfigurerTests { public void getWhenDefaultAndCustomIntrospectionAuthenticationManagerThenCustomUsed() throws Exception { this.spring.register(DefaultAndOpaqueTokenAuthenticationManagerConfig.class, BasicController.class).autowire(); DefaultAndOpaqueTokenAuthenticationManagerConfig config = this.spring.getContext() - .getBean(DefaultAndOpaqueTokenAuthenticationManagerConfig.class); + .getBean(DefaultAndOpaqueTokenAuthenticationManagerConfig.class); AuthenticationManager defaultAuthenticationManager = config.defaultAuthenticationManager(); AuthenticationManager opaqueTokenAuthenticationManager = config.opaqueTokenAuthenticationManager(); given(defaultAuthenticationManager.authenticate(any())) - .willThrow(new RuntimeException("should not interact with default auth manager")); + .willThrow(new RuntimeException("should not interact with default auth manager")); given(opaqueTokenAuthenticationManager.authenticate(any())).willReturn(INTROSPECTION_AUTHENTICATION_TOKEN); // @formatter:off this.mvc.perform(get("/authenticated").with(bearerToken("token"))) @@ -1132,7 +1140,7 @@ public class OAuth2ResourceServerConfigurerTests { public void getWhenCustomIntrospectionAuthenticationManagerInLambdaThenUsed() throws Exception { this.spring.register(OpaqueTokenAuthenticationManagerInLambdaConfig.class, BasicController.class).autowire(); given(bean(AuthenticationProvider.class).authenticate(any(Authentication.class))) - .willReturn(INTROSPECTION_AUTHENTICATION_TOKEN); + .willReturn(INTROSPECTION_AUTHENTICATION_TOKEN); // @formatter:off this.mvc.perform(get("/authenticated").with(bearerToken("token"))) .andExpect(status().isOk()) @@ -1144,14 +1152,15 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void configureWhenOnlyIntrospectionUrlThenException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(OpaqueTokenHalfConfiguredConfig.class).autowire()); + .isThrownBy(() -> this.spring.register(OpaqueTokenHalfConfiguredConfig.class).autowire()); } @Test public void getIntrospectionClientWhenConfiguredWithClientAndIntrospectionUriThenLastOneWins() { ApplicationContext context = mock(ApplicationContext.class); OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueTokenConfigurer = new OAuth2ResourceServerConfigurer( - context).opaqueToken(); + context) + .opaqueToken(); OpaqueTokenIntrospector client = mock(OpaqueTokenIntrospector.class); opaqueTokenConfigurer.introspectionUri(INTROSPECTION_URI); opaqueTokenConfigurer.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET); @@ -1170,7 +1179,7 @@ public class OAuth2ResourceServerConfigurerTests { registerMockBean(context, "introspectionClientOne", OpaqueTokenIntrospector.class); registerMockBean(context, "introspectionClientTwo", OpaqueTokenIntrospector.class); OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueToken = new OAuth2ResourceServerConfigurer(context) - .opaqueToken(); + .opaqueToken(); opaqueToken.introspectionUri(INTROSPECTION_URI); opaqueToken.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET); assertThat(opaqueToken.getIntrospector()).isNotNull(); @@ -1227,8 +1236,8 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void requestWhenDefaultAndResourceServerAccessDeniedHandlersThenMatchedByRequest() throws Exception { this.spring - .register(ExceptionHandlingAndResourceServerWithAccessDeniedHandlerConfig.class, JwtDecoderConfig.class) - .autowire(); + .register(ExceptionHandlingAndResourceServerWithAccessDeniedHandlerConfig.class, JwtDecoderConfig.class) + .autowire(); JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(JWT); // @formatter:off @@ -1244,7 +1253,7 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void getWhenAlsoUsingHttpBasicThenCorrectProviderEngages() throws Exception { this.spring.register(RestOperationsConfig.class, BasicAndResourceServerConfig.class, BasicController.class) - .autowire(); + .autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); // @formatter:off @@ -1266,8 +1275,9 @@ public class OAuth2ResourceServerConfigurerTests { oauth2ResourceServer.jwt().authenticationManager(authenticationManager).decoder(mock(JwtDecoder.class)); assertThat(oauth2ResourceServer.getAuthenticationManager(http)).isSameAs(authenticationManager); oauth2ResourceServer = new OAuth2ResourceServerConfigurer(context); - oauth2ResourceServer.opaqueToken().authenticationManager(authenticationManager) - .introspector(mock(OpaqueTokenIntrospector.class)); + oauth2ResourceServer.opaqueToken() + .authenticationManager(authenticationManager) + .introspector(mock(OpaqueTokenIntrospector.class)); assertThat(oauth2ResourceServer.getAuthenticationManager(http)).isSameAs(authenticationManager); verify(http, never()).authenticationProvider(any(AuthenticationProvider.class)); } @@ -1311,29 +1321,29 @@ public class OAuth2ResourceServerConfigurerTests { @Test public void configuredWhenMissingJwtAuthenticationProviderThenWiringException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(JwtlessConfig.class).autowire()) - .withMessageContaining("neither was found"); + .isThrownBy(() -> this.spring.register(JwtlessConfig.class).autowire()) + .withMessageContaining("neither was found"); } @Test public void configureWhenMissingJwkSetUriThenWiringException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(JwtHalfConfiguredConfig.class).autowire()) - .withMessageContaining("No qualifying bean of type"); + .isThrownBy(() -> this.spring.register(JwtHalfConfiguredConfig.class).autowire()) + .withMessageContaining("No qualifying bean of type"); } @Test public void configureWhenUsingBothJwtAndOpaqueThenWiringException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(OpaqueAndJwtConfig.class).autowire()) - .withMessageContaining("Spring Security only supports JWTs or Opaque Tokens"); + .isThrownBy(() -> this.spring.register(OpaqueAndJwtConfig.class).autowire()) + .withMessageContaining("Spring Security only supports JWTs or Opaque Tokens"); } @Test public void configureWhenUsingBothAuthenticationManagerResolverAndOpaqueThenWiringException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(AuthenticationManagerResolverPlusOtherConfig.class).autowire()) - .withMessageContaining("authenticationManagerResolver"); + .isThrownBy(() -> this.spring.register(AuthenticationManagerResolverPlusOtherConfig.class).autowire()) + .withMessageContaining("authenticationManagerResolver"); } @Test @@ -1387,16 +1397,17 @@ public class OAuth2ResourceServerConfigurerTests { this.spring.context(context).autowire(); OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt(); assertThatExceptionOfType(NoUniqueBeanDefinitionException.class) - .isThrownBy(jwtConfigurer::getJwtAuthenticationConverter); + .isThrownBy(jwtConfigurer::getJwtAuthenticationConverter); } @Test public void getWhenCustomAuthenticationConverterThenUsed() throws Exception { - this.spring.register(RestOperationsConfig.class, OpaqueTokenAuthenticationConverterConfig.class, - BasicController.class).autowire(); + this.spring + .register(RestOperationsConfig.class, OpaqueTokenAuthenticationConverterConfig.class, BasicController.class) + .autowire(); OpaqueTokenAuthenticationConverter authenticationConverter = bean(OpaqueTokenAuthenticationConverter.class); given(authenticationConverter.convert(anyString(), any(OAuth2AuthenticatedPrincipal.class))) - .willReturn(new TestingAuthenticationToken("jdoe", null, Collections.emptyList())); + .willReturn(new TestingAuthenticationToken("jdoe", null, Collections.emptyList())); mockRestOperations(json("Active")); // @formatter:off this.mvc.perform(get("/authenticated").with(bearerToken("token"))) @@ -1451,7 +1462,8 @@ public class OAuth2ResourceServerConfigurerTests { private void mockWebServer(String response) { this.web.enqueue(new MockResponse().setResponseCode(200) - .setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(response)); + .setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) + .setBody(response)); } private void mockRestOperations(String response) { @@ -2231,7 +2243,7 @@ public class OAuth2ResourceServerConfigurerTests { @Bean JwtDecoder decoder() throws Exception { RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA") - .generatePublic(new X509EncodedKeySpec(this.spec)); + .generatePublic(new X509EncodedKeySpec(this.spec)); return NimbusJwtDecoder.withPublicKey(publicKey).build(); } @@ -2514,8 +2526,11 @@ public class OAuth2ResourceServerConfigurerTests { @GetMapping("/requires-read-scope") String requiresReadScope(JwtAuthenticationToken token) { - return token.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()) - .toString(); + return token.getAuthorities() + .stream() + .map(GrantedAuthority::getAuthority) + .collect(Collectors.toList()) + .toString(); } @GetMapping("/ms-requires-read-scope") @@ -2546,7 +2561,7 @@ public class OAuth2ResourceServerConfigurerTests { public void setEnvironment(Environment environment) { if (environment instanceof ConfigurableEnvironment) { ((ConfigurableEnvironment) environment).getPropertySources() - .addFirst(new MockWebServerPropertySource()); + .addFirst(new MockWebServerPropertySource()); } } @@ -2587,8 +2602,9 @@ public class OAuth2ResourceServerConfigurerTests { @Bean NimbusJwtDecoder jwtDecoder() { - return NimbusJwtDecoder.withJwkSetUri("https://example.org/.well-known/jwks.json").restOperations(this.rest) - .build(); + return NimbusJwtDecoder.withJwkSetUri("https://example.org/.well-known/jwks.json") + .restOperations(this.rest) + .build(); } @Bean diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java index 6d4a9e47f3..7649d928c9 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.java @@ -111,29 +111,34 @@ public class OpenIDLoginConfigurerTests { given(mockAuthRequest.getDestinationUrl(anyBoolean())).willReturn("mockUrl"); given(OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER.associate(any())).willReturn(mockDiscoveryInformation); given(OpenIdAttributesInLambdaConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(), - any())).willReturn(mockAuthRequest); + any())) + .willReturn(mockAuthRequest); this.spring.register(OpenIdAttributesInLambdaConfig.class).autowire(); try (MockWebServer server = new MockWebServer()) { String endpoint = server.url("/").toString(); server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint)); server.enqueue(new MockResponse() - .setBody(String.format("%s", endpoint))); - MvcResult mvcResult = this.mvc.perform( - get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint)) - .andExpect(status().isFound()).andReturn(); - Object attributeObject = mvcResult.getRequest().getSession() - .getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"); + .setBody(String.format("%s", endpoint))); + MvcResult mvcResult = this.mvc + .perform( + get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint)) + .andExpect(status().isFound()) + .andReturn(); + Object attributeObject = mvcResult.getRequest() + .getSession() + .getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"); assertThat(attributeObject).isInstanceOf(List.class); List attributeList = (List) attributeObject; assertThat( attributeList.stream() - .anyMatch((attribute) -> "nickname".equals(attribute.getName()) - && "https://schema.openid.net/namePerson/friendly".equals(attribute.getType()))) - .isTrue(); + .anyMatch((attribute) -> "nickname".equals(attribute.getName()) + && "https://schema.openid.net/namePerson/friendly".equals(attribute.getType()))) + .isTrue(); assertThat(attributeList.stream() - .anyMatch((attribute) -> "email".equals(attribute.getName()) - && "https://schema.openid.net/contact/email".equals(attribute.getType()) - && attribute.isRequired() && attribute.getCount() == 2)).isTrue(); + .anyMatch((attribute) -> "email".equals(attribute.getName()) + && "https://schema.openid.net/contact/email".equals(attribute.getType()) + && attribute.isRequired() && attribute.getCount() == 2)) + .isTrue(); } } @@ -145,13 +150,14 @@ public class OpenIDLoginConfigurerTests { given(mockAuthRequest.getDestinationUrl(anyBoolean())).willReturn("mockUrl"); given(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.associate(any())).willReturn(mockDiscoveryInformation); given(OpenIdAttributesNullNameConfig.CONSUMER_MANAGER.authenticate(any(DiscoveryInformation.class), any(), - any())).willReturn(mockAuthRequest); + any())) + .willReturn(mockAuthRequest); this.spring.register(OpenIdAttributesNullNameConfig.class).autowire(); try (MockWebServer server = new MockWebServer()) { String endpoint = server.url("/").toString(); server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint)); server.enqueue(new MockResponse() - .setBody(String.format("%s", endpoint))); + .setBody(String.format("%s", endpoint))); // @formatter:off MockHttpServletRequestBuilder request = get("/login/openid") .param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java index 144419e28e..3940428ae8 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java @@ -140,7 +140,7 @@ public class Saml2LoginConfigurerTests { a) -> Collections.singletonList(new SimpleGrantedAuthority("TEST")); private static final GrantedAuthoritiesMapper AUTHORITIES_MAPPER = (authorities) -> Collections - .singletonList(new SimpleGrantedAuthority("TEST CONVERTED")); + .singletonList(new SimpleGrantedAuthority("TEST CONVERTED")); private static final Duration RESPONSE_TIME_VALIDATION_SKEW = Duration.ZERO; @@ -202,8 +202,8 @@ public class Saml2LoginConfigurerTests { @Test public void saml2LoginWhenCustomSecurityContextHolderStrategyThenUses() throws Exception { this.spring - .register(Saml2LoginConfig.class, SecurityContextChangedListenerConfig.class, ResourceController.class) - .autowire(); + .register(Saml2LoginConfig.class, SecurityContextChangedListenerConfig.class, ResourceController.class) + .autowire(); // @formatter:off MockHttpSession session = (MockHttpSession) this.mvc .perform(post("/login/saml2/sso/registration-id") @@ -215,7 +215,7 @@ public class Saml2LoginConfigurerTests { SecurityContextHolderStrategy strategy = this.spring.getContext().getBean(SecurityContextHolderStrategy.class); verify(strategy, atLeastOnce()).getContext(); SecurityContextChangedListener listener = this.spring.getContext() - .getBean(SecurityContextChangedListener.class); + .getBean(SecurityContextChangedListener.class); verify(listener, times(2)).securityContextChanged(setAuthentication(Saml2Authentication.class)); } @@ -244,9 +244,10 @@ public class Saml2LoginConfigurerTests { public void saml2LoginWhenCustomAuthenticationRequestContextResolverThenUses() throws Exception { this.spring.register(CustomAuthenticationRequestContextResolver.class).autowire(); Saml2AuthenticationRequestContext context = TestSaml2AuthenticationRequestContexts - .authenticationRequestContext().build(); + .authenticationRequestContext() + .build(); Saml2AuthenticationRequestContextResolver resolver = this.spring.getContext() - .getBean(Saml2AuthenticationRequestContextResolver.class); + .getBean(Saml2AuthenticationRequestContextResolver.class); given(resolver.resolve(any(HttpServletRequest.class))).willReturn(context); this.mvc.perform(get("/saml2/authenticate/registration-id")).andExpect(status().isFound()); verify(resolver).resolve(any(HttpServletRequest.class)); @@ -305,7 +306,7 @@ public class Saml2LoginConfigurerTests { RelyingPartyRegistration relyingPartyRegistration = this.repository.findByRegistrationId("registration-id"); String response = new String(Saml2Utils.samlDecode(SIGNED_RESPONSE)); given(CustomAuthenticationConverter.authenticationConverter.convert(any(HttpServletRequest.class))) - .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); + .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); // @formatter:off MockHttpServletRequestBuilder request = post("/login/saml2/sso/" + relyingPartyRegistration.getRegistrationId()) .param("SAMLResponse", SIGNED_RESPONSE); @@ -318,11 +319,11 @@ public class Saml2LoginConfigurerTests { public void authenticateWhenCustomAuthenticationConverterBeanThenUses() throws Exception { this.spring.register(CustomAuthenticationConverterBean.class).autowire(); Saml2AuthenticationTokenConverter authenticationConverter = this.spring.getContext() - .getBean(Saml2AuthenticationTokenConverter.class); + .getBean(Saml2AuthenticationTokenConverter.class); RelyingPartyRegistration relyingPartyRegistration = this.repository.findByRegistrationId("registration-id"); String response = new String(Saml2Utils.samlDecode(SIGNED_RESPONSE)); given(authenticationConverter.convert(any(HttpServletRequest.class))) - .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); + .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); // @formatter:off MockHttpServletRequestBuilder request = post("/login/saml2/sso/" + relyingPartyRegistration.getRegistrationId()) .param("SAMLResponse", SIGNED_RESPONSE); @@ -340,9 +341,9 @@ public class Saml2LoginConfigurerTests { encoded); this.mvc.perform(request); ArgumentCaptor captor = ArgumentCaptor - .forClass(Saml2AuthenticationException.class); - verify(CustomAuthenticationFailureHandler.authenticationFailureHandler).onAuthenticationFailure( - any(HttpServletRequest.class), any(HttpServletResponse.class), captor.capture()); + .forClass(Saml2AuthenticationException.class); + verify(CustomAuthenticationFailureHandler.authenticationFailureHandler) + .onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), captor.capture()); Saml2AuthenticationException exception = captor.getValue(); assertThat(exception.getSaml2Error().getErrorCode()).isEqualTo(Saml2ErrorCodes.INVALID_RESPONSE); assertThat(exception.getSaml2Error().getDescription()).isEqualTo("Unable to inflate string"); @@ -355,7 +356,7 @@ public class Saml2LoginConfigurerTests { MockHttpServletRequestBuilder request = get("/saml2/authenticate/registration-id"); this.mvc.perform(request).andExpect(status().isFound()); Saml2AuthenticationRequestRepository repository = this.spring.getContext() - .getBean(Saml2AuthenticationRequestRepository.class); + .getBean(Saml2AuthenticationRequestRepository.class); verify(repository).saveAuthenticationRequest(any(AbstractSaml2AuthenticationRequest.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); } @@ -366,7 +367,7 @@ public class Saml2LoginConfigurerTests { MockHttpServletRequestBuilder request = post("/login/saml2/sso/registration-id").param("SAMLResponse", SIGNED_RESPONSE); Saml2AuthenticationRequestRepository repository = this.spring.getContext() - .getBean(Saml2AuthenticationRequestRepository.class); + .getBean(Saml2AuthenticationRequestRepository.class); this.mvc.perform(request); verify(repository).loadAuthenticationRequest(any(HttpServletRequest.class)); verify(repository).removeAuthenticationRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); @@ -375,10 +376,11 @@ public class Saml2LoginConfigurerTests { @Test public void saml2LoginWhenLoginProcessingUrlWithoutRegistrationIdAndDefaultAuthenticationConverterThenValidates() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(CustomLoginProcessingUrlDefaultAuthenticationConverter.class) - .autowire()) - .havingRootCause().isInstanceOf(IllegalStateException.class) - .withMessage("loginProcessingUrl must contain {registrationId} path variable"); + .isThrownBy( + () -> this.spring.register(CustomLoginProcessingUrlDefaultAuthenticationConverter.class).autowire()) + .havingRootCause() + .isInstanceOf(IllegalStateException.class) + .withMessage("loginProcessingUrl must contain {registrationId} path variable"); } @Test @@ -388,7 +390,7 @@ public class Saml2LoginConfigurerTests { RelyingPartyRegistration relyingPartyRegistration = this.repository.findByRegistrationId("registration-id"); String response = new String(Saml2Utils.samlDecode(SIGNED_RESPONSE)); given(AUTHENTICATION_CONVERTER.convert(any(HttpServletRequest.class))) - .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); + .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); // @formatter:off MockHttpServletRequestBuilder request = post("/my/custom/url").param("SAMLResponse", SIGNED_RESPONSE); // @formatter:on @@ -401,11 +403,11 @@ public class Saml2LoginConfigurerTests { throws Exception { this.spring.register(CustomLoginProcessingUrlSaml2AuthenticationTokenConverterBean.class).autowire(); Saml2AuthenticationTokenConverter authenticationConverter = this.spring.getContext() - .getBean(Saml2AuthenticationTokenConverter.class); + .getBean(Saml2AuthenticationTokenConverter.class); RelyingPartyRegistration relyingPartyRegistration = this.repository.findByRegistrationId("registration-id"); String response = new String(Saml2Utils.samlDecode(SIGNED_RESPONSE)); given(authenticationConverter.convert(any(HttpServletRequest.class))) - .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); + .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); // @formatter:off MockHttpServletRequestBuilder request = post("/my/custom/url").param("SAMLResponse", SIGNED_RESPONSE); // @formatter:on @@ -417,10 +419,12 @@ public class Saml2LoginConfigurerTests { @Test public void getFaviconWhenDefaultConfigurationThenDoesNotSaveAuthnRequest() throws Exception { this.spring.register(Saml2LoginConfig.class).autowire(); - this.mvc.perform(get("/favicon.ico").accept(MediaType.TEXT_HTML)).andExpect(status().isFound()) - .andExpect(redirectedUrl("http://localhost/login")); - this.mvc.perform(get("/").accept(MediaType.TEXT_HTML)).andExpect(status().isFound()) - .andExpect(redirectedUrl("http://localhost/saml2/authenticate/registration-id")); + this.mvc.perform(get("/favicon.ico").accept(MediaType.TEXT_HTML)) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("http://localhost/login")); + this.mvc.perform(get("/").accept(MediaType.TEXT_HTML)) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("http://localhost/saml2/authenticate/registration-id")); } private void validateSaml2WebSsoAuthenticationFilterConfiguration() { @@ -429,14 +433,20 @@ public class Saml2LoginConfigurerTests { AuthenticationManager manager = (AuthenticationManager) ReflectionTestUtils.getField(filter, "authenticationManager"); ProviderManager pm = (ProviderManager) manager; - AuthenticationProvider provider = pm.getProviders().stream() - .filter((p) -> p instanceof OpenSaml4AuthenticationProvider).findFirst().get(); + AuthenticationProvider provider = pm.getProviders() + .stream() + .filter((p) -> p instanceof OpenSaml4AuthenticationProvider) + .findFirst() + .get(); assertThat(provider).isNotNull(); } private Saml2WebSsoAuthenticationFilter getSaml2SsoFilter(FilterChainProxy chain) { - return (Saml2WebSsoAuthenticationFilter) chain.getFilters("/login/saml2/sso/test").stream() - .filter((f) -> f instanceof Saml2WebSsoAuthenticationFilter).findFirst().get(); + return (Saml2WebSsoAuthenticationFilter) chain.getFilters("/login/saml2/sso/test") + .stream() + .filter((f) -> f instanceof Saml2WebSsoAuthenticationFilter) + .findFirst() + .get(); } private void performSaml2Login(String expected) throws IOException, ServletException { @@ -449,11 +459,13 @@ public class Saml2LoginConfigurerTests { this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)).getAuthentication(); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)) + .getAuthentication(); Assertions.assertNotNull(authentication, "Expected a valid authentication object."); assertThat(authentication.getAuthorities()).hasSize(1); - assertThat(authentication.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class) - .hasToString(expected); + assertThat(authentication.getAuthorities()).first() + .isInstanceOf(SimpleGrantedAuthority.class) + .hasToString(expected); } private static AuthenticationManager getAuthenticationManagerMock(String role) { @@ -481,7 +493,7 @@ public class Saml2LoginConfigurerTests { @Bean SecurityFilterChain web(HttpSecurity http) throws Exception { http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()) - .saml2Login(Customizer.withDefaults()); + .saml2Login(Customizer.withDefaults()); return http.build(); } @@ -549,7 +561,7 @@ public class Saml2LoginConfigurerTests { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests((authz) -> authz.anyRequest().authenticated()) - .saml2Login((saml2) -> saml2.failureHandler(authenticationFailureHandler)); + .saml2Login((saml2) -> saml2.failureHandler(authenticationFailureHandler)); } } @@ -715,7 +727,7 @@ public class Saml2LoginConfigurerTests { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests((authz) -> authz.anyRequest().authenticated()) - .saml2Login((saml2) -> saml2.authenticationConverter(authenticationConverter)); + .saml2Login((saml2) -> saml2.authenticationConverter(authenticationConverter)); } } @@ -730,7 +742,7 @@ public class Saml2LoginConfigurerTests { @Bean SecurityFilterChain app(HttpSecurity http) throws Exception { http.authorizeHttpRequests((authz) -> authz.anyRequest().authenticated()) - .saml2Login(Customizer.withDefaults()); + .saml2Login(Customizer.withDefaults()); return http.build(); } @@ -831,10 +843,10 @@ public class Saml2LoginConfigurerTests { @Bean RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() { RelyingPartyRegistration registration = TestRelyingPartyRegistrations.noCredentials() - .signingX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartySigningCredential())) - .assertingPartyDetails((party) -> party.verificationX509Credentials( - (c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) - .build(); + .signingX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartySigningCredential())) + .assertingPartyDetails((party) -> party.verificationX509Credentials( + (c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) + .build(); return spy(new InMemoryRelyingPartyRegistrationRepository(registration)); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java index 4cd87355a3..09a1d0aec5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java @@ -174,7 +174,8 @@ public class Saml2LogoutConfigurerTests { this.spring.register(Saml2LogoutDefaultsConfig.class).autowire(); TestingAuthenticationToken user = new TestingAuthenticationToken("user", "password"); MvcResult result = this.mvc.perform(post("/logout").with(authentication(user)).with(csrf())) - .andExpect(status().isFound()).andReturn(); + .andExpect(status().isFound()) + .andReturn(); String location = result.getResponse().getHeader("Location"); LogoutHandler logoutHandler = this.spring.getContext().getBean(LogoutHandler.class); assertThat(location).isEqualTo("/login?logout"); @@ -185,7 +186,8 @@ public class Saml2LogoutConfigurerTests { public void saml2LogoutWhenDefaultsThenLogsOutAndSendsLogoutRequest() throws Exception { this.spring.register(Saml2LogoutDefaultsConfig.class).autowire(); MvcResult result = this.mvc.perform(post("/logout").with(authentication(this.user)).with(csrf())) - .andExpect(status().isFound()).andReturn(); + .andExpect(status().isFound()) + .andReturn(); String location = result.getResponse().getHeader("Location"); LogoutHandler logoutHandler = this.spring.getContext().getBean(LogoutHandler.class); assertThat(location).startsWith("https://ap.example.org/logout/saml2/request"); @@ -195,8 +197,9 @@ public class Saml2LogoutConfigurerTests { @Test public void saml2LogoutWhenUnauthenticatedThenEntryPoint() throws Exception { this.spring.register(Saml2LogoutDefaultsConfig.class).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(status().isFound()) - .andExpect(redirectedUrl("/login?logout")); + this.mvc.perform(post("/logout").with(csrf())) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("/login?logout")); } @Test @@ -209,8 +212,9 @@ public class Saml2LogoutConfigurerTests { @Test public void saml2LogoutWhenGetThenDefaultLogoutPage() throws Exception { this.spring.register(Saml2LogoutDefaultsConfig.class).autowire(); - MvcResult result = this.mvc.perform(get("/logout").with(authentication(this.user))).andExpect(status().isOk()) - .andReturn(); + MvcResult result = this.mvc.perform(get("/logout").with(authentication(this.user))) + .andExpect(status().isOk()) + .andReturn(); assertThat(result.getResponse().getContentAsString()).contains("Are you sure you want to log out?"); verifyNoInteractions(getBean(LogoutHandler.class)); } @@ -220,7 +224,7 @@ public class Saml2LogoutConfigurerTests { this.spring.register(Saml2LogoutDefaultsConfig.class).autowire(); this.mvc.perform(put("/logout").with(authentication(this.user)).with(csrf())).andExpect(status().isNotFound()); this.mvc.perform(delete("/logout").with(authentication(this.user)).with(csrf())) - .andExpect(status().isNotFound()); + .andExpect(status().isNotFound()); verifyNoInteractions(this.spring.getContext().getBean(LogoutHandler.class)); } @@ -233,7 +237,7 @@ public class Saml2LogoutConfigurerTests { Saml2Authentication authentication = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER")); this.mvc.perform(post("/logout").with(authentication(authentication)).with(csrf())) - .andExpect(status().isUnauthorized()); + .andExpect(status().isUnauthorized()); } @Test @@ -249,8 +253,11 @@ public class Saml2LogoutConfigurerTests { this.spring.register(Saml2LogoutComponentsConfig.class).autowire(); RelyingPartyRegistration registration = this.repository.findByRegistrationId("registration-id"); Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration) - .samlRequest(this.rpLogoutRequest).id(this.rpLogoutRequestId).relayState(this.rpLogoutRequestRelayState) - .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)).build(); + .samlRequest(this.rpLogoutRequest) + .id(this.rpLogoutRequestId) + .relayState(this.rpLogoutRequestRelayState) + .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)) + .build(); given(getBean(Saml2LogoutRequestResolver.class).resolve(any(), any())).willReturn(logoutRequest); this.mvc.perform(post("/logout").with(authentication(this.user)).with(csrf())); verify(getBean(Saml2LogoutRequestResolver.class)).resolve(any(), any()); @@ -264,10 +271,15 @@ public class Saml2LogoutConfigurerTests { principal.setRelyingPartyRegistrationId("get"); Saml2Authentication user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER")); - MvcResult result = this.mvc.perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) - .param("RelayState", this.apLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg) - .param("Signature", this.apLogoutRequestSignature).with(samlQueryString()).with(authentication(user))) - .andExpect(status().isFound()).andReturn(); + MvcResult result = this.mvc + .perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) + .param("RelayState", this.apLogoutRequestRelayState) + .param("SigAlg", this.apLogoutRequestSigAlg) + .param("Signature", this.apLogoutRequestSignature) + .with(samlQueryString()) + .with(authentication(user))) + .andExpect(status().isFound()) + .andReturn(); String location = result.getResponse().getHeader("Location"); assertThat(location).startsWith("https://ap.example.org/logout/saml2/response"); verify(getBean(LogoutHandler.class)).logout(any(), any(), any()); @@ -281,10 +293,15 @@ public class Saml2LogoutConfigurerTests { principal.setRelyingPartyRegistrationId("get"); Saml2Authentication user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER")); - MvcResult result = this.mvc.perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) - .param("RelayState", this.apLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg) - .param("Signature", this.apLogoutRequestSignature).with(samlQueryString()).with(authentication(user))) - .andExpect(status().isFound()).andReturn(); + MvcResult result = this.mvc + .perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) + .param("RelayState", this.apLogoutRequestRelayState) + .param("SigAlg", this.apLogoutRequestSigAlg) + .param("Signature", this.apLogoutRequestSignature) + .with(samlQueryString()) + .with(authentication(user))) + .andExpect(status().isFound()) + .andReturn(); String location = result.getResponse().getHeader("Location"); assertThat(location).startsWith("https://ap.example.org/logout/saml2/response"); verify(getBean(LogoutHandler.class)).logout(any(), any(), any()); @@ -308,11 +325,14 @@ public class Saml2LogoutConfigurerTests { Saml2Authentication user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER")); MvcResult result = this.mvc - .perform(get("/logout/saml2/slo").param("SAMLRequest", apLogoutRequest) - .param("RelayState", apLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg) - .param("Signature", apLogoutRequestSignature) - .with(new SamlQueryStringRequestPostProcessor(true)).with(authentication(user))) - .andExpect(status().isFound()).andReturn(); + .perform(get("/logout/saml2/slo").param("SAMLRequest", apLogoutRequest) + .param("RelayState", apLogoutRequestRelayState) + .param("SigAlg", this.apLogoutRequestSigAlg) + .param("Signature", apLogoutRequestSignature) + .with(new SamlQueryStringRequestPostProcessor(true)) + .with(authentication(user))) + .andExpect(status().isFound()) + .andReturn(); String location = result.getResponse().getHeader("Location"); assertThat(location).startsWith("https://ap.example.org/logout/saml2/response"); verify(getBean(LogoutHandler.class)).logout(any(), any(), any()); @@ -336,11 +356,14 @@ public class Saml2LogoutConfigurerTests { Saml2Authentication user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER")); MvcResult result = this.mvc - .perform(get("/logout/saml2/slo").param("SAMLRequest", apLogoutRequest) - .param("SigAlg", this.apLogoutRequestSigAlg).param("RelayState", apLogoutRequestRelayState) - .param("Signature", apLogoutRequestSignature) - .with(new SamlQueryStringRequestPostProcessor(true)).with(authentication(user))) - .andExpect(status().isFound()).andReturn(); + .perform(get("/logout/saml2/slo").param("SAMLRequest", apLogoutRequest) + .param("SigAlg", this.apLogoutRequestSigAlg) + .param("RelayState", apLogoutRequestRelayState) + .param("Signature", apLogoutRequestSignature) + .with(new SamlQueryStringRequestPostProcessor(true)) + .with(authentication(user))) + .andExpect(status().isFound()) + .andReturn(); String location = result.getResponse().getHeader("Location"); assertThat(location).startsWith("https://ap.example.org/logout/saml2/response"); verify(getBean(LogoutHandler.class)).logout(any(), any(), any()); @@ -354,19 +377,25 @@ public class Saml2LogoutConfigurerTests { principal.setRelyingPartyRegistrationId("wrong"); Saml2Authentication user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER")); - this.mvc.perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) - .param("RelayState", this.apLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg) - .param("Signature", this.apLogoutRequestSignature).with(authentication(user))) - .andExpect(status().isBadRequest()); + this.mvc + .perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) + .param("RelayState", this.apLogoutRequestRelayState) + .param("SigAlg", this.apLogoutRequestSigAlg) + .param("Signature", this.apLogoutRequestSignature) + .with(authentication(user))) + .andExpect(status().isBadRequest()); verifyNoInteractions(getBean(LogoutHandler.class)); } @Test public void saml2LogoutRequestWhenInvalidSamlRequestThen401() throws Exception { this.spring.register(Saml2LogoutDefaultsConfig.class).autowire(); - this.mvc.perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) - .param("RelayState", this.apLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg) - .with(authentication(this.user))).andExpect(status().isUnauthorized()); + this.mvc + .perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) + .param("RelayState", this.apLogoutRequestRelayState) + .param("SigAlg", this.apLogoutRequestSigAlg) + .with(authentication(this.user))) + .andExpect(status().isUnauthorized()); verifyNoInteractions(getBean(LogoutHandler.class)); } @@ -377,11 +406,11 @@ public class Saml2LogoutConfigurerTests { LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration); logoutRequest.setIssueInstant(Instant.now()); given(getBean(Saml2LogoutRequestValidator.class).validate(any())) - .willReturn(Saml2LogoutValidatorResult.success()); + .willReturn(Saml2LogoutValidatorResult.success()); Saml2LogoutResponse logoutResponse = Saml2LogoutResponse.withRelyingPartyRegistration(registration).build(); given(getBean(Saml2LogoutResponseResolver.class).resolve(any(), any())).willReturn(logoutResponse); this.mvc.perform(post("/logout/saml2/slo").param("SAMLRequest", "samlRequest").with(authentication(this.user))) - .andReturn(); + .andReturn(); verify(getBean(Saml2LogoutRequestValidator.class)).validate(any()); verify(getBean(Saml2LogoutResponseResolver.class)).resolve(any(), any()); } @@ -391,15 +420,23 @@ public class Saml2LogoutConfigurerTests { this.spring.register(Saml2LogoutDefaultsConfig.class).autowire(); RelyingPartyRegistration registration = this.repository.findByRegistrationId("get"); Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration) - .samlRequest(this.rpLogoutRequest).id(this.rpLogoutRequestId).relayState(this.rpLogoutRequestRelayState) - .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)).build(); + .samlRequest(this.rpLogoutRequest) + .id(this.rpLogoutRequestId) + .relayState(this.rpLogoutRequestRelayState) + .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)) + .build(); this.logoutRequestRepository.saveLogoutRequest(logoutRequest, this.request, this.response); this.request.setParameter("RelayState", logoutRequest.getRelayState()); assertThat(this.logoutRequestRepository.loadLogoutRequest(this.request)).isNotNull(); - this.mvc.perform(get("/logout/saml2/slo").session(((MockHttpSession) this.request.getSession())) - .param("SAMLResponse", this.apLogoutResponse).param("RelayState", this.apLogoutResponseRelayState) - .param("SigAlg", this.apLogoutResponseSigAlg).param("Signature", this.apLogoutResponseSignature) - .with(samlQueryString())).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); + this.mvc + .perform(get("/logout/saml2/slo").session(((MockHttpSession) this.request.getSession())) + .param("SAMLResponse", this.apLogoutResponse) + .param("RelayState", this.apLogoutResponseRelayState) + .param("SigAlg", this.apLogoutResponseSigAlg) + .param("Signature", this.apLogoutResponseSignature) + .with(samlQueryString())) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("/login?logout")); verifyNoInteractions(getBean(LogoutHandler.class)); assertThat(this.logoutRequestRepository.loadLogoutRequest(this.request)).isNull(); } @@ -409,16 +446,23 @@ public class Saml2LogoutConfigurerTests { this.spring.register(Saml2LogoutDefaultsConfig.class).autowire(); RelyingPartyRegistration registration = this.repository.findByRegistrationId("registration-id"); Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration) - .samlRequest(this.rpLogoutRequest).id(this.rpLogoutRequestId).relayState(this.rpLogoutRequestRelayState) - .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)).build(); + .samlRequest(this.rpLogoutRequest) + .id(this.rpLogoutRequestId) + .relayState(this.rpLogoutRequestRelayState) + .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)) + .build(); this.logoutRequestRepository.saveLogoutRequest(logoutRequest, this.request, this.response); String deflatedApLogoutResponse = Saml2Utils.samlEncode( Saml2Utils.samlInflate(Saml2Utils.samlDecode(this.apLogoutResponse)).getBytes(StandardCharsets.UTF_8)); - this.mvc.perform(post("/logout/saml2/slo").session((MockHttpSession) this.request.getSession()) - .param("SAMLResponse", deflatedApLogoutResponse).param("RelayState", this.rpLogoutRequestRelayState) - .param("SigAlg", this.apLogoutRequestSigAlg).param("Signature", this.apLogoutResponseSignature) - .with(samlQueryString())).andExpect(status().reason(containsString("invalid_signature"))) - .andExpect(status().isUnauthorized()); + this.mvc + .perform(post("/logout/saml2/slo").session((MockHttpSession) this.request.getSession()) + .param("SAMLResponse", deflatedApLogoutResponse) + .param("RelayState", this.rpLogoutRequestRelayState) + .param("SigAlg", this.apLogoutRequestSigAlg) + .param("Signature", this.apLogoutResponseSignature) + .with(samlQueryString())) + .andExpect(status().reason(containsString("invalid_signature"))) + .andExpect(status().isUnauthorized()); verifyNoInteractions(getBean(LogoutHandler.class)); } @@ -427,11 +471,14 @@ public class Saml2LogoutConfigurerTests { this.spring.register(Saml2LogoutComponentsConfig.class).autowire(); RelyingPartyRegistration registration = this.repository.findByRegistrationId("get"); Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration) - .samlRequest(this.rpLogoutRequest).id(this.rpLogoutRequestId).relayState(this.rpLogoutRequestRelayState) - .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)).build(); + .samlRequest(this.rpLogoutRequest) + .id(this.rpLogoutRequestId) + .relayState(this.rpLogoutRequestRelayState) + .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)) + .build(); given(getBean(Saml2LogoutRequestRepository.class).removeLogoutRequest(any(), any())).willReturn(logoutRequest); given(getBean(Saml2LogoutResponseValidator.class).validate(any())) - .willReturn(Saml2LogoutValidatorResult.success()); + .willReturn(Saml2LogoutValidatorResult.success()); this.mvc.perform(get("/logout/saml2/slo").param("SAMLResponse", "samlResponse")).andReturn(); verify(getBean(Saml2LogoutResponseValidator.class)).validate(any()); } @@ -441,8 +488,11 @@ public class Saml2LogoutConfigurerTests { this.spring.register(Saml2LogoutComponentsConfig.class).autowire(); RelyingPartyRegistration registration = this.repository.findByRegistrationId("registration-id"); Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration) - .samlRequest(this.rpLogoutRequest).id(this.rpLogoutRequestId).relayState(this.rpLogoutRequestRelayState) - .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)).build(); + .samlRequest(this.rpLogoutRequest) + .id(this.rpLogoutRequestId) + .relayState(this.rpLogoutRequestRelayState) + .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)) + .build(); given(getBean(Saml2LogoutRequestResolver.class).resolve(any(), any())).willReturn(logoutRequest); this.mvc.perform(post("/logout").with(authentication(this.user)).with(csrf())); verify(getBean(Saml2LogoutRequestRepository.class)).saveLogoutRequest(eq(logoutRequest), any(), any()); @@ -452,7 +502,8 @@ public class Saml2LogoutConfigurerTests { public void saml2LogoutWhenLogoutGetThenLogsOutAndSendsLogoutRequest() throws Exception { this.spring.register(Saml2LogoutWithHttpGet.class).autowire(); MvcResult result = this.mvc.perform(get("/logout").with(authentication(this.user))) - .andExpect(status().isFound()).andReturn(); + .andExpect(status().isFound()) + .andReturn(); String location = result.getResponse().getHeader("Location"); LogoutHandler logoutHandler = this.spring.getContext().getBean(LogoutHandler.class); assertThat(location).startsWith("https://ap.example.org/logout/saml2/request"); @@ -465,7 +516,7 @@ public class Saml2LogoutConfigurerTests { Saml2DefaultsWithObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(Saml2DefaultsWithObjectPostProcessorConfig.class).autowire(); verify(Saml2DefaultsWithObjectPostProcessorConfig.objectPostProcessor) - .postProcess(any(Saml2LogoutRequestFilter.class)); + .postProcess(any(Saml2LogoutRequestFilter.class)); } @@ -475,7 +526,7 @@ public class Saml2LogoutConfigurerTests { Saml2DefaultsWithObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(Saml2DefaultsWithObjectPostProcessorConfig.class).autowire(); verify(Saml2DefaultsWithObjectPostProcessorConfig.objectPostProcessor) - .postProcess(any(Saml2LogoutResponseFilter.class)); + .postProcess(any(Saml2LogoutResponseFilter.class)); } @@ -485,7 +536,7 @@ public class Saml2LogoutConfigurerTests { Saml2DefaultsWithObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class); this.spring.register(Saml2DefaultsWithObjectPostProcessorConfig.class).autowire(); verify(Saml2DefaultsWithObjectPostProcessorConfig.objectPostProcessor, atLeastOnce()) - .postProcess(any(LogoutFilter.class)); + .postProcess(any(LogoutFilter.class)); } @@ -672,16 +723,18 @@ public class Saml2LogoutConfigurerTests { Saml2X509Credential signing = TestSaml2X509Credentials.assertingPartySigningCredential(); Saml2X509Credential verification = TestSaml2X509Credentials.relyingPartyVerifyingCredential(); RelyingPartyRegistration.Builder withCreds = TestRelyingPartyRegistrations.noCredentials() - .signingX509Credentials(credential(signing)) - .assertingPartyDetails((party) -> party.verificationX509Credentials(credential(verification))); + .signingX509Credentials(credential(signing)) + .assertingPartyDetails((party) -> party.verificationX509Credentials(credential(verification))); RelyingPartyRegistration post = withCreds.build(); RelyingPartyRegistration get = withCreds.registrationId("get") - .singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT).build(); - RelyingPartyRegistration ap = withCreds.registrationId("ap").entityId("ap-entity-id") - .assertingPartyDetails((party) -> party - .singleLogoutServiceLocation("https://rp.example.org/logout/saml2/request") + .singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT) + .build(); + RelyingPartyRegistration ap = withCreds.registrationId("ap") + .entityId("ap-entity-id") + .assertingPartyDetails( + (party) -> party.singleLogoutServiceLocation("https://rp.example.org/logout/saml2/request") .singleLogoutServiceResponseLocation("https://rp.example.org/logout/saml2/response")) - .build(); + .build(); return new InMemoryRelyingPartyRegistrationRepository(ap, get, post); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java index 32d753450f..0ca15c014d 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/TestSaml2Credentials.java @@ -68,7 +68,7 @@ public final class TestSaml2Credentials { try { final CertificateFactory factory = CertificateFactory.getInstance("X.509"); return (X509Certificate) factory - .generateCertificate(new ByteArrayInputStream(source.getBytes(StandardCharsets.UTF_8))); + .generateCertificate(new ByteArrayInputStream(source.getBytes(StandardCharsets.UTF_8))); } catch (Exception ex) { throw new IllegalArgumentException(ex); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java index de6b160340..797c804703 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java @@ -305,8 +305,10 @@ public class EnableWebFluxSecurityTests { @Test // gh-8596 public void resolveAuthenticationPrincipalArgumentResolverFirstDoesNotCauseBeanCurrentlyInCreationException() { - this.spring.register(EnableWebFluxSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, - DelegatingWebFluxConfiguration.class).autowire(); + this.spring + .register(EnableWebFluxSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, + DelegatingWebFluxConfiguration.class) + .autowire(); } @Test @@ -365,8 +367,10 @@ public class EnableWebFluxSecurityTests { @Order(Ordered.HIGHEST_PRECEDENCE) @Bean SecurityWebFilterChain apiHttpSecurity(ServerHttpSecurity http) { - http.securityMatcher(new PathPatternParserServerWebExchangeMatcher("/api/**")).authorizeExchange() - .anyExchange().denyAll(); + http.securityMatcher(new PathPatternParserServerWebExchangeMatcher("/api/**")) + .authorizeExchange() + .anyExchange() + .denyAll(); return http.build(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelectorTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelectorTests.java index d7e41bdc50..5b1fc2751a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelectorTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelectorTests.java @@ -78,7 +78,8 @@ public class ReactiveOAuth2ClientImportSelectorTests { ReactiveOAuth2AuthorizedClientManager authorizedClientManager = mock( ReactiveOAuth2AuthorizedClientManager.class); ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials() - .registrationId(clientRegistrationId).build(); + .registrationId(clientRegistrationId) + .build(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principalName, TestOAuth2AccessTokens.noScopes()); given(authorizedClientManager.authorize(any())).willReturn(Mono.just(authorizedClient)); @@ -107,14 +108,15 @@ public class ReactiveOAuth2ClientImportSelectorTests { ServerOAuth2AuthorizedClientRepository authorizedClientRepository = mock( ServerOAuth2AuthorizedClientRepository.class); ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials() - .registrationId(clientRegistrationId).build(); + .registrationId(clientRegistrationId) + .build(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, principalName, TestOAuth2AccessTokens.noScopes()); OAuth2AuthorizedClientManagerRegisteredConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository; OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_REPOSITORY = authorizedClientRepository; OAuth2AuthorizedClientManagerRegisteredConfig.AUTHORIZED_CLIENT_MANAGER = null; given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())) - .willReturn(Mono.just(authorizedClient)); + .willReturn(Mono.just(authorizedClient)); this.spring.register(OAuth2AuthorizedClientManagerRegisteredConfig.class).autowire(); // @formatter:off this.client diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java index d8922ad6c1..f52b299895 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java @@ -37,7 +37,7 @@ public final class ServerHttpSecurityConfigurationBuilder { public static ServerHttpSecurity httpWithDefaultAuthentication() { ReactiveUserDetailsService reactiveUserDetailsService = ReactiveAuthenticationTestConfiguration - .userDetailsService(); + .userDetailsService(); ReactiveAuthenticationManager authenticationManager = new UserDetailsRepositoryReactiveAuthenticationManager( reactiveUserDetailsService); return http().authenticationManager(authenticationManager); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java index c2674ad19d..5e6d4080dd 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java @@ -39,16 +39,20 @@ public class ServerHttpSecurityConfigurationTests { @Test public void loadConfigWhenReactiveUserDetailsServiceConfiguredThenServerHttpSecurityExists() { - this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, - WebFluxSecurityConfiguration.class).autowire(); + this.spring + .register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, + WebFluxSecurityConfiguration.class) + .autowire(); ServerHttpSecurity serverHttpSecurity = this.spring.getContext().getBean(ServerHttpSecurity.class); assertThat(serverHttpSecurity).isNotNull(); } @Test public void loadConfigWhenProxyingEnabledAndSubclassThenServerHttpSecurityExists() { - this.spring.register(SubclassConfig.class, ReactiveAuthenticationTestConfiguration.class, - WebFluxSecurityConfiguration.class).autowire(); + this.spring + .register(SubclassConfig.class, ReactiveAuthenticationTestConfiguration.class, + WebFluxSecurityConfiguration.class) + .autowire(); ServerHttpSecurity serverHttpSecurity = this.spring.getContext().getBean(ServerHttpSecurity.class); assertThat(serverHttpSecurity).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java index 3fb9548e4b..8893efcd33 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java @@ -39,16 +39,20 @@ public class WebFluxSecurityConfigurationTests { @Test public void loadConfigWhenReactiveUserDetailsServiceConfiguredThenWebFilterChainProxyExists() { - this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, - WebFluxSecurityConfiguration.class).autowire(); + this.spring + .register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, + WebFluxSecurityConfiguration.class) + .autowire(); WebFilterChainProxy webFilterChainProxy = this.spring.getContext().getBean(WebFilterChainProxy.class); assertThat(webFilterChainProxy).isNotNull(); } @Test public void loadConfigWhenBeanProxyingEnabledAndSubclassThenWebFilterChainProxyExists() { - this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, - WebFluxSecurityConfigurationTests.SubclassConfig.class).autowire(); + this.spring + .register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, + WebFluxSecurityConfigurationTests.SubclassConfig.class) + .autowire(); WebFilterChainProxy webFilterChainProxy = this.spring.getContext().getBean(WebFilterChainProxy.class); assertThat(webFilterChainProxy).isNotNull(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java index adbfd09e76..7b2afc4652 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerDocTests.java @@ -76,8 +76,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests { loadConfig(WebSocketSecurityConfig.class); clientInboundChannel().send(message("/user/queue/errors", SimpMessageType.SUBSCRIBE)); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/denyAll", SimpMessageType.MESSAGE))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/denyAll", SimpMessageType.MESSAGE))) + .withCauseInstanceOf(AccessDeniedException.class); } private void loadConfig(Class... configs) { @@ -124,15 +124,21 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerDocTests { @Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { - messages.nullDestMatcher().authenticated() - // <1> - .simpSubscribeDestMatchers("/user/queue/errors").permitAll() - // <2> - .simpDestMatchers("/app/**").hasRole("USER") - // <3> - .simpSubscribeDestMatchers("/user/**", "/topic/friends/*").hasRole("USER") // <4> - .simpTypeMatchers(SimpMessageType.MESSAGE, SimpMessageType.SUBSCRIBE).denyAll() // <5> - .anyMessage().denyAll(); // <6> + messages.nullDestMatcher() + .authenticated() + // <1> + .simpSubscribeDestMatchers("/user/queue/errors") + .permitAll() + // <2> + .simpDestMatchers("/app/**") + .hasRole("USER") + // <3> + .simpSubscribeDestMatchers("/user/**", "/topic/friends/*") + .hasRole("USER") // <4> + .simpTypeMatchers(SimpMessageType.MESSAGE, SimpMessageType.SUBSCRIBE) + .denyAll() // <5> + .anyMessage() + .denyAll(); // <6> } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java index 2286ff6f60..1205f74b35 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurerTests.java @@ -111,8 +111,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { loadConfig(SockJsSecurityConfig.class); clientInboundChannel().send(message("/permitAll")); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/denyAll"))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/denyAll"))) + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -137,7 +137,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { Message message = message("/permitAll/authentication"); messageChannel.send(message); assertThat(this.context.getBean(MyController.class).authenticationPrincipal) - .isEqualTo((String) this.messageUser.getPrincipal()); + .isEqualTo((String) this.messageUser.getPrincipal()); } @Test @@ -147,7 +147,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { Message message = message("/permitAll/authentication"); messageChannel.send(message); assertThat(this.context.getBean(MyController.class).authenticationPrincipal) - .isEqualTo((String) this.messageUser.getPrincipal()); + .isEqualTo((String) this.messageUser.getPrincipal()); } @Test @@ -157,7 +157,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { Message message = message(headers, "/authentication"); MessageChannel messageChannel = clientInboundChannel(); assertThatExceptionOfType(MessageDeliveryException.class).isThrownBy(() -> messageChannel.send(message)) - .withCauseInstanceOf(MissingCsrfTokenException.class); + .withCauseInstanceOf(MissingCsrfTokenException.class); } @Test @@ -167,7 +167,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { Message message = message(headers, "/authentication"); MessageChannel messageChannel = clientInboundChannel(); assertThatExceptionOfType(MessageDeliveryException.class).isThrownBy(() -> messageChannel.send(message)) - .withCauseInstanceOf(MissingCsrfTokenException.class); + .withCauseInstanceOf(MissingCsrfTokenException.class); } @Test @@ -225,8 +225,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { loadConfig(MsmsRegistryCustomPatternMatcherConfig.class); clientInboundChannel().send(message("/app/a.b")); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/app/a.b.c"))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/app/a.b.c"))) + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -234,8 +234,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { loadConfig(OverrideMsmsRegistryCustomPatternMatcherConfig.class); clientInboundChannel().send(message("/app/a/b")); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/app/a/b/c"))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/app/a/b/c"))) + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -243,8 +243,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { loadConfig(DefaultPatternMatcherConfig.class); clientInboundChannel().send(message("/app/a/b")); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/app/a/b/c"))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/app/a/b/c"))) + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -253,8 +253,8 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { clientInboundChannel().send(message("/denyRob")); this.messageUser = new TestingAuthenticationToken("rob", "password", "ROLE_USER"); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/denyRob"))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/denyRob"))) + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -262,7 +262,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { loadConfig(SockJsProxylessSecurityConfig.class); ChannelSecurityInterceptor channelSecurityInterceptor = this.context.getBean(ChannelSecurityInterceptor.class); MessageSecurityMetadataSource messageSecurityMetadataSource = this.context - .getBean(MessageSecurityMetadataSource.class); + .getBean(MessageSecurityMetadataSource.class); assertThat(channelSecurityInterceptor.obtainSecurityMetadataSource()).isSameAs(messageSecurityMetadataSource); } @@ -271,9 +271,9 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { loadConfig(SockJsProxylessSecurityConfig.class); MessageChannel messageChannel = clientInboundChannel(); SecurityContextChannelInterceptor securityContextChannelInterceptor = this.context - .getBean(SecurityContextChannelInterceptor.class); + .getBean(SecurityContextChannelInterceptor.class); assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()) - .contains(securityContextChannelInterceptor); + .contains(securityContextChannelInterceptor); } @Test @@ -288,7 +288,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { TestHandshakeHandler handshakeHandler = this.context.getBean(TestHandshakeHandler.class); assertThatCsrfToken(handshakeHandler.attributes.get(CsrfToken.class.getName())).isEqualTo(this.token); assertThat(handshakeHandler.attributes.get(this.sessionAttr)) - .isEqualTo(request.getSession().getAttribute(this.sessionAttr)); + .isEqualTo(request.getSession().getAttribute(this.sessionAttr)); } private HttpRequestHandler handler(HttpServletRequest request) throws Exception { @@ -547,7 +547,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests { // work around SPR-12716 SockJsWebSocketHandler sockJs = (SockJsWebSocketHandler) wsHandler; WebSocketServerSockJsSession session = (WebSocketServerSockJsSession) ReflectionTestUtils - .getField(sockJs, "sockJsSession"); + .getField(sockJs, "sockJsSession"); this.attributes = session.getAttributes(); } return true; diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationDocTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationDocTests.java index 54372a3a56..b5c3935d2d 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationDocTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationDocTests.java @@ -77,8 +77,8 @@ public class WebSocketMessageBrokerSecurityConfigurationDocTests { loadConfig(WebSocketSecurityConfig.class); clientInboundChannel().send(message("/user/queue/errors", SimpMessageType.SUBSCRIBE)); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/denyAll", SimpMessageType.MESSAGE))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/denyAll", SimpMessageType.MESSAGE))) + .withCauseInstanceOf(AccessDeniedException.class); } private void loadConfig(Class... configs) { @@ -127,15 +127,21 @@ public class WebSocketMessageBrokerSecurityConfigurationDocTests { @Bean AuthorizationManager> authorizationManager( MessageMatcherDelegatingAuthorizationManager.Builder messages) { - messages.nullDestMatcher().authenticated() - // <1> - .simpSubscribeDestMatchers("/user/queue/errors").permitAll() - // <2> - .simpDestMatchers("/app/**").hasRole("USER") - // <3> - .simpSubscribeDestMatchers("/user/**", "/topic/friends/*").hasRole("USER") // <4> - .simpTypeMatchers(SimpMessageType.MESSAGE, SimpMessageType.SUBSCRIBE).denyAll() // <5> - .anyMessage().denyAll(); // <6> + messages.nullDestMatcher() + .authenticated() + // <1> + .simpSubscribeDestMatchers("/user/queue/errors") + .permitAll() + // <2> + .simpDestMatchers("/app/**") + .hasRole("USER") + // <3> + .simpSubscribeDestMatchers("/user/**", "/topic/friends/*") + .hasRole("USER") // <4> + .simpTypeMatchers(SimpMessageType.MESSAGE, SimpMessageType.SUBSCRIBE) + .denyAll() // <5> + .anyMessage() + .denyAll(); // <6> return messages.build(); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java index 6977207218..a872d6246a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java @@ -124,8 +124,8 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { loadConfig(SockJsSecurityConfig.class); clientInboundChannel().send(message("/permitAll")); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/denyAll"))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/denyAll"))) + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -150,7 +150,7 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { Message message = message("/permitAll/authentication"); messageChannel.send(message); assertThat(this.context.getBean(MyController.class).authenticationPrincipal) - .isEqualTo((String) this.messageUser.getPrincipal()); + .isEqualTo((String) this.messageUser.getPrincipal()); } @Test @@ -160,7 +160,7 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { Message message = message("/permitAll/authentication"); messageChannel.send(message); assertThat(this.context.getBean(MyController.class).authenticationPrincipal) - .isEqualTo((String) this.messageUser.getPrincipal()); + .isEqualTo((String) this.messageUser.getPrincipal()); } @Test @@ -170,7 +170,7 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { Message message = message(headers, "/authentication"); MessageChannel messageChannel = clientInboundChannel(); assertThatExceptionOfType(MessageDeliveryException.class).isThrownBy(() -> messageChannel.send(message)) - .withCauseInstanceOf(MissingCsrfTokenException.class); + .withCauseInstanceOf(MissingCsrfTokenException.class); } @Test @@ -180,7 +180,7 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { Message message = message(headers, "/authentication"); MessageChannel messageChannel = clientInboundChannel(); assertThatExceptionOfType(MessageDeliveryException.class).isThrownBy(() -> messageChannel.send(message)) - .withCauseInstanceOf(MissingCsrfTokenException.class); + .withCauseInstanceOf(MissingCsrfTokenException.class); } @Test @@ -198,7 +198,9 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { loadConfig(SockJsProxylessSecurityConfig.class); MessageChannel messageChannel = clientInboundChannel(); Stream> interceptors = ((AbstractMessageChannel) messageChannel) - .getInterceptors().stream().map(ChannelInterceptor::getClass); + .getInterceptors() + .stream() + .map(ChannelInterceptor::getClass); assertThat(interceptors).contains(CsrfChannelInterceptor.class); } @@ -252,8 +254,8 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { loadConfig(MsmsRegistryCustomPatternMatcherConfig.class); clientInboundChannel().send(message("/app/a.b")); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/app/a.b.c"))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/app/a.b.c"))) + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -261,8 +263,8 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { loadConfig(OverrideMsmsRegistryCustomPatternMatcherConfig.class); clientInboundChannel().send(message("/app/a/b")); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/app/a/b/c"))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/app/a/b/c"))) + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -270,8 +272,8 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { loadConfig(DefaultPatternMatcherConfig.class); clientInboundChannel().send(message("/app/a/b")); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/app/a/b/c"))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/app/a/b/c"))) + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -280,8 +282,8 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { clientInboundChannel().send(message("/denyRob")); this.messageUser = new TestingAuthenticationToken("rob", "password", "ROLE_USER"); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/denyRob"))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/denyRob"))) + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -292,7 +294,7 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { for (ChannelInterceptor interceptor : messageChannel.getInterceptors()) { if (interceptor instanceof AuthorizationChannelInterceptor) { assertThat(ReflectionTestUtils.getField(interceptor, "preSendAuthorizationManager")) - .isSameAs(authorizationManager); + .isSameAs(authorizationManager); return; } } @@ -304,7 +306,9 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { loadConfig(SockJsProxylessSecurityConfig.class); MessageChannel messageChannel = clientInboundChannel(); Stream> interceptors = ((AbstractMessageChannel) messageChannel) - .getInterceptors().stream().map(ChannelInterceptor::getClass); + .getInterceptors() + .stream() + .map(ChannelInterceptor::getClass); assertThat(interceptors).contains(SecurityContextChannelInterceptor.class); } @@ -313,7 +317,9 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { loadConfig(SockJsProxylessSecurityConfig.class); MessageChannel messageChannel = clientInboundChannel(); Stream> interceptors = ((AbstractMessageChannel) messageChannel) - .getInterceptors().stream().map(ChannelInterceptor::getClass); + .getInterceptors() + .stream() + .map(ChannelInterceptor::getClass); assertThat(interceptors).contains(AuthorizationChannelInterceptor.class); } @@ -323,8 +329,8 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { this.messageUser = new RememberMeAuthenticationToken("key", "user", AuthorityUtils.createAuthorityList("ROLE_USER")); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/fullyAuthenticated"))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/fullyAuthenticated"))) + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -338,8 +344,8 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { loadConfig(WebSocketSecurityConfig.class); this.messageUser = null; assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/rememberMe"))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/rememberMe"))) + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -362,8 +368,8 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { public void sendMessageWhenAnonymousConfiguredAndLoggedInUserThenAccessDeniedException() { loadConfig(WebSocketSecurityConfig.class); assertThatExceptionOfType(MessageDeliveryException.class) - .isThrownBy(() -> clientInboundChannel().send(message("/anonymous"))) - .withCauseInstanceOf(AccessDeniedException.class); + .isThrownBy(() -> clientInboundChannel().send(message("/anonymous"))) + .withCauseInstanceOf(AccessDeniedException.class); } @@ -371,7 +377,7 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { TestHandshakeHandler handshakeHandler = this.context.getBean(TestHandshakeHandler.class); assertThatCsrfToken(handshakeHandler.attributes.get(CsrfToken.class.getName())).isEqualTo(this.token); assertThat(handshakeHandler.attributes.get(this.sessionAttr)) - .isEqualTo(request.getSession().getAttribute(this.sessionAttr)); + .isEqualTo(request.getSession().getAttribute(this.sessionAttr)); } private HttpRequestHandler handler(HttpServletRequest request) throws Exception { @@ -630,7 +636,7 @@ public class WebSocketMessageBrokerSecurityConfigurationTests { // work around SPR-12716 SockJsWebSocketHandler sockJs = (SockJsWebSocketHandler) wsHandler; WebSocketServerSockJsSession session = (WebSocketServerSockJsSession) ReflectionTestUtils - .getField(sockJs, "sockJsSession"); + .getField(sockJs, "sockJsSession"); this.attributes = session.getAttributes(); } return true; diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java index 5f71fabd98..d08055ae33 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java @@ -72,7 +72,7 @@ public class AuthenticationConfigurationGh3935Tests { AuthenticationManager authenticationManager = this.adapter.authenticationManager; assertThat(authenticationManager).isNotNull(); Authentication auth = authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated(username, password)); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated(username, password)); verify(this.uds).loadUserByUsername(username); assertThat(auth.getPrincipal()).isEqualTo(PasswordEncodedUser.user()); } diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java index ebdb8ee9dd..f803961cd4 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java @@ -124,7 +124,8 @@ public class AuthenticationManagerBeanDefinitionParserTests { @Test public void clearCredentialsPropertyIsRespected() { ConfigurableApplicationContext appContext = this.spring - .context("").getContext(); + .context("") + .getContext(); ProviderManager pm = (ProviderManager) appContext.getBeansOfType(ProviderManager.class).values().toArray()[0]; assertThat(pm.isEraseCredentialsAfterAuthentication()).isFalse(); } diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java index eccb380c6b..17d238bace 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java @@ -161,7 +161,7 @@ public class AuthenticationProviderBeanDefinitionParserTests { private AuthenticationProvider getProvider() { List providers = ((ProviderManager) this.appContext - .getBean(BeanIds.AUTHENTICATION_MANAGER)).getProviders(); + .getBean(BeanIds.AUTHENTICATION_MANAGER)).getProviders(); return providers.get(0); } diff --git a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java index 6cd758bbc2..41395cd8b4 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java @@ -65,7 +65,7 @@ public class JdbcUserServiceBeanDefinitionParserTests { @Test public void beanNameIsCorrect() { assertThat(JdbcUserDetailsManager.class.getName()) - .isEqualTo(new JdbcUserServiceBeanDefinitionParser().getBeanClassName(mock(Element.class))); + .isEqualTo(new JdbcUserServiceBeanDefinitionParser().getBeanClassName(mock(Element.class))); } @Test @@ -112,7 +112,7 @@ public class JdbcUserServiceBeanDefinitionParserTests { setContext("" + DATA_SOURCE + USER_CACHE_XML); CachingUserDetailsService cachingUserService = (CachingUserDetailsService) this.appContext - .getBean("myUserService" + AbstractUserDetailsServiceBeanDefinitionParser.CACHING_SUFFIX); + .getBean("myUserService" + AbstractUserDetailsServiceBeanDefinitionParser.CACHING_SUFFIX); assertThat(this.appContext.getBean("userCache")).isSameAs(cachingUserService.getUserCache()); assertThat(cachingUserService.loadUserByUsername("rod")).isNotNull(); assertThat(cachingUserService.loadUserByUsername("rod")).isNotNull(); @@ -148,7 +148,7 @@ public class JdbcUserServiceBeanDefinitionParserTests { assertThat(this.appContext.getBean("userCache")).isSameAs(provider.getUserCache()); provider.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("rod", "koala")); assertThat(provider.getUserCache().getUserFromCache("rod")).isNotNull() - .withFailMessage("Cache should contain user after authentication"); + .withFailMessage("Cache should contain user after authentication"); } @Test diff --git a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java index 24e043ae9f..e398da801d 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/PasswordEncoderParserTests.java @@ -44,7 +44,8 @@ public class PasswordEncoderParserTests { public void passwordEncoderDefaultsToDelegatingPasswordEncoder() throws Exception { this.spring.configLocations( "classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-default.xml") - .mockMvcAfterSpringSecurityOk().autowire(); + .mockMvcAfterSpringSecurityOk() + .autowire(); // @formatter:off this.mockMvc.perform(get("/").with(httpBasic("user", "password"))) .andExpect(status().isOk()); @@ -53,9 +54,11 @@ public class PasswordEncoderParserTests { @Test public void passwordEncoderDefaultsToPasswordEncoderBean() throws Exception { - this.spring.configLocations( - "classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-bean.xml") - .mockMvcAfterSpringSecurityOk().autowire(); + this.spring + .configLocations( + "classpath:org/springframework/security/config/authentication/PasswordEncoderParserTests-bean.xml") + .mockMvcAfterSpringSecurityOk() + .autowire(); // @formatter:off this.mockMvc.perform(get("/").with(httpBasic("user", "password"))) .andExpect(status().isOk()); diff --git a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java index 3240058897..e621885922 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/UserServiceBeanDefinitionParserTests.java @@ -102,9 +102,9 @@ public class UserServiceBeanDefinitionParserTests { // @formatter:on UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service"); assertThat(userService.loadUserByUsername("https://joe.myopenid.com/").getUsername()) - .isEqualTo("https://joe.myopenid.com/"); + .isEqualTo("https://joe.myopenid.com/"); assertThat(userService.loadUserByUsername("https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9") - .getUsername()).isEqualTo("https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9"); + .getUsername()).isEqualTo("https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9"); } @Test @@ -143,8 +143,8 @@ public class UserServiceBeanDefinitionParserTests { @Test public void userServiceWithMissingPropertiesFileThrowsException() { - assertThatExceptionOfType(FatalBeanException.class).isThrownBy( - () -> setContext("")); + assertThatExceptionOfType(FatalBeanException.class) + .isThrownBy(() -> setContext("")); } private void setContext(String context) { diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java index e90098d447..6439e16c48 100644 --- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java +++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java @@ -85,8 +85,8 @@ public class GrantedAuthorityDefaultsJcTests { @Test public void doFilter() throws Exception { SecurityContext context = SecurityContextHolder.getContext(); - this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, - context); + this.request.getSession() + .setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -95,8 +95,8 @@ public class GrantedAuthorityDefaultsJcTests { public void doFilterDenied() throws Exception { setup("DENIED"); SecurityContext context = SecurityContextHolder.getContext(); - this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, - context); + this.request.getSession() + .setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -127,8 +127,8 @@ public class GrantedAuthorityDefaultsJcTests { @Test public void doFilterIsUserInRole() throws Exception { SecurityContext context = SecurityContextHolder.getContext(); - this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, - context); + this.request.getSession() + .setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); this.chain = new MockFilterChain() { @Override public void doFilter(ServletRequest request, ServletResponse response) diff --git a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java index 8fb04ed1d5..770286d208 100644 --- a/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java +++ b/config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsXmlTests.java @@ -78,8 +78,8 @@ public class GrantedAuthorityDefaultsXmlTests { @Test public void doFilter() throws Exception { SecurityContext context = SecurityContextHolder.getContext(); - this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, - context); + this.request.getSession() + .setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); } @@ -88,8 +88,8 @@ public class GrantedAuthorityDefaultsXmlTests { public void doFilterDenied() throws Exception { setup("DENIED"); SecurityContext context = SecurityContextHolder.getContext(); - this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, - context); + this.request.getSession() + .setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); } @@ -120,8 +120,8 @@ public class GrantedAuthorityDefaultsXmlTests { @Test public void doFilterIsUserInRole() throws Exception { SecurityContext context = SecurityContextHolder.getContext(); - this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, - context); + this.request.getSession() + .setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); this.chain = new MockFilterChain() { @Override public void doFilter(ServletRequest request, ServletResponse response) diff --git a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java index cdf9dd7023..d8dd2f5f45 100644 --- a/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java +++ b/config/src/test/java/org/springframework/security/config/core/userdetails/ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java @@ -49,7 +49,7 @@ public class ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITes @Bean ReactiveUserDetailsServiceResourceFactoryBean userDetailsService() { return ReactiveUserDetailsServiceResourceFactoryBean - .fromResource(new InMemoryResource("user=password,ROLE_USER")); + .fromResource(new InMemoryResource("user=password,ROLE_USER")); } } diff --git a/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java b/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java index 20b49e40c6..5d3cc68ee2 100644 --- a/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java +++ b/config/src/test/java/org/springframework/security/config/crypto/RsaKeyConversionServicePostProcessorTests.java @@ -135,9 +135,10 @@ public class RsaKeyConversionServicePostProcessorTests { @Test public void valueWhenOverridingConversionServiceThenUsed() { - assertThatExceptionOfType(Exception.class).isThrownBy( - () -> this.spring.register(OverrideConversionServiceConfig.class, DefaultConfig.class).autowire()) - .withRootCauseInstanceOf(IllegalArgumentException.class); + assertThatExceptionOfType(Exception.class) + .isThrownBy( + () -> this.spring.register(OverrideConversionServiceConfig.class, DefaultConfig.class).autowire()) + .withRootCauseInstanceOf(IllegalArgumentException.class); } @EnableWebSecurity @@ -151,7 +152,7 @@ public class RsaKeyConversionServicePostProcessorTests { @Bean BeanFactoryPostProcessor conversionServiceCustomizer() { return (beanFactory) -> beanFactory.getBean(RsaKeyConversionServicePostProcessor.class) - .setResourceLoader(new CustomResourceLoader()); + .setResourceLoader(new CustomResourceLoader()); } } diff --git a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java index 1ec01204ae..1c90563d5e 100644 --- a/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java +++ b/config/src/test/java/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests.java @@ -41,9 +41,9 @@ public class SecurityDebugBeanFactoryPostProcessorTests { // SEC-1885 this.spring.configLocations( "classpath:org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests-context.xml") - .autowire(); + .autowire(); assertThat(this.spring.getContext().getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN)) - .isInstanceOf(DebugFilter.class); + .isInstanceOf(DebugFilter.class); assertThat(this.spring.getContext().getBean(BeanIds.FILTER_CHAIN_PROXY)).isInstanceOf(FilterChainProxy.class); } diff --git a/config/src/test/java/org/springframework/security/config/doc/Element.java b/config/src/test/java/org/springframework/security/config/doc/Element.java index 365bcfb5b9..d981b85561 100644 --- a/config/src/test/java/org/springframework/security/config/doc/Element.java +++ b/config/src/test/java/org/springframework/security/config/doc/Element.java @@ -146,7 +146,7 @@ public class Element { public Map getAllChildElmts() { Map result = new HashMap<>(); this.childElmts.values() - .forEach((elmt) -> elmt.subGrps.forEach((subElmt) -> result.put(subElmt.name, subElmt))); + .forEach((elmt) -> elmt.subGrps.forEach((subElmt) -> result.put(subElmt.name, subElmt))); result.putAll(this.childElmts); return result; } @@ -154,7 +154,7 @@ public class Element { public Map getAllParentElmts() { Map result = new HashMap<>(); this.parentElmts.values() - .forEach((elmt) -> elmt.subGrps.forEach((subElmt) -> result.put(subElmt.name, subElmt))); + .forEach((elmt) -> elmt.subGrps.forEach((subElmt) -> result.put(subElmt.name, subElmt))); result.putAll(this.parentElmts); return result; } diff --git a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java index c58904745d..4cd696f468 100644 --- a/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java +++ b/config/src/test/java/org/springframework/security/config/doc/SpringSecurityXsdParser.java @@ -158,8 +158,10 @@ public class SpringSecurityXsdParser { * @return */ private String desc(XmlNode element) { - return element.child("annotation").flatMap((annotation) -> annotation.child("documentation")) - .map((documentation) -> documentation.text()).orElse(null); + return element.child("annotation") + .flatMap((annotation) -> annotation.child("documentation")) + .map((documentation) -> documentation.text()) + .orElse(null); } /** diff --git a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java index 72eed811d0..49696f1b28 100644 --- a/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java +++ b/config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java @@ -151,7 +151,7 @@ public class XsdDocumentedTests { .list((dir, name) -> name.endsWith(".xsd")); // @formatter:on assertThat(schemas.length).isEqualTo(21) - .withFailMessage("the count is equal to 21, if not then schemaDocument needs updating"); + .withFailMessage("the count is equal to 21, if not then schemaDocument needs updating"); } /** @@ -257,11 +257,11 @@ public class XsdDocumentedTests { } }); assertThat(docAttrNameToChildren) - .describedAs(toString(docAttrNameToChildren) + "\n!=\n\n" + toString(schemaAttrNameToChildren)) - .containsExactlyInAnyOrderEntriesOf(schemaAttrNameToChildren); + .describedAs(toString(docAttrNameToChildren) + "\n!=\n\n" + toString(schemaAttrNameToChildren)) + .containsExactlyInAnyOrderEntriesOf(schemaAttrNameToChildren); assertThat(docAttrNameToParents) - .describedAs(toString(docAttrNameToParents) + "\n!=\n\n" + toString(schemaAttrNameToParents)) - .containsExactlyInAnyOrderEntriesOf(schemaAttrNameToParents); + .describedAs(toString(docAttrNameToParents) + "\n!=\n\n" + toString(schemaAttrNameToParents)) + .containsExactlyInAnyOrderEntriesOf(schemaAttrNameToParents); } private String toString(Map map) { diff --git a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java index 3a831ac78a..825bb9f03a 100644 --- a/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/AccessDeniedConfigTests.java @@ -58,7 +58,7 @@ public class AccessDeniedConfigTests { public void configureWhenAccessDeniedHandlerIsMissingLeadingSlashThenException() { SpringTestContext context = this.spring.configLocations(this.xml("NoLeadingSlash")); assertThatExceptionOfType(BeanCreationException.class).isThrownBy(() -> context.autowire()) - .withMessageContaining("errorPage must begin with '/'"); + .withMessageContaining("errorPage must begin with '/'"); } @Test @@ -72,7 +72,7 @@ public class AccessDeniedConfigTests { public void configureWhenAccessDeniedHandlerUsesPathAndRefThenException() { SpringTestContext context = this.spring.configLocations(this.xml("UsesPathAndRef")); assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(() -> context.autowire()) - .withMessageContaining("attribute error-page cannot be used together with the 'ref' attribute"); + .withMessageContaining("attribute error-page cannot be used together with the 'ref' attribute"); } private String xml(String configName) { diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java index 1b12b3e28c..3ae881c19e 100644 --- a/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/CsrfConfigTests.java @@ -285,7 +285,7 @@ public class CsrfConfigTests { @Test public void postWhenUsingCsrfAndCustomAccessDeniedHandlerThenTheHandlerIsAppropriatelyEngaged() throws Exception { this.spring.configLocations(this.xml("WithAccessDeniedHandler"), this.xml("shared-access-denied-handler")) - .autowire(); + .autowire(); // @formatter:off this.mvc.perform(post("/ok")) .andExpect(status().isIAmATeapot()); @@ -304,7 +304,7 @@ public class CsrfConfigTests { @Test public void postWhenUsingCsrfAndXorCsrfTokenRequestAttributeHandlerThenOk() throws Exception { this.spring.configLocations(this.xml("WithXorCsrfTokenRequestAttributeHandler"), this.xml("shared-controllers")) - .autowire(); + .autowire(); // @formatter:off MvcResult mvcResult = this.mvc.perform(get("/ok")) .andExpect(status().isOk()) @@ -320,7 +320,7 @@ public class CsrfConfigTests { @Test public void postWhenUsingCsrfAndXorCsrfTokenRequestAttributeHandlerWithRawTokenThenForbidden() throws Exception { this.spring.configLocations(this.xml("WithXorCsrfTokenRequestAttributeHandler"), this.xml("shared-controllers")) - .autowire(); + .autowire(); // @formatter:off MvcResult mvcResult = this.mvc.perform(get("/csrf")) .andExpect(status().isOk()) @@ -342,7 +342,8 @@ public class CsrfConfigTests { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); // simulates a request that has no authentication (e.g. session time-out) MvcResult result = this.mvc.perform(post("/authenticated").with(csrf())) - .andExpect(redirectedUrl("http://localhost/login")).andReturn(); + .andExpect(redirectedUrl("http://localhost/login")) + .andReturn(); MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); // if the request cache is consulted, then it will redirect back to /some-url, // which we don't want @@ -362,8 +363,9 @@ public class CsrfConfigTests { throws Exception { this.spring.configLocations(this.xml("CsrfEnabled")).autowire(); // simulates a request that has no authentication (e.g. session time-out) - MvcResult result = this.mvc.perform(get("/authenticated")).andExpect(redirectedUrl("http://localhost/login")) - .andReturn(); + MvcResult result = this.mvc.perform(get("/authenticated")) + .andExpect(redirectedUrl("http://localhost/login")) + .andReturn(); MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); // if the request cache is consulted, then it will redirect back to /some-url, // which we do want @@ -510,7 +512,7 @@ public class CsrfConfigTests { assertThat(first).isNotNull(); assertThat(second).isNotNull(); assertThat(first.getResponse().getContentAsString()) - .isNotEqualTo(second.getResponse().getContentAsString()); + .isNotEqualTo(second.getResponse().getContentAsString()); }; } @@ -537,8 +539,9 @@ public class CsrfConfigTests { return csrfInBody(token); } - @RequestMapping(value = "/csrf", method = { RequestMethod.POST, RequestMethod.PUT, RequestMethod.PATCH, - RequestMethod.DELETE, RequestMethod.GET }) + @RequestMapping(value = "/csrf", + method = { RequestMethod.POST, RequestMethod.PUT, RequestMethod.PATCH, RequestMethod.DELETE, + RequestMethod.GET }) @ResponseBody String csrfInBody(CsrfToken token) { return token.getToken(); diff --git a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java index 06e1259bb5..99955a6de7 100644 --- a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java +++ b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java @@ -103,8 +103,8 @@ public class DefaultFilterChainValidatorTests { @Test public void validateCheckLoginPageIsntProtectedThrowsIllegalArgumentException() { IllegalArgumentException toBeThrown = new IllegalArgumentException("failed to eval expression"); - willThrow(toBeThrown).given(this.accessDecisionManager).decide(any(Authentication.class), any(), - any(Collection.class)); + willThrow(toBeThrown).given(this.accessDecisionManager) + .decide(any(Authentication.class), any(), any(Collection.class)); this.validator.validate(this.chain); verify(this.logger).info( "Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.", diff --git a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java index bdf66edd91..9b96350045 100644 --- a/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java @@ -67,7 +67,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests { + ""); // @formatter:on DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) this.appContext - .getBean("fids"); + .getBean("fids"); Collection cad = fids.getAttributes(createFilterInvocation("/anything", "GET")); assertThat(cad).contains(new SecurityConfig("ROLE_A")); } @@ -80,9 +80,9 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests { + ""); // @formatter:on ExpressionBasedFilterInvocationSecurityMetadataSource fids = (ExpressionBasedFilterInvocationSecurityMetadataSource) this.appContext - .getBean("fids"); + .getBean("fids"); ConfigAttribute[] cad = fids.getAttributes(createFilterInvocation("/anything", "GET")) - .toArray(new ConfigAttribute[0]); + .toArray(new ConfigAttribute[0]); assertThat(cad).hasSize(1); assertThat(cad[0].toString()).isEqualTo("hasRole('ROLE_A')"); } @@ -97,7 +97,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests { + " " + ""); DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) this.appContext - .getBean("fids"); + .getBean("fids"); Collection cad = fids.getAttributes(createFilterInvocation("/secure", "GET")); assertThat(cad).containsExactly(new SecurityConfig("ROLE_A")); } @@ -123,9 +123,9 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests { @Test public void parsingInterceptUrlServletPathFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> setContext("" - + " " - + "")); + .isThrownBy(() -> setContext("" + + " " + + "")); } private FilterInvocation createFilterInvocation(String path, String method) { diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java index 3ba5af80d8..39438aa806 100644 --- a/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/FormLoginConfigTests.java @@ -115,13 +115,13 @@ public class FormLoginConfigTests { @Test public void autowireWhenLoginPageIsMisconfiguredThenDetects() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashLoginPage")).autowire()); + .isThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashLoginPage")).autowire()); } @Test public void autowireWhenDefaultTargetUrlIsMisconfiguredThenDetects() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashDefaultTargetUrl")).autowire()); + .isThrownBy(() -> this.spring.configLocations(this.xml("NoLeadingSlashDefaultTargetUrl")).autowire()); } @Test @@ -147,7 +147,7 @@ public class FormLoginConfigTests { public void authenticateWhenCustomUsernameAndPasswordParametersThenSucceeds() throws Exception { this.spring.configLocations(this.xml("WithUsernameAndPasswordParameters")).autowire(); this.mvc.perform(post("/login").param("xname", "user").param("xpass", "password").with(csrf())) - .andExpect(redirectedUrl("/")); + .andExpect(redirectedUrl("/")); } @Test diff --git a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java index c0fa5f46b3..510981ea18 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java @@ -80,7 +80,7 @@ public class HttpConfigTests { public void getWhenUsingAuthorizationManagerThenRedirectsToLogin() throws Exception { this.spring.configLocations(this.xml("AuthorizationManager")).autowire(); AuthorizationManager authorizationManager = this.spring.getContext() - .getBean(AuthorizationManager.class); + .getBean(AuthorizationManager.class); given(authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false)); // @formatter:off this.mvc.perform(get("/")) diff --git a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java index 3e22b0194a..b27e7a001e 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpCorsConfigTests.java @@ -61,9 +61,9 @@ public class HttpCorsConfigTests { @Test public void autowireWhenMissingMvcThenGivesInformativeError() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("RequiresMvc")).autowire()) - .withMessageContaining( - "Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext"); + .isThrownBy(() -> this.spring.configLocations(this.xml("RequiresMvc")).autowire()) + .withMessageContaining( + "Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext"); } @Test diff --git a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java index 4008a07e03..735f69838a 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java @@ -117,8 +117,8 @@ public class HttpHeadersConfigTests { @Test public void configureWhenHeadersDisabledHavingChildElementThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("HeadersDisabledHavingChildElement")).autowire()) - .withMessageContaining("Cannot specify with child elements"); + .isThrownBy(() -> this.spring.configLocations(this.xml("HeadersDisabledHavingChildElement")).autowire()) + .withMessageContaining("Cannot specify with child elements"); } @Test @@ -254,18 +254,19 @@ public class HttpHeadersConfigTests { @Test public void configureWhenUsingFrameOptionsAllowFromNoOriginThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring - .configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromNoOrigin")).autowire()) - .withMessageContaining("Strategy requires a 'value' to be set."); + .isThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromNoOrigin")) + .autowire()) + .withMessageContaining("Strategy requires a 'value' to be set."); // FIXME better error message? } @Test public void configureWhenUsingFrameOptionsAllowFromBlankOriginThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring - .configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromBlankOrigin")).autowire()) - .withMessageContaining("Strategy requires a 'value' to be set."); + .isThrownBy( + () -> this.spring.configLocations(this.xml("DefaultsDisabledWithFrameOptionsAllowFromBlankOrigin")) + .autowire()) + .withMessageContaining("Strategy requires a 'value' to be set."); // FIXME better error message? } @@ -324,14 +325,14 @@ public class HttpHeadersConfigTests { @Test public void configureWhenUsingCustomHeaderNameOnlyThenAutowireFails() { - assertThatExceptionOfType(BeanCreationException.class).isThrownBy( - () -> this.spring.configLocations(this.xml("DefaultsDisabledWithOnlyHeaderName")).autowire()); + assertThatExceptionOfType(BeanCreationException.class) + .isThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithOnlyHeaderName")).autowire()); } @Test public void configureWhenUsingCustomHeaderValueOnlyThenAutowireFails() { - assertThatExceptionOfType(BeanCreationException.class).isThrownBy( - () -> this.spring.configLocations(this.xml("DefaultsDisabledWithOnlyHeaderValue")).autowire()); + assertThatExceptionOfType(BeanCreationException.class) + .isThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithOnlyHeaderValue")).autowire()); } @Test @@ -439,16 +440,19 @@ public class HttpHeadersConfigTests { @Test public void configureWhenXssProtectionDisabledAndBlockSetThenAutowireFails() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring - .configLocations(this.xml("DefaultsDisabledWithXssProtectionDisabledAndBlockSet")).autowire()) - .withMessageContaining("Cannot set block to true with enabled false"); + .isThrownBy( + () -> this.spring.configLocations(this.xml("DefaultsDisabledWithXssProtectionDisabledAndBlockSet")) + .autowire()) + .withMessageContaining("Cannot set block to true with enabled false"); } @Test public void requestWhenUsingCacheControlThenRespondsWithCorrespondingHeaders() throws Exception { Map includedHeaders = ImmutableMap.builder() - .put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate").put("Expires", "0") - .put("Pragma", "no-cache").build(); + .put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate") + .put("Expires", "0") + .put("Pragma", "no-cache") + .build(); this.spring.configLocations(this.xml("DefaultsDisabledWithCacheControl")).autowire(); // @formatter:off this.mvc.perform(get("/")) @@ -496,15 +500,15 @@ public class HttpHeadersConfigTests { @Test public void configureWhenUsingHpkpWithoutPinsThenAutowireFails() { assertThatExceptionOfType(XmlBeanDefinitionStoreException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithEmptyHpkp")).autowire()) - .withMessageContaining("The content of element 'hpkp' is not complete"); + .isThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithEmptyHpkp")).autowire()) + .withMessageContaining("The content of element 'hpkp' is not complete"); } @Test public void configureWhenUsingHpkpWithEmptyPinsThenAutowireFails() { assertThatExceptionOfType(XmlBeanDefinitionStoreException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithEmptyPins")).autowire()) - .withMessageContaining("The content of element 'pins' is not complete"); + .isThrownBy(() -> this.spring.configLocations(this.xml("DefaultsDisabledWithEmptyPins")).autowire()) + .withMessageContaining("The content of element 'pins' is not complete"); } @Test @@ -667,54 +671,52 @@ public class HttpHeadersConfigTests { @Test public void configureWhenHstsDisabledAndIncludeSubdomainsSpecifiedThenAutowireFails() { - assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy( - () -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingIncludeSubdomains")).autowire()) - .withMessageContaining("include-subdomains"); + assertThatExceptionOfType(BeanDefinitionParsingException.class) + .isThrownBy( + () -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingIncludeSubdomains")).autowire()) + .withMessageContaining("include-subdomains"); } @Test public void configureWhenHstsDisabledAndMaxAgeSpecifiedThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingMaxAge")).autowire()) - .withMessageContaining("max-age"); + .isThrownBy(() -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingMaxAge")).autowire()) + .withMessageContaining("max-age"); } @Test public void configureWhenHstsDisabledAndRequestMatcherSpecifiedThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy( - () -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingRequestMatcher")).autowire()) - .withMessageContaining("request-matcher-ref"); + .isThrownBy(() -> this.spring.configLocations(this.xml("HstsDisabledSpecifyingRequestMatcher")).autowire()) + .withMessageContaining("request-matcher-ref"); } @Test public void configureWhenXssProtectionDisabledAndEnabledThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("XssProtectionDisabledAndEnabled")).autowire()) - .withMessageContaining("enabled"); + .isThrownBy(() -> this.spring.configLocations(this.xml("XssProtectionDisabledAndEnabled")).autowire()) + .withMessageContaining("enabled"); } @Test public void configureWhenXssProtectionDisabledAndBlockSpecifiedThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy( - () -> this.spring.configLocations(this.xml("XssProtectionDisabledSpecifyingBlock")).autowire()) - .withMessageContaining("block"); + .isThrownBy(() -> this.spring.configLocations(this.xml("XssProtectionDisabledSpecifyingBlock")).autowire()) + .withMessageContaining("block"); } @Test public void configureWhenXssProtectionDisabledAndHeaderValueSpecifiedThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy( () -> this.spring.configLocations(this.xml("XssProtectionDisabledSpecifyingHeaderValue")).autowire()) - .withMessageContaining("header-value"); + .withMessageContaining("header-value"); } @Test public void configureWhenFrameOptionsDisabledAndPolicySpecifiedThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy( - () -> this.spring.configLocations(this.xml("FrameOptionsDisabledSpecifyingPolicy")).autowire()) - .withMessageContaining("policy"); + .isThrownBy(() -> this.spring.configLocations(this.xml("FrameOptionsDisabledSpecifyingPolicy")).autowire()) + .withMessageContaining("policy"); } @Test diff --git a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java index 462fa5dd38..3aed3931ff 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpInterceptUrlTests.java @@ -69,8 +69,9 @@ public class HttpInterceptUrlTests { this.context = context; context.getAutowireCapableBeanFactory().autowireBean(this); Filter springSecurityFilterChain = context.getBean("springSecurityFilterChain", Filter.class); - this.mockMvc = MockMvcBuilders.standaloneSetup(new FooController()).addFilters(springSecurityFilterChain) - .build(); + this.mockMvc = MockMvcBuilders.standaloneSetup(new FooController()) + .addFilters(springSecurityFilterChain) + .build(); } @RestController diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java index 58bda12967..606b0ca6a0 100644 --- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java @@ -331,7 +331,7 @@ public class InterceptUrlConfigTests { @Test public void configureWhenUsingAntMatcherAndServletPathThenThrowsException() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("AntMatcherServletPath")).autowire()); + .isThrownBy(() -> this.spring.configLocations(this.xml("AntMatcherServletPath")).autowire()); } @Test @@ -343,7 +343,7 @@ public class InterceptUrlConfigTests { @Test public void configureWhenUsingRegexMatcherAndServletPathThenThrowsException() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("RegexMatcherServletPath")).autowire()); + .isThrownBy(() -> this.spring.configLocations(this.xml("RegexMatcherServletPath")).autowire()); } @Test @@ -355,25 +355,27 @@ public class InterceptUrlConfigTests { @Test public void configureWhenUsingCiRegexMatcherAndServletPathThenThrowsException() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("CiRegexMatcherServletPath")).autowire()); + .isThrownBy(() -> this.spring.configLocations(this.xml("CiRegexMatcherServletPath")).autowire()); } @Test public void configureWhenUsingCiRegexMatcherAndServletPathAndAuthorizationManagerThenThrowsException() { - assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(() -> this.spring - .configLocations(this.xml("CiRegexMatcherServletPathAuthorizationManager")).autowire()); + assertThatExceptionOfType(BeanDefinitionParsingException.class) + .isThrownBy(() -> this.spring.configLocations(this.xml("CiRegexMatcherServletPathAuthorizationManager")) + .autowire()); } @Test public void configureWhenUsingDefaultMatcherAndServletPathThenThrowsException() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("DefaultMatcherServletPath")).autowire()); + .isThrownBy(() -> this.spring.configLocations(this.xml("DefaultMatcherServletPath")).autowire()); } @Test public void configureWhenUsingDefaultMatcherAndServletPathAndAuthorizationManagerThenThrowsException() { - assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(() -> this.spring - .configLocations(this.xml("DefaultMatcherServletPathAuthorizationManager")).autowire()); + assertThatExceptionOfType(BeanDefinitionParsingException.class) + .isThrownBy(() -> this.spring.configLocations(this.xml("DefaultMatcherServletPathAuthorizationManager")) + .autowire()); } @Test diff --git a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java index ecd3e6aad4..be7eaf5efd 100644 --- a/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java @@ -357,23 +357,22 @@ public class MiscHttpConfigTests { this.spring.configLocations(xml("CustomFilters")).autowire(); List filters = getFilters("/"); Class userFilterClass = this.spring.getContext().getBean("userFilter").getClass(); - assertThat(filters).extracting((Extractor>) (filter) -> filter.getClass()).containsSubsequence( - userFilterClass, userFilterClass, SecurityContextPersistenceFilter.class, LogoutFilter.class, - userFilterClass); + assertThat(filters).extracting((Extractor>) (filter) -> filter.getClass()) + .containsSubsequence(userFilterClass, userFilterClass, SecurityContextPersistenceFilter.class, + LogoutFilter.class, userFilterClass); } @Test public void configureWhenTwoFiltersWithSameOrderThenException() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("CollidingFilters")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("CollidingFilters")).autowire()); } @Test public void configureWhenUsingX509ThenAddsX509FilterCorrectly() { this.spring.configLocations(xml("X509")).autowire(); assertThat(getFilters("/")).extracting((Extractor>) (filter) -> filter.getClass()) - .containsSubsequence(CsrfFilter.class, X509AuthenticationFilter.class, - ExceptionTranslationFilter.class); + .containsSubsequence(CsrfFilter.class, X509AuthenticationFilter.class, ExceptionTranslationFilter.class); } @Test @@ -404,7 +403,7 @@ public class MiscHttpConfigTests { @Test public void configureWhenUsingInvalidLogoutSuccessUrlThenThrowsException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.configLocations(xml("InvalidLogoutSuccessUrl")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("InvalidLogoutSuccessUrl")).autowire()); } @Test @@ -452,7 +451,7 @@ public class MiscHttpConfigTests { public void configureWhenUsingCustomUserDetailsServiceThenBeanPostProcessorsAreStillApplied() { this.spring.configLocations(xml("Sec750")).autowire(); BeanNameCollectingPostProcessor postProcessor = this.spring.getContext() - .getBean(BeanNameCollectingPostProcessor.class); + .getBean(BeanNameCollectingPostProcessor.class); assertThat(postProcessor.getBeforeInitPostProcessedBeans()).contains("authenticationProvider", "userService"); assertThat(postProcessor.getAfterInitPostProcessedBeans()).contains("authenticationProvider", "userService"); } @@ -492,7 +491,7 @@ public class MiscHttpConfigTests { SecurityContextRepository repository = this.spring.getContext().getBean(SecurityContextRepository.class); SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "password")); given(repository.loadDeferredContext(any(HttpServletRequest.class))) - .willReturn(new TestDeferredSecurityContext(context, false)); + .willReturn(new TestDeferredSecurityContext(context, false)); // @formatter:off MvcResult result = this.mvc.perform(formLogin()) .andExpect(status().is3xxRedirection()) @@ -513,7 +512,7 @@ public class MiscHttpConfigTests { .andReturn(); // @formatter:on assertThat(repository.loadContext(new HttpRequestResponseHolder(result.getRequest(), result.getResponse())) - .getAuthentication()).isNotNull(); + .getAuthentication()).isNotNull(); } @Test @@ -534,7 +533,7 @@ public class MiscHttpConfigTests { this.spring.configLocations(xml("ExpressionHandler")).autowire(); PermissionEvaluator permissionEvaluator = this.spring.getContext().getBean(PermissionEvaluator.class); given(permissionEvaluator.hasPermission(any(Authentication.class), any(Object.class), any(Object.class))) - .willReturn(false); + .willReturn(false); // @formatter:off this.mvc.perform(get("/").with(userCredentials())) .andExpect(status().isForbidden()); @@ -728,7 +727,8 @@ public class MiscHttpConfigTests { .andExpect(content().string(details.getClass().getName())); // @formatter:on assertThat(ReflectionTestUtils.getField(getFilter(OpenIDAuthenticationFilter.class), - "authenticationDetailsSource")).isEqualTo(source); + "authenticationDetailsSource")) + .isEqualTo(source); } @Test @@ -859,7 +859,7 @@ public class MiscHttpConfigTests { assertThat(filters.next()).isInstanceOf(SessionManagementFilter.class); assertThat(filters.next()).isInstanceOf(ExceptionTranslationFilter.class); assertThat(filters.next()).isInstanceOf(FilterSecurityInterceptor.class) - .hasFieldOrPropertyWithValue("observeOncePerRequest", true); + .hasFieldOrPropertyWithValue("observeOncePerRequest", true); } private T getFilter(Class filterClass) { @@ -929,8 +929,10 @@ public class MiscHttpConfigTests { @GetMapping("/roles") String roles(Authentication authentication) { - return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority) - .collect(Collectors.joining(",")); + return authentication.getAuthorities() + .stream() + .map(GrantedAuthority::getAuthority) + .collect(Collectors.joining(",")); } @GetMapping("/details") diff --git a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java index 90599ed846..c59b198ebb 100644 --- a/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/MultiHttpBlockConfigTests.java @@ -70,15 +70,15 @@ public class MultiHttpBlockConfigTests { @Test public void configureWhenUsingDuplicateHttpElementsThenThrowsWiringException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("IdenticalHttpElements")).autowire()) - .withCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.configLocations(this.xml("IdenticalHttpElements")).autowire()) + .withCauseInstanceOf(IllegalArgumentException.class); } @Test public void configureWhenUsingIndenticallyPatternedHttpElementsThenThrowsWiringException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("IdenticallyPatternedHttpElements")).autowire()) - .withCauseInstanceOf(IllegalArgumentException.class); + .isThrownBy(() -> this.spring.configLocations(this.xml("IdenticallyPatternedHttpElements")).autowire()) + .withCauseInstanceOf(IllegalArgumentException.class); } /** diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java index f3dbab941c..022e5c684c 100644 --- a/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java @@ -170,7 +170,7 @@ public class OAuth2ClientBeanDefinitionParserTests { OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(authorizationRequest); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) - .willReturn(authorizationRequest); + .willReturn(authorizationRequest); OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); MultiValueMap params = new LinkedMultiValueMap<>(); @@ -182,7 +182,7 @@ public class OAuth2ClientBeanDefinitionParserTests { .andExpect(redirectedUrl(authorizationRequest.getRedirectUri())); // @formatter:on ArgumentCaptor authorizedClientCaptor = ArgumentCaptor - .forClass(OAuth2AuthorizedClient.class); + .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), any(), any(), any()); OAuth2AuthorizedClient authorizedClient = authorizedClientCaptor.getValue(); @@ -198,7 +198,7 @@ public class OAuth2ClientBeanDefinitionParserTests { OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest(clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(authorizationRequest); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) - .willReturn(authorizationRequest); + .willReturn(authorizationRequest); OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); MultiValueMap params = new LinkedMultiValueMap<>(); diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java index 9ad2b910fe..5ffd87f868 100644 --- a/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/OAuth2LoginBeanDefinitionParserTests.java @@ -159,9 +159,9 @@ public class OAuth2LoginBeanDefinitionParserTests { .andReturn(); // @formatter:on assertThat(result.getResponse().getContentAsString()) - .contains("Google"); + .contains("Google"); assertThat(result.getResponse().getContentAsString()) - .contains("Github"); + .contains("Github"); } // gh-5347 @@ -203,18 +203,18 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenAuthorizationRequestNotFoundThenThrowAuthenticationException() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthenticationFailureHandler")) - .autowire(); + .autowire(); MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", "state123"); this.mvc.perform(get("/login/oauth2/code/google").params(params)); ArgumentCaptor exceptionCaptor = ArgumentCaptor - .forClass(AuthenticationException.class); + .forClass(AuthenticationException.class); verify(this.authenticationFailureHandler).onAuthenticationFailure(any(), any(), exceptionCaptor.capture()); AuthenticationException exception = exceptionCaptor.getValue(); assertThat(exception).isInstanceOf(OAuth2AuthenticationException.class); assertThat(((OAuth2AuthenticationException) exception).getError().getErrorCode()) - .isEqualTo("authorization_request_not_found"); + .isEqualTo("authorization_request_not_found"); } @Test @@ -223,9 +223,10 @@ public class OAuth2LoginBeanDefinitionParserTests { Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .attributes(attributes).build(); + .attributes(attributes) + .build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) - .willReturn(authorizationRequest); + .willReturn(authorizationRequest); OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); OAuth2User oauth2User = TestOAuth2Users.create(); @@ -250,9 +251,10 @@ public class OAuth2LoginBeanDefinitionParserTests { Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .attributes(attributes).build(); + .attributes(attributes) + .build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) - .willReturn(authorizationRequest); + .willReturn(authorizationRequest); OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); OAuth2User oauth2User = TestOAuth2Users.create(); @@ -267,15 +269,16 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenOidcAuthenticationResponseValidThenJwtDecoderFactoryCalled() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithJwtDecoderFactoryAndDefaultSuccessHandler")) - .autowire(); + .autowire(); Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest() - .attributes(attributes).build(); + .attributes(attributes) + .build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) - .willReturn(authorizationRequest); + .willReturn(authorizationRequest); OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.oidcAccessTokenResponse() - .build(); + .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); Jwt jwt = TestJwts.user(); given(this.jwtDecoderFactory.createDecoder(any())).willReturn((token) -> jwt); @@ -298,15 +301,16 @@ public class OAuth2LoginBeanDefinitionParserTests { Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .attributes(attributes).build(); + .attributes(attributes) + .build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) - .willReturn(authorizationRequest); + .willReturn(authorizationRequest); OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); OAuth2User oauth2User = TestOAuth2Users.create(); given(this.oauth2UserService.loadUser(any())).willReturn(oauth2User); given(this.userAuthoritiesMapper.mapAuthorities(any())) - .willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER")); + .willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER")); MultiValueMap params = new LinkedMultiValueMap<>(); params.add("code", "code123"); params.add("state", authorizationRequest.getState()); @@ -316,20 +320,21 @@ public class OAuth2LoginBeanDefinitionParserTests { Authentication authentication = authenticationCaptor.getValue(); assertThat(authentication.getPrincipal()).isInstanceOf(OAuth2User.class); assertThat(authentication.getAuthorities()).hasSize(1); - assertThat(authentication.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class) - .hasToString("ROLE_OAUTH2_USER"); + assertThat(authentication.getAuthorities()).first() + .isInstanceOf(SimpleGrantedAuthority.class) + .hasToString("ROLE_OAUTH2_USER"); // re-setup for OIDC test attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "google-login"); authorizationRequest = TestOAuth2AuthorizationRequests.oidcRequest().attributes(attributes).build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) - .willReturn(authorizationRequest); + .willReturn(authorizationRequest); accessTokenResponse = TestOAuth2AccessTokenResponses.oidcAccessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); Jwt jwt = TestJwts.user(); given(this.jwtDecoderFactory.createDecoder(any())).willReturn((token) -> jwt); given(this.userAuthoritiesMapper.mapAuthorities(any())) - .willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OIDC_USER")); + .willReturn((Collection) AuthorityUtils.createAuthorityList("ROLE_OIDC_USER")); // @formatter:off this.mvc.perform(get("/login/oauth2/code/google-login").params(params)) .andExpect(status().is2xxSuccessful()); @@ -340,8 +345,9 @@ public class OAuth2LoginBeanDefinitionParserTests { authentication = authenticationCaptor.getValue(); assertThat(authentication.getPrincipal()).isInstanceOf(OidcUser.class); assertThat(authentication.getAuthorities()).hasSize(1); - assertThat(authentication.getAuthorities()).first().isInstanceOf(SimpleGrantedAuthority.class) - .hasToString("ROLE_OIDC_USER"); + assertThat(authentication.getAuthorities()).first() + .isInstanceOf(SimpleGrantedAuthority.class) + .hasToString("ROLE_OIDC_USER"); } // gh-5488 @@ -351,9 +357,10 @@ public class OAuth2LoginBeanDefinitionParserTests { Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, "github-login"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .attributes(attributes).build(); + .attributes(attributes) + .build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) - .willReturn(authorizationRequest); + .willReturn(authorizationRequest); OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); OAuth2User oauth2User = TestOAuth2Users.create(); @@ -375,7 +382,7 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenCustomAuthorizationRequestResolverThenCalled() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthorizationRequestResolver")) - .autowire(); + .autowire(); // @formatter:off this.mvc.perform(get("/oauth2/authorization/google-login")) .andExpect(status().is3xxRedirection()); @@ -386,7 +393,7 @@ public class OAuth2LoginBeanDefinitionParserTests { @Test public void requestWhenCustomAuthorizationRedirectStrategyThenCalled() throws Exception { this.spring.configLocations(this.xml("SingleClientRegistration-WithCustomAuthorizationRedirectStrategy")) - .autowire(); + .autowire(); // @formatter:off this.mvc.perform(get("/oauth2/authorization/google-login")) .andExpect(status().isOk()); @@ -435,9 +442,10 @@ public class OAuth2LoginBeanDefinitionParserTests { Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .attributes(attributes).build(); + .attributes(attributes) + .build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) - .willReturn(authorizationRequest); + .willReturn(authorizationRequest); OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); OAuth2User oauth2User = TestOAuth2Users.create(); @@ -457,9 +465,10 @@ public class OAuth2LoginBeanDefinitionParserTests { Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .attributes(attributes).build(); + .attributes(attributes) + .build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) - .willReturn(authorizationRequest); + .willReturn(authorizationRequest); OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); OAuth2User oauth2User = TestOAuth2Users.create(); @@ -479,9 +488,10 @@ public class OAuth2LoginBeanDefinitionParserTests { Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .attributes(attributes).build(); + .attributes(attributes) + .build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) - .willReturn(authorizationRequest); + .willReturn(authorizationRequest); OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); OAuth2User oauth2User = TestOAuth2Users.create(); @@ -501,9 +511,10 @@ public class OAuth2LoginBeanDefinitionParserTests { Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .attributes(attributes).build(); + .attributes(attributes) + .build(); given(this.authorizationRequestRepository.removeAuthorizationRequest(any(), any())) - .willReturn(authorizationRequest); + .willReturn(authorizationRequest); OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); OAuth2User oauth2User = TestOAuth2Users.create(); diff --git a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java index ce7d2e1838..4018875483 100644 --- a/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java @@ -159,7 +159,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { .andExpect(status().isNotFound()); // @formatter:on SecurityContextHolderStrategy securityContextHolderStrategy = this.spring.getContext() - .getBean(SecurityContextHolderStrategy.class); + .getBean(SecurityContextHolderStrategy.class); verify(securityContextHolderStrategy, atLeastOnce()).getContext(); } @@ -280,11 +280,12 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { public void postWhenBearerTokenAsFormParameterThenIgnoresToken() throws Exception { this.spring.configLocations(xml("JwkSetUri")).autowire(); this.mvc.perform(post("/") // engage csrf - .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) - .param("access_token", "token")).andExpect(status().isForbidden()) - .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); // different - // from - // DSL + .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) + .param("access_token", "token")) + .andExpect(status().isForbidden()) + .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); // different + // from + // DSL } @Test @@ -452,7 +453,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void getWhenCustomBearerTokenResolverThenUses() throws Exception { this.spring.configLocations(xml("MockBearerTokenResolver"), xml("MockJwtDecoder"), xml("BearerTokenResolver")) - .autowire(); + .autowire(); JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode("token")).willReturn(TestJwts.jwt().build()); BearerTokenResolver bearerTokenResolver = this.spring.getContext().getBean(BearerTokenResolver.class); @@ -535,14 +536,14 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); given(decoder.decode(anyString())).willReturn(TestJwts.jwt().build()); this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token")) - .andExpect(status().isNotFound()); + .andExpect(status().isNotFound()); verify(decoder).decode("token"); } @Test public void configureWhenDecoderAndJwkSetUriThenException() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("JwtDecoderAndJwkSetUri")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("JwtDecoderAndJwkSetUri")).autowire()); } @Test @@ -609,12 +610,15 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void requestWhenJwtAuthenticationConverterThenUsed() throws Exception { - this.spring.configLocations(xml("MockJwtDecoder"), xml("MockJwtAuthenticationConverter"), - xml("JwtAuthenticationConverter")).autowire(); + this.spring + .configLocations(xml("MockJwtDecoder"), xml("MockJwtAuthenticationConverter"), + xml("JwtAuthenticationConverter")) + .autowire(); Converter jwtAuthenticationConverter = (Converter) this.spring - .getContext().getBean("jwtAuthenticationConverter"); + .getContext() + .getBean("jwtAuthenticationConverter"); given(jwtAuthenticationConverter.convert(any(Jwt.class))) - .willReturn(new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList())); + .willReturn(new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList())); JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class); given(jwtDecoder.decode(anyString())).willReturn(TestJwts.jwt().build()); // @formatter:off @@ -667,7 +671,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void configureWhenIntrospectingWithAuthenticationConverterThenUses() throws Exception { this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueTokenAndAuthenticationConverter")) - .autowire(); + .autowire(); mockRestOperations(json("Active")); OpaqueTokenAuthenticationConverter converter = bean(OpaqueTokenAuthenticationConverter.class); given(converter.convert(any(), any())).willReturn(new TestingAuthenticationToken("user", "pass", "app")); @@ -705,20 +709,20 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void configureWhenOnlyIntrospectionUrlThenException() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("OpaqueTokenHalfConfigured")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("OpaqueTokenHalfConfigured")).autowire()); } @Test public void configureWhenIntrospectorAndIntrospectionUriThenError() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("OpaqueTokenAndIntrospectionUri")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("OpaqueTokenAndIntrospectionUri")).autowire()); } @Test public void getWhenAuthenticationManagerResolverThenUses() throws Exception { this.spring.configLocations(xml("AuthenticationManagerResolver")).autowire(); AuthenticationManagerResolver authenticationManagerResolver = this.spring.getContext() - .getBean(AuthenticationManagerResolver.class); + .getBean(AuthenticationManagerResolver.class); given(authenticationManagerResolver.resolve(any(HttpServletRequest.class))).willReturn( (authentication) -> new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList())); // @formatter:off @@ -813,22 +817,23 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { @Test public void configuredWhenMissingJwtAuthenticationProviderThenWiringException() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("Jwtless")).autowire()) - .withMessageContaining("Please select one"); + .isThrownBy(() -> this.spring.configLocations(xml("Jwtless")).autowire()) + .withMessageContaining("Please select one"); } @Test public void configureWhenMissingJwkSetUriThenWiringException() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("JwtHalfConfigured")).autowire()) - .withMessageContaining("Please specify either"); + .isThrownBy(() -> this.spring.configLocations(xml("JwtHalfConfigured")).autowire()) + .withMessageContaining("Please specify either"); } @Test public void configureWhenUsingBothAuthenticationManagerResolverAndJwtThenException() { - assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy( - () -> this.spring.configLocations(xml("AuthenticationManagerResolverPlusOtherConfig")).autowire()) - .withMessageContaining("authentication-manager-resolver-ref"); + assertThatExceptionOfType(BeanDefinitionParsingException.class) + .isThrownBy( + () -> this.spring.configLocations(xml("AuthenticationManagerResolverPlusOtherConfig")).autowire()) + .withMessageContaining("authentication-manager-resolver-ref"); } @Test @@ -837,7 +842,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { null, null, null); Element element = mock(Element.class); given(element.hasAttribute(OAuth2ResourceServerBeanDefinitionParser.AUTHENTICATION_MANAGER_RESOLVER_REF)) - .willReturn(true); + .willReturn(true); Element child = mock(Element.class); ParserContext pc = new ParserContext(mock(XmlReaderContext.class), mock(BeanDefinitionParserDelegate.class)); parser.validateConfiguration(element, child, null, pc); @@ -853,7 +858,7 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { null, null, null); Element element = mock(Element.class); given(element.hasAttribute(OAuth2ResourceServerBeanDefinitionParser.AUTHENTICATION_MANAGER_RESOLVER_REF)) - .willReturn(false); + .willReturn(false); ParserContext pc = new ParserContext(mock(XmlReaderContext.class), mock(BeanDefinitionParserDelegate.class)); parser.validateConfiguration(element, null, null, pc); verify(pc.getReaderContext()).error(anyString(), eq(element)); @@ -940,7 +945,8 @@ public class OAuth2ResourceServerBeanDefinitionParserTests { private void mockWebServer(String response) { this.web.enqueue(new MockResponse().setResponseCode(200) - .setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(response)); + .setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) + .setBody(response)); } private void mockRestOperations(String response) { diff --git a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java index 80a43d8859..9b35133bd2 100644 --- a/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/OpenIDConfigTests.java @@ -106,7 +106,7 @@ public class OpenIDConfigTests { @Test public void configureWhenOpenIDAndFormLoginBothConfigureLoginPagesThenWiringException() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("WithFormLoginAndOpenIDLoginPages")).autowire()); + .isThrownBy(() -> this.spring.configLocations(this.xml("WithFormLoginAndOpenIDLoginPages")).autowire()); } @Test @@ -119,10 +119,13 @@ public class OpenIDConfigTests { openIDFilter.setReturnToUrlParameters(returnToUrlParameters); OpenIDConsumer consumer = mock(OpenIDConsumer.class); given(consumer.beginConsumption(any(HttpServletRequest.class), anyString(), anyString(), anyString())) - .will((invocation) -> openIdEndpointUrl + invocation.getArgument(2)); + .will((invocation) -> openIdEndpointUrl + invocation.getArgument(2)); openIDFilter.setConsumer(consumer); String expectedReturnTo = new StringBuilder("http://localhost/login/openid").append("?") - .append(AbstractRememberMeServices.DEFAULT_PARAMETER).append("=").append("on").toString(); + .append(AbstractRememberMeServices.DEFAULT_PARAMETER) + .append("=") + .append("on") + .toString(); // @formatter:off this.mvc.perform(get("/")) .andExpect(status().isFound()) @@ -150,15 +153,17 @@ public class OpenIDConfigTests { String endpoint = server.url("/").toString(); server.enqueue(new MockResponse().addHeader(YadisResolver.YADIS_XRDS_LOCATION, endpoint)); server.enqueue(new MockResponse() - .setBody(String.format("%s", endpoint))); - this.mvc.perform( - get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint)) - .andExpect(status().isFound()) - .andExpect((result) -> result.getResponse().getRedirectedUrl().endsWith( - "openid.ext1.type.nickname=http%3A%2F%2Fschema.openid.net%2FnamePerson%2Ffriendly&" - + "openid.ext1.if_available=nickname&" - + "openid.ext1.type.email=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&" - + "openid.ext1.required=email&" + "openid.ext1.count.email=2")); + .setBody(String.format("%s", endpoint))); + this.mvc + .perform( + get("/login/openid").param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint)) + .andExpect(status().isFound()) + .andExpect((result) -> result.getResponse() + .getRedirectedUrl() + .endsWith("openid.ext1.type.nickname=http%3A%2F%2Fschema.openid.net%2FnamePerson%2Ffriendly&" + + "openid.ext1.if_available=nickname&" + + "openid.ext1.type.email=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&" + + "openid.ext1.required=email&" + "openid.ext1.count.email=2")); } } diff --git a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java index 283f899549..1e5761af09 100644 --- a/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/RememberMeConfigTests.java @@ -187,7 +187,7 @@ public class RememberMeConfigTests { @Test public void configureWhenUsingDataSourceAndANegativeTokenValidityThenThrowsWiringException() { assertThatExceptionOfType(FatalBeanException.class) - .isThrownBy(() -> this.spring.configLocations(xml("NegativeTokenValidityWithDataSource")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("NegativeTokenValidityWithDataSource")).autowire()); } @Test @@ -195,14 +195,14 @@ public class RememberMeConfigTests { throws Exception { this.spring.configLocations(xml("Sec2165")).autowire(); rememberAuthentication("user", "password") - .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 30)); + .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 30)); } @Test public void requestWithRememberMeWhenUseSecureCookieIsTrueThenCookieIsSecure() throws Exception { this.spring.configLocations(xml("SecureCookie")).autowire(); rememberAuthentication("user", "password") - .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, true)); + .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, true)); } /** @@ -212,7 +212,7 @@ public class RememberMeConfigTests { public void requestWithRememberMeWhenUseSecureCookieIsFalseThenCookieIsNotSecure() throws Exception { this.spring.configLocations(xml("Sec1827")).autowire(); rememberAuthentication("user", "password") - .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)); + .andExpect(cookie().secure(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)); } @Test @@ -239,7 +239,7 @@ public class RememberMeConfigTests { this.spring.configLocations(xml("WithUserDetailsService")).autowire(); UserDetailsService userDetailsService = this.spring.getContext().getBean(UserDetailsService.class); given(userDetailsService.loadUserByUsername("user")) - .willAnswer((invocation) -> new User("user", "{noop}password", Collections.emptyList())); + .willAnswer((invocation) -> new User("user", "{noop}password", Collections.emptyList())); MvcResult result = rememberAuthentication("user", "password").andReturn(); Cookie cookie = rememberMeCookie(result); // @formatter:off @@ -291,7 +291,7 @@ public class RememberMeConfigTests { @Test public void configureWhenUsingRememberMeParameterAndServicesRefThenThrowsWiringException() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("WithRememberMeParameterAndServicesRef")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("WithRememberMeParameterAndServicesRef")).autowire()); } /** @@ -312,11 +312,10 @@ public class RememberMeConfigTests { @Test public void configureWhenUsingRememberMeCookieAndServicesRefThenThrowsWiringException() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("WithRememberMeCookieAndServicesRef")).autowire()) - .withMessageContaining( - "Configuration problem: services-ref can't be used in combination with attributes " - + "token-repository-ref,data-source-ref, user-service-ref, token-validity-seconds, " - + "use-secure-cookie, remember-me-parameter or remember-me-cookie"); + .isThrownBy(() -> this.spring.configLocations(xml("WithRememberMeCookieAndServicesRef")).autowire()) + .withMessageContaining("Configuration problem: services-ref can't be used in combination with attributes " + + "token-repository-ref,data-source-ref, user-service-ref, token-validity-seconds, " + + "use-secure-cookie, remember-me-parameter or remember-me-cookie"); } private ResultActions rememberAuthentication(String username, String password) throws Exception { diff --git a/config/src/test/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserTests.java index b382b8b082..5e3eb433b3 100644 --- a/config/src/test/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/Saml2LoginBeanDefinitionParserTests.java @@ -156,15 +156,15 @@ public class Saml2LoginBeanDefinitionParserTests { @Test public void authenticateWhenAuthenticationResponseNotValidThenThrowAuthenticationException() throws Exception { this.spring.configLocations(this.xml("SingleRelyingPartyRegistration-WithCustomAuthenticationFailureHandler")) - .autowire(); + .autowire(); this.mvc.perform(get("/login/saml2/sso/one").param(Saml2ParameterNames.SAML_RESPONSE, "samlResponse123")); ArgumentCaptor exceptionCaptor = ArgumentCaptor - .forClass(AuthenticationException.class); + .forClass(AuthenticationException.class); verify(this.authenticationFailureHandler).onAuthenticationFailure(any(), any(), exceptionCaptor.capture()); AuthenticationException exception = exceptionCaptor.getValue(); assertThat(exception).isInstanceOf(Saml2AuthenticationException.class); assertThat(((Saml2AuthenticationException) exception).getSaml2Error().getErrorCode()) - .isEqualTo("invalid_response"); + .isEqualTo("invalid_response"); } @Test @@ -214,11 +214,11 @@ public class Saml2LoginBeanDefinitionParserTests { @Test public void authenticateWhenCustomAuthenticationConverterThenUses() throws Exception { this.spring.configLocations(this.xml("WithCustomRelyingPartyRepository-WithCustomAuthenticationConverter")) - .autowire(); + .autowire(); RelyingPartyRegistration relyingPartyRegistration = relyingPartyRegistrationWithVerifyingCredential(); String response = new String(Saml2Utils.samlDecode(SIGNED_RESPONSE)); given(this.authenticationConverter.convert(any(HttpServletRequest.class))) - .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); + .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); // @formatter:off MockHttpServletRequestBuilder request = post("/login/saml2/sso/" + relyingPartyRegistration.getRegistrationId()) .param("SAMLResponse", SIGNED_RESPONSE); @@ -230,13 +230,13 @@ public class Saml2LoginBeanDefinitionParserTests { @Test public void authenticateWhenCustomAuthenticationManagerThenUses() throws Exception { this.spring.configLocations(this.xml("WithCustomRelyingPartyRepository-WithCustomAuthenticationManager")) - .autowire(); + .autowire(); RelyingPartyRegistration relyingPartyRegistration = relyingPartyRegistrationWithVerifyingCredential(); AuthenticationManager authenticationManager = this.applicationContext.getBean("customAuthenticationManager", AuthenticationManager.class); String response = new String(Saml2Utils.samlDecode(SIGNED_RESPONSE)); given(authenticationManager.authenticate(any())) - .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); + .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); // @formatter:off MockHttpServletRequestBuilder request = post("/login/saml2/sso/" + relyingPartyRegistration.getRegistrationId()) .param("SAMLResponse", SIGNED_RESPONSE); @@ -248,12 +248,14 @@ public class Saml2LoginBeanDefinitionParserTests { @Test public void authenticationRequestWhenCustomAuthenticationRequestContextResolverThenUses() throws Exception { this.spring - .configLocations(this.xml("WithCustomRelyingPartyRepository-WithCustomAuthenticationRequestResolver")) - .autowire(); + .configLocations(this.xml("WithCustomRelyingPartyRepository-WithCustomAuthenticationRequestResolver")) + .autowire(); Saml2RedirectAuthenticationRequest request = Saml2RedirectAuthenticationRequest - .withAuthenticationRequestContext( - TestSaml2AuthenticationRequestContexts.authenticationRequestContext().build()) - .samlRequest("request").authenticationRequestUri(IDP_SSO_URL).build(); + .withAuthenticationRequestContext( + TestSaml2AuthenticationRequestContexts.authenticationRequestContext().build()) + .samlRequest("request") + .authenticationRequestUri(IDP_SSO_URL) + .build(); given(this.authenticationRequestResolver.resolve(any(HttpServletRequest.class))).willReturn(request); this.mvc.perform(get("/saml2/authenticate/registration-id")).andExpect(status().isFound()); verify(this.authenticationRequestResolver).resolve(any(HttpServletRequest.class)); @@ -262,9 +264,9 @@ public class Saml2LoginBeanDefinitionParserTests { @Test public void authenticationRequestWhenCustomAuthnRequestRepositoryThenUses() throws Exception { this.spring.configLocations(this.xml("WithCustomRelyingPartyRepository-WithCustomAuthnRequestRepository")) - .autowire(); + .autowire(); given(this.repository.findByRegistrationId(anyString())) - .willReturn(TestRelyingPartyRegistrations.relyingPartyRegistration().build()); + .willReturn(TestRelyingPartyRegistrations.relyingPartyRegistration().build()); MockHttpServletRequestBuilder request = get("/saml2/authenticate/registration-id"); this.mvc.perform(request).andExpect(status().isFound()); verify(this.authenticationRequestRepository).saveAuthenticationRequest( @@ -275,10 +277,10 @@ public class Saml2LoginBeanDefinitionParserTests { @Test public void authenticateWhenCustomAuthnRequestRepositoryThenUses() throws Exception { this.spring.configLocations(this.xml("WithCustomRelyingPartyRepository-WithCustomAuthnRequestRepository")) - .autowire(); + .autowire(); RelyingPartyRegistrationRepository repository = mock(RelyingPartyRegistrationRepository.class); given(this.repository.findByRegistrationId(anyString())) - .willReturn(TestRelyingPartyRegistrations.relyingPartyRegistration().build()); + .willReturn(TestRelyingPartyRegistrations.relyingPartyRegistration().build()); MockHttpServletRequestBuilder request = post("/login/saml2/sso/registration-id").param("SAMLResponse", SIGNED_RESPONSE); this.mvc.perform(request); @@ -290,22 +292,22 @@ public class Saml2LoginBeanDefinitionParserTests { @Test public void saml2LoginWhenLoginProcessingUrlWithoutRegistrationIdAndDefaultAuthenticationConverterThenValidates() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(this.xml("WithCustomLoginProcessingUrl")).autowire()) - .withMessageContaining("loginProcessingUrl must contain {registrationId} path variable"); + .isThrownBy(() -> this.spring.configLocations(this.xml("WithCustomLoginProcessingUrl")).autowire()) + .withMessageContaining("loginProcessingUrl must contain {registrationId} path variable"); } @Test public void authenticateWhenCustomLoginProcessingUrlAndCustomAuthenticationConverterThenAuthenticate() throws Exception { this.spring.configLocations(this.xml("WithCustomLoginProcessingUrl-WithCustomAuthenticationConverter")) - .autowire(); + .autowire(); RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials() - .assertingPartyDetails((party) -> party.verificationX509Credentials( - (c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) - .build(); + .assertingPartyDetails((party) -> party + .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) + .build(); String response = new String(Saml2Utils.samlDecode(SIGNED_RESPONSE)); given(this.authenticationConverter.convert(any(HttpServletRequest.class))) - .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); + .willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response)); // @formatter:off MockHttpServletRequestBuilder request = post("/my/custom/url").param("SAMLResponse", SIGNED_RESPONSE); // @formatter:on @@ -315,9 +317,9 @@ public class Saml2LoginBeanDefinitionParserTests { private RelyingPartyRegistration relyingPartyRegistrationWithVerifyingCredential() { RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials() - .assertingPartyDetails((party) -> party.verificationX509Credentials( - (c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) - .build(); + .assertingPartyDetails((party) -> party + .verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))) + .build(); given(this.repository.findByRegistrationId(anyString())).willReturn(relyingPartyRegistration); return relyingPartyRegistration; } diff --git a/config/src/test/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserTests.java index f7ab2e75a1..152525d4a2 100644 --- a/config/src/test/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserTests.java @@ -143,7 +143,8 @@ public class Saml2LogoutBeanDefinitionParserTests { this.spring.configLocations(this.xml("LogoutSuccessHandler")).autowire(); TestingAuthenticationToken user = new TestingAuthenticationToken("user", "password"); MvcResult result = this.mvc.perform(post("/logout").with(authentication(user)).with(csrf())) - .andExpect(status().isFound()).andReturn(); + .andExpect(status().isFound()) + .andReturn(); String location = result.getResponse().getHeader("Location"); assertThat(location).isEqualTo("/logoutSuccessEndpoint"); } @@ -152,7 +153,8 @@ public class Saml2LogoutBeanDefinitionParserTests { public void saml2LogoutWhenDefaultsThenLogsOutAndSendsLogoutRequest() throws Exception { this.spring.configLocations(this.xml("Default")).autowire(); MvcResult result = this.mvc.perform(post("/logout").with(authentication(this.saml2User)).with(csrf())) - .andExpect(status().isFound()).andReturn(); + .andExpect(status().isFound()) + .andReturn(); String location = result.getResponse().getHeader("Location"); assertThat(location).startsWith("https://ap.example.org/logout/saml2/request"); } @@ -160,8 +162,9 @@ public class Saml2LogoutBeanDefinitionParserTests { @Test public void saml2LogoutWhenUnauthenticatedThenEntryPoint() throws Exception { this.spring.configLocations(this.xml("Default")).autowire(); - this.mvc.perform(post("/logout").with(csrf())).andExpect(status().isFound()) - .andExpect(redirectedUrl("/login?logout")); + this.mvc.perform(post("/logout").with(csrf())) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("/login?logout")); } @Test @@ -174,7 +177,8 @@ public class Saml2LogoutBeanDefinitionParserTests { public void saml2LogoutWhenGetThenDefaultLogoutPage() throws Exception { this.spring.configLocations(this.xml("Default")).autowire(); MvcResult result = this.mvc.perform(get("/logout").with(authentication(this.saml2User))) - .andExpect(status().isOk()).andReturn(); + .andExpect(status().isOk()) + .andReturn(); assertThat(result.getResponse().getContentAsString()).contains("Are you sure you want to log out?"); } @@ -182,9 +186,9 @@ public class Saml2LogoutBeanDefinitionParserTests { public void saml2LogoutWhenPutOrDeleteThen404() throws Exception { this.spring.configLocations(this.xml("Default")).autowire(); this.mvc.perform(put("/logout").with(authentication(this.saml2User)).with(csrf())) - .andExpect(status().isNotFound()); + .andExpect(status().isNotFound()); this.mvc.perform(delete("/logout").with(authentication(this.saml2User)).with(csrf())) - .andExpect(status().isNotFound()); + .andExpect(status().isNotFound()); } @Test @@ -196,7 +200,7 @@ public class Saml2LogoutBeanDefinitionParserTests { Saml2Authentication authentication = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER")); this.mvc.perform(post("/logout").with(authentication(authentication)).with(csrf())) - .andExpect(status().isUnauthorized()); + .andExpect(status().isUnauthorized()); } @Test @@ -212,8 +216,11 @@ public class Saml2LogoutBeanDefinitionParserTests { this.spring.configLocations(this.xml("CustomComponents")).autowire(); RelyingPartyRegistration registration = this.repository.findByRegistrationId("registration-id"); Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration) - .samlRequest(this.rpLogoutRequest).id(this.rpLogoutRequestId).relayState(this.rpLogoutRequestRelayState) - .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)).build(); + .samlRequest(this.rpLogoutRequest) + .id(this.rpLogoutRequestId) + .relayState(this.rpLogoutRequestRelayState) + .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)) + .build(); given(getBean(Saml2LogoutRequestResolver.class).resolve(any(), any())).willReturn(logoutRequest); this.mvc.perform(post("/logout").with(authentication(this.saml2User)).with(csrf())); verify(getBean(Saml2LogoutRequestResolver.class)).resolve(any(), any()); @@ -227,10 +234,15 @@ public class Saml2LogoutBeanDefinitionParserTests { principal.setRelyingPartyRegistrationId("get"); Saml2Authentication user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER")); - MvcResult result = this.mvc.perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) - .param("RelayState", this.apLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg) - .param("Signature", this.apLogoutRequestSignature).with(samlQueryString()).with(authentication(user))) - .andExpect(status().isFound()).andReturn(); + MvcResult result = this.mvc + .perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) + .param("RelayState", this.apLogoutRequestRelayState) + .param("SigAlg", this.apLogoutRequestSigAlg) + .param("Signature", this.apLogoutRequestSignature) + .with(samlQueryString()) + .with(authentication(user))) + .andExpect(status().isFound()) + .andReturn(); String location = result.getResponse().getHeader("Location"); assertThat(location).startsWith("https://ap.example.org/logout/saml2/response"); } @@ -243,10 +255,15 @@ public class Saml2LogoutBeanDefinitionParserTests { principal.setRelyingPartyRegistrationId("get"); Saml2Authentication user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER")); - MvcResult result = this.mvc.perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) - .param("RelayState", this.apLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg) - .param("Signature", this.apLogoutRequestSignature).with(samlQueryString()).with(authentication(user))) - .andExpect(status().isFound()).andReturn(); + MvcResult result = this.mvc + .perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) + .param("RelayState", this.apLogoutRequestRelayState) + .param("SigAlg", this.apLogoutRequestSigAlg) + .param("Signature", this.apLogoutRequestSignature) + .with(samlQueryString()) + .with(authentication(user))) + .andExpect(status().isFound()) + .andReturn(); String location = result.getResponse().getHeader("Location"); assertThat(location).startsWith("https://ap.example.org/logout/saml2/response"); verify(getBean(SecurityContextHolderStrategy.class), atLeastOnce()).getContext(); @@ -260,18 +277,24 @@ public class Saml2LogoutBeanDefinitionParserTests { principal.setRelyingPartyRegistrationId("wrong"); Saml2Authentication user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER")); - this.mvc.perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) - .param("RelayState", this.apLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg) - .param("Signature", this.apLogoutRequestSignature).with(authentication(user))) - .andExpect(status().isBadRequest()); + this.mvc + .perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) + .param("RelayState", this.apLogoutRequestRelayState) + .param("SigAlg", this.apLogoutRequestSigAlg) + .param("Signature", this.apLogoutRequestSignature) + .with(authentication(user))) + .andExpect(status().isBadRequest()); } @Test public void saml2LogoutRequestWhenInvalidSamlRequestThen401() throws Exception { this.spring.configLocations(this.xml("Default")).autowire(); - this.mvc.perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) - .param("RelayState", this.apLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg) - .with(authentication(this.saml2User))).andExpect(status().isUnauthorized()); + this.mvc + .perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) + .param("RelayState", this.apLogoutRequestRelayState) + .param("SigAlg", this.apLogoutRequestSigAlg) + .with(authentication(this.saml2User))) + .andExpect(status().isUnauthorized()); } @Test @@ -281,12 +304,12 @@ public class Saml2LogoutBeanDefinitionParserTests { LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration); logoutRequest.setIssueInstant(Instant.now()); given(getBean(Saml2LogoutRequestValidator.class).validate(any())) - .willReturn(Saml2LogoutValidatorResult.success()); + .willReturn(Saml2LogoutValidatorResult.success()); Saml2LogoutResponse logoutResponse = Saml2LogoutResponse.withRelyingPartyRegistration(registration).build(); given(getBean(Saml2LogoutResponseResolver.class).resolve(any(), any())).willReturn(logoutResponse); - this.mvc.perform( - post("/logout/saml2/slo").param("SAMLRequest", "samlRequest").with(authentication(this.saml2User))) - .andReturn(); + this.mvc + .perform(post("/logout/saml2/slo").param("SAMLRequest", "samlRequest").with(authentication(this.saml2User))) + .andReturn(); verify(getBean(Saml2LogoutRequestValidator.class)).validate(any()); verify(getBean(Saml2LogoutResponseResolver.class)).resolve(any(), any()); } @@ -296,15 +319,23 @@ public class Saml2LogoutBeanDefinitionParserTests { this.spring.configLocations(this.xml("Default")).autowire(); RelyingPartyRegistration registration = this.repository.findByRegistrationId("get"); Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration) - .samlRequest(this.rpLogoutRequest).id(this.rpLogoutRequestId).relayState(this.rpLogoutRequestRelayState) - .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)).build(); + .samlRequest(this.rpLogoutRequest) + .id(this.rpLogoutRequestId) + .relayState(this.rpLogoutRequestRelayState) + .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)) + .build(); this.logoutRequestRepository.saveLogoutRequest(logoutRequest, this.request, this.response); this.request.setParameter("RelayState", logoutRequest.getRelayState()); assertThat(this.logoutRequestRepository.loadLogoutRequest(this.request)).isNotNull(); - this.mvc.perform(get("/logout/saml2/slo").session(((MockHttpSession) this.request.getSession())) - .param("SAMLResponse", this.apLogoutResponse).param("RelayState", this.apLogoutResponseRelayState) - .param("SigAlg", this.apLogoutResponseSigAlg).param("Signature", this.apLogoutResponseSignature) - .with(samlQueryString())).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout")); + this.mvc + .perform(get("/logout/saml2/slo").session(((MockHttpSession) this.request.getSession())) + .param("SAMLResponse", this.apLogoutResponse) + .param("RelayState", this.apLogoutResponseRelayState) + .param("SigAlg", this.apLogoutResponseSigAlg) + .param("Signature", this.apLogoutResponseSignature) + .with(samlQueryString())) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("/login?logout")); assertThat(this.logoutRequestRepository.loadLogoutRequest(this.request)).isNull(); } @@ -313,16 +344,23 @@ public class Saml2LogoutBeanDefinitionParserTests { this.spring.configLocations(this.xml("Default")).autowire(); RelyingPartyRegistration registration = this.repository.findByRegistrationId("registration-id"); Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration) - .samlRequest(this.rpLogoutRequest).id(this.rpLogoutRequestId).relayState(this.rpLogoutRequestRelayState) - .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)).build(); + .samlRequest(this.rpLogoutRequest) + .id(this.rpLogoutRequestId) + .relayState(this.rpLogoutRequestRelayState) + .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)) + .build(); this.logoutRequestRepository.saveLogoutRequest(logoutRequest, this.request, this.response); String deflatedApLogoutResponse = Saml2Utils.samlEncode( Saml2Utils.samlInflate(Saml2Utils.samlDecode(this.apLogoutResponse)).getBytes(StandardCharsets.UTF_8)); - this.mvc.perform(post("/logout/saml2/slo").session((MockHttpSession) this.request.getSession()) - .param("SAMLResponse", deflatedApLogoutResponse).param("RelayState", this.rpLogoutRequestRelayState) - .param("SigAlg", this.apLogoutRequestSigAlg).param("Signature", this.apLogoutResponseSignature) - .with(samlQueryString())).andExpect(status().reason(containsString("invalid_signature"))) - .andExpect(status().isUnauthorized()); + this.mvc + .perform(post("/logout/saml2/slo").session((MockHttpSession) this.request.getSession()) + .param("SAMLResponse", deflatedApLogoutResponse) + .param("RelayState", this.rpLogoutRequestRelayState) + .param("SigAlg", this.apLogoutRequestSigAlg) + .param("Signature", this.apLogoutResponseSignature) + .with(samlQueryString())) + .andExpect(status().reason(containsString("invalid_signature"))) + .andExpect(status().isUnauthorized()); } @Test @@ -330,11 +368,14 @@ public class Saml2LogoutBeanDefinitionParserTests { this.spring.configLocations(this.xml("CustomComponents")).autowire(); RelyingPartyRegistration registration = this.repository.findByRegistrationId("get"); Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration) - .samlRequest(this.rpLogoutRequest).id(this.rpLogoutRequestId).relayState(this.rpLogoutRequestRelayState) - .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)).build(); + .samlRequest(this.rpLogoutRequest) + .id(this.rpLogoutRequestId) + .relayState(this.rpLogoutRequestRelayState) + .parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)) + .build(); given(getBean(Saml2LogoutRequestRepository.class).removeLogoutRequest(any(), any())).willReturn(logoutRequest); given(getBean(Saml2LogoutResponseValidator.class).validate(any())) - .willReturn(Saml2LogoutValidatorResult.success()); + .willReturn(Saml2LogoutValidatorResult.success()); this.mvc.perform(get("/logout/saml2/slo").param("SAMLResponse", "samlResponse")).andReturn(); verify(getBean(Saml2LogoutResponseValidator.class)).validate(any()); } diff --git a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java index 7371dc5ec5..7d134f3df6 100644 --- a/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/SecurityContextHolderAwareRequestConfigTests.java @@ -178,8 +178,9 @@ public class SecurityContextHolderAwareRequestConfigTests { @Test public void servletLogoutWhenUsingCustomLogoutThenUsesSpringSecurity() throws Exception { this.spring.configLocations(this.xml("Logout")).autowire(); - this.mvc.perform(get("/authenticate")).andExpect(status().isFound()) - .andExpect(redirectedUrl("http://localhost/signin")); + this.mvc.perform(get("/authenticate")) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("http://localhost/signin")); // @formatter:off MvcResult result = this.mvc.perform(get("/good-login")) .andReturn(); diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java index dc5c4c1a63..e37ed25857 100644 --- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigTests.java @@ -141,7 +141,7 @@ public class SessionManagementConfigTests { assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNotNull(); assertThat(request.getSession(false) - .getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isNotNull(); + .getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isNotNull(); } @Test @@ -181,8 +181,9 @@ public class SessionManagementConfigTests { .andExpect(status().isFound()) .andExpect(session()).andReturn(); // @formatter:on - assertThat(result.getRequest().getSession(false) - .getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isNull(); + assertThat(result.getRequest() + .getSession(false) + .getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isNull(); } @Test @@ -306,8 +307,9 @@ public class SessionManagementConfigTests { @Test public void autowireWhenConcurrencyControlIsSetThenLogoutHandlersGetAuthenticationObject() throws Exception { this.spring.configLocations(xml("ConcurrencyControlCustomLogoutHandler")).autowire(); - MvcResult result = this.mvc.perform(get("/auth").with(httpBasic("user", "password"))).andExpect(session()) - .andReturn(); + MvcResult result = this.mvc.perform(get("/auth").with(httpBasic("user", "password"))) + .andExpect(session()) + .andReturn(); MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class); sessionRegistry.getSessionInformation(session.getId()).expireNow(); diff --git a/config/src/test/java/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParserTests.java index f29ae772fe..85c162a6ba 100644 --- a/config/src/test/java/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParserTests.java @@ -47,16 +47,18 @@ public class WellKnownChangePasswordBeanDefinitionParserTests { public void whenChangePasswordPageNotSetThenDefaultChangePasswordPageUsed() throws Exception { this.spring.configLocations(xml("DefaultChangePasswordPage")).autowire(); - this.mvc.perform(get("/.well-known/change-password")).andExpect(status().isFound()) - .andExpect(redirectedUrl("/change-password")); + this.mvc.perform(get("/.well-known/change-password")) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("/change-password")); } @Test public void whenChangePasswordPageSetThenSpecifiedChangePasswordPageUsed() throws Exception { this.spring.configLocations(xml("CustomChangePasswordPage")).autowire(); - this.mvc.perform(get("/.well-known/change-password")).andExpect(status().isFound()) - .andExpect(redirectedUrl("/custom-change-password-page")); + this.mvc.perform(get("/.well-known/change-password")) + .andExpect(status().isFound()) + .andExpect(redirectedUrl("/custom-change-password-page")); } private String xml(String configName) { diff --git a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java index affbe760ab..ad5e52b04b 100644 --- a/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParserTests.java @@ -100,7 +100,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { public void targetShouldPreventProtectedMethodInvocationWithNoContext() { loadContext(); assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(this.target::someUserMethod1); + .isThrownBy(this.target::someUserMethod1); } @Test @@ -136,7 +136,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { + ""); // @formatter:on PostProcessedMockUserDetailsService service = (PostProcessedMockUserDetailsService) this.appContext - .getBean("myUserService"); + .getBean("myUserService"); assertThat(service.getPostProcessorWasHere()).isEqualTo("Hello from the post processor!"); } @@ -171,7 +171,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { + ConfigTestUtils.AUTH_PROVIDER_XML); // @formatter:on SecurityContextHolder.getContext() - .setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); + .setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); this.target = (BusinessService) this.appContext.getBean("target"); // someOther(int) should not be matched by someOther(String), but should require // ROLE_USER @@ -197,16 +197,16 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { this.target.someOther("somestring"); // All others should require ROLE_USER assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> this.target.someOther(0)); + .isThrownBy(() -> this.target.someOther(0)); SecurityContextHolder.getContext() - .setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); + .setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); this.target.someOther(0); } @Test public void duplicateElementCausesError() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> setContext("" + "")); + .isThrownBy(() -> setContext("" + "")); } // SEC-936 @@ -232,17 +232,20 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { @Test public void expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance() throws Exception { setContext("" + ConfigTestUtils.AUTH_PROVIDER_XML); - AffirmativeBased adm = (AffirmativeBased) this.appContext.getBeansOfType(AffirmativeBased.class).values() - .toArray()[0]; + AffirmativeBased adm = (AffirmativeBased) this.appContext.getBeansOfType(AffirmativeBased.class) + .values() + .toArray()[0]; List voters = (List) FieldUtils.getFieldValue(adm, "decisionVoters"); PreInvocationAuthorizationAdviceVoter mev = (PreInvocationAuthorizationAdviceVoter) voters.get(0); MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) this.appContext - .getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0]; + .getBeansOfType(MethodSecurityMetadataSourceAdvisor.class) + .values() + .toArray()[0]; AfterInvocationProviderManager pm = (AfterInvocationProviderManager) ((MethodSecurityInterceptor) msi - .getAdvice()).getAfterInvocationManager(); + .getAdvice()).getAfterInvocationManager(); PostInvocationAdviceProvider aip = (PostInvocationAdviceProvider) pm.getProviders().get(0); assertThat(FieldUtils.getFieldValue(mev, "preAdvice.expressionHandler")) - .isSameAs(FieldUtils.getFieldValue(aip, "postAdvice.expressionHandler")); + .isSameAs(FieldUtils.getFieldValue(aip, "postAdvice.expressionHandler")); } @Test @@ -269,7 +272,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { // @formatter:on SecurityContextHolder.getContext().setAuthentication(this.bob); ExpressionProtectedBusinessServiceImpl target = (ExpressionProtectedBusinessServiceImpl) this.appContext - .getBean("target"); + .getBean("target"); target.methodWithBeanNamePropertyAccessExpression("x"); } @@ -365,7 +368,9 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { parent); RunAsManagerImpl ram = (RunAsManagerImpl) this.appContext.getBean("runAsMgr"); MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) this.appContext - .getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0]; + .getBeansOfType(MethodSecurityMetadataSourceAdvisor.class) + .values() + .toArray()[0]; assertThat(ram).isSameAs(FieldUtils.getFieldValue(msi.getAdvice(), "runAsManager")); } @@ -385,7 +390,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { Foo foo = (Foo) this.appContext.getBean("target"); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> foo.foo(new SecurityConfig("A"))); SecurityContextHolder.getContext() - .setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("admin", "password")); + .setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("admin", "password")); foo.foo(new SecurityConfig("A")); } @@ -406,7 +411,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests { Foo foo = (Foo) this.appContext.getBean("target"); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> foo.foo(new SecurityConfig("A"))); SecurityContextHolder.getContext() - .setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("admin", "password")); + .setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("admin", "password")); foo.foo(new SecurityConfig("A")); } diff --git a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java index b6be974650..a4257f1732 100644 --- a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java +++ b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java @@ -109,7 +109,7 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application @Test public void targetShouldPreventProtectedMethodInvocationWithNoContext() { assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(this.target::doSomething); + .isThrownBy(this.target::doSomething); } @Test @@ -141,7 +141,7 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application @Test public void targetAuthorizationManagerShouldPreventProtectedMethodInvocationWithNoContext() { assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(this.targetAuthorizationManager::doSomething); + .isThrownBy(this.targetAuthorizationManager::doSomething); } @Test @@ -163,7 +163,7 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application @Test public void transactionalAuthorizationManagerMethodsShouldBeSecured() { assertThatExceptionOfType(AuthenticationException.class) - .isThrownBy(this.transactionalTargetAuthorizationManager::doSomething); + .isThrownBy(this.transactionalTargetAuthorizationManager::doSomething); } @Test diff --git a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java index 654a01b2f3..e597c91759 100644 --- a/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/Jsr250AnnotationDrivenBeanDefinitionParserTests.java @@ -62,7 +62,7 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests { @Test public void targetShouldPreventProtectedMethodInvocationWithNoContext() { assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> this.target.someUserMethod1()); + .isThrownBy(() -> this.target.someUserMethod1()); } @Test diff --git a/config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java index f2e2556fb6..37cddc9104 100644 --- a/config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java @@ -82,7 +82,7 @@ public class MethodSecurityBeanDefinitionParserTests { public void preAuthorizeWhenRoleAdminThenAccessDeniedException() { this.spring.configLocations(xml("MethodSecurityService")).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::preAuthorize) - .withMessage("Access Denied"); + .withMessage("Access Denied"); } @Test @@ -109,7 +109,8 @@ public class MethodSecurityBeanDefinitionParserTests { public void preAuthorizeNotAnonymousWhenRoleAnonymousThenAccessDeniedException() { this.spring.configLocations(xml("MethodSecurityService")).autowire(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(this.methodSecurityService::preAuthorizeNotAnonymous).withMessage("Access Denied"); + .isThrownBy(this.methodSecurityService::preAuthorizeNotAnonymous) + .withMessage("Access Denied"); } @WithMockUser @@ -124,7 +125,7 @@ public class MethodSecurityBeanDefinitionParserTests { public void securedWhenRoleUserThenAccessDeniedException() { this.spring.configLocations(xml("MethodSecurityServiceEnabled")).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::secured) - .withMessage("Access Denied"); + .withMessage("Access Denied"); } @WithMockUser(roles = "ADMIN") @@ -142,7 +143,7 @@ public class MethodSecurityBeanDefinitionParserTests { SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "pass")); strategy.setContext(context); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::secured) - .withMessage("Access Denied"); + .withMessage("Access Denied"); verify(strategy).getContext(); } @@ -151,7 +152,7 @@ public class MethodSecurityBeanDefinitionParserTests { public void securedUserWhenRoleAdminThenAccessDeniedException() { this.spring.configLocations(xml("MethodSecurityServiceEnabled")).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::securedUser) - .withMessage("Access Denied"); + .withMessage("Access Denied"); } @WithMockUser @@ -167,7 +168,7 @@ public class MethodSecurityBeanDefinitionParserTests { public void preAuthorizeAdminWhenRoleUserThenAccessDeniedException() { this.spring.configLocations(xml("MethodSecurityService")).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::preAuthorizeAdmin) - .withMessage("Access Denied"); + .withMessage("Access Denied"); } @WithMockUser(roles = "ADMIN") @@ -184,7 +185,7 @@ public class MethodSecurityBeanDefinitionParserTests { SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "pass")); strategy.setContext(context); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::preAuthorizeAdmin) - .withMessage("Access Denied"); + .withMessage("Access Denied"); verify(strategy).getContext(); } @@ -200,7 +201,8 @@ public class MethodSecurityBeanDefinitionParserTests { public void postHasPermissionWhenParameterIsNotGrantThenAccessDeniedException() { this.spring.configLocations(xml("CustomPermissionEvaluator")).autowire(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.methodSecurityService.postHasPermission("deny")).withMessage("Access Denied"); + .isThrownBy(() -> this.methodSecurityService.postHasPermission("deny")) + .withMessage("Access Denied"); } @WithMockUser @@ -216,7 +218,8 @@ public class MethodSecurityBeanDefinitionParserTests { public void postAnnotationWhenParameterIsNotGrantThenAccessDeniedException() { this.spring.configLocations(xml("MethodSecurityService")).autowire(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.methodSecurityService.postAnnotation("deny")).withMessage("Access Denied"); + .isThrownBy(() -> this.methodSecurityService.postAnnotation("deny")) + .withMessage("Access Denied"); } @WithMockUser @@ -234,7 +237,7 @@ public class MethodSecurityBeanDefinitionParserTests { SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "pass")); strategy.setContext(context); List result = this.methodSecurityService - .preFilterByUsername(new ArrayList<>(Arrays.asList("user", "bob", "joe"))); + .preFilterByUsername(new ArrayList<>(Arrays.asList("user", "bob", "joe"))); assertThat(result).containsExactly("user"); verify(strategy).getContext(); } @@ -246,7 +249,7 @@ public class MethodSecurityBeanDefinitionParserTests { SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "pass")); strategy.setContext(context); List result = this.methodSecurityService - .postFilterByUsername(new ArrayList<>(Arrays.asList("user", "bob", "joe"))); + .postFilterByUsername(new ArrayList<>(Arrays.asList("user", "bob", "joe"))); assertThat(result).containsExactly("user"); verify(strategy).getContext(); } @@ -290,7 +293,7 @@ public class MethodSecurityBeanDefinitionParserTests { public void securedUserWhenCustomBeforeAdviceConfiguredAndNameNotBobThenAccessDeniedException() { this.spring.configLocations(xml("CustomAuthorizationManagerBeforeAdvice")).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::securedUser) - .withMessage("Access Denied"); + .withMessage("Access Denied"); } @WithMockUser("bob") @@ -306,7 +309,7 @@ public class MethodSecurityBeanDefinitionParserTests { public void securedUserWhenCustomAfterAdviceConfiguredAndNameNotBobThenAccessDeniedException() { this.spring.configLocations(xml("CustomAuthorizationManagerAfterAdvice")).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::securedUser) - .withMessage("Access Denied for User 'joe'"); + .withMessage("Access Denied for User 'joe'"); } @WithMockUser(roles = "ADMIN") @@ -314,7 +317,7 @@ public class MethodSecurityBeanDefinitionParserTests { public void jsr250WhenRoleAdminThenAccessDeniedException() { this.spring.configLocations(xml("MethodSecurityServiceEnabled")).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.methodSecurityService::jsr250) - .withMessage("Access Denied"); + .withMessage("Access Denied"); } @Test @@ -324,7 +327,8 @@ public class MethodSecurityBeanDefinitionParserTests { SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "pass")); strategy.setContext(context); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(this.methodSecurityService::jsr250RolesAllowed).withMessage("Access Denied"); + .isThrownBy(this.methodSecurityService::jsr250RolesAllowed) + .withMessage("Access Denied"); verify(strategy).getContext(); } @@ -341,7 +345,7 @@ public class MethodSecurityBeanDefinitionParserTests { public void rolesAllowedUserWhenRoleAdminThenAccessDeniedException() { this.spring.configLocations(xml("BusinessService")).autowire(); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.businessService::rolesAllowedUser) - .withMessage("Access Denied"); + .withMessage("Access Denied"); } @WithMockUser @@ -369,7 +373,7 @@ public class MethodSecurityBeanDefinitionParserTests { List names = Arrays.asList("harold", "jonathan", "pete", "bo"); this.spring.configLocations(xml("MethodSecurityServiceEnabled")).autowire(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.methodSecurityService.manyAnnotations(new ArrayList<>(names))); + .isThrownBy(() -> this.methodSecurityService.manyAnnotations(new ArrayList<>(names))); } @WithMockUser @@ -378,7 +382,7 @@ public class MethodSecurityBeanDefinitionParserTests { List names = Arrays.asList("harold", "jonathan", "pete"); this.spring.configLocations(xml("MethodSecurityServiceEnabled")).autowire(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.methodSecurityService.manyAnnotations(new ArrayList<>(names))); + .isThrownBy(() -> this.methodSecurityService.manyAnnotations(new ArrayList<>(names))); } @WithMockUser(roles = "ADMIN") @@ -387,7 +391,7 @@ public class MethodSecurityBeanDefinitionParserTests { List names = Arrays.asList("harold", "jonathan", "pete", "bo"); this.spring.configLocations(xml("MethodSecurityServiceEnabled")).autowire(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.methodSecurityService.manyAnnotations(new ArrayList<>(names))); + .isThrownBy(() -> this.methodSecurityService.manyAnnotations(new ArrayList<>(names))); } // gh-3183 @@ -395,7 +399,7 @@ public class MethodSecurityBeanDefinitionParserTests { public void repeatedAnnotationsWhenPresentThenFails() { this.spring.configLocations(xml("MethodSecurityService")).autowire(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> this.methodSecurityService.repeatedAnnotations()); + .isThrownBy(() -> this.methodSecurityService.repeatedAnnotations()); } // gh-3183 @@ -403,7 +407,7 @@ public class MethodSecurityBeanDefinitionParserTests { public void repeatedJsr250AnnotationsWhenPresentThenFails() { this.spring.configLocations(xml("Jsr250")).autowire(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> this.businessService.repeatedAnnotations()); + .isThrownBy(() -> this.businessService.repeatedAnnotations()); } // gh-3183 @@ -411,7 +415,7 @@ public class MethodSecurityBeanDefinitionParserTests { public void repeatedSecuredAnnotationsWhenPresentThenFails() { this.spring.configLocations(xml("Secured")).autowire(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> this.businessService.repeatedAnnotations()); + .isThrownBy(() -> this.businessService.repeatedAnnotations()); } @WithMockUser @@ -420,7 +424,7 @@ public class MethodSecurityBeanDefinitionParserTests { this.spring.configLocations(xml("ProtectPointcut")).autowire(); this.businessService.someOther(0); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.businessService.someOther("somestring")); + .isThrownBy(() -> this.businessService.someOther("somestring")); } @Test @@ -429,9 +433,10 @@ public class MethodSecurityBeanDefinitionParserTests { this.businessService.someOther("somestring"); // All others should require ROLE_USER assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> this.businessService.someOther(0)); - SecurityContextHolder.getContext().setAuthentication( - new TestingAuthenticationToken("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"))); + .isThrownBy(() -> this.businessService.someOther(0)); + SecurityContextHolder.getContext() + .setAuthentication(new TestingAuthenticationToken("user", "password", + AuthorityUtils.createAuthorityList("ROLE_USER"))); this.businessService.someOther(0); SecurityContextHolder.clearContext(); } diff --git a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java index 8a6e982913..677e0ec948 100644 --- a/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java +++ b/config/src/test/java/org/springframework/security/config/method/PreAuthorizeTests.java @@ -48,30 +48,30 @@ public class PreAuthorizeTests { @Test public void preAuthorizeAdminRoleDenied() { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER")); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.service::preAuthorizeAdminRole); } @Test public void preAuthorizeAdminRoleGranted() { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN")); + .setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN")); this.service.preAuthorizeAdminRole(); } @Test public void preAuthorizeContactPermissionGranted() { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN")); + .setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN")); this.service.contactPermission(new Contact("user")); } @Test public void preAuthorizeContactPermissionDenied() { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN")); + .setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN")); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.service.contactPermission(new Contact("admin"))); + .isThrownBy(() -> this.service.contactPermission(new Contact("admin"))); } } diff --git a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java index fbdf043e6c..36904ca50a 100644 --- a/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java +++ b/config/src/test/java/org/springframework/security/config/method/Sec2196Tests.java @@ -41,7 +41,7 @@ public class Sec2196Tests { loadContext("" + ""); SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("test", "pass", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken("test", "pass", "ROLE_USER")); Service service = this.context.getBean(Service.class); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> service.save(new User())); } @@ -51,7 +51,7 @@ public class Sec2196Tests { loadContext("" + ""); SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("test", "pass", "saveUsers")); + .setAuthentication(new TestingAuthenticationToken("test", "pass", "saveUsers")); Service service = this.context.getBean(Service.class); service.save(new User()); } diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java index 4995df4369..234f78d807 100644 --- a/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/SecuredAnnotationDrivenBeanDefinitionParserTests.java @@ -68,7 +68,7 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests { @Test public void targetShouldPreventProtectedMethodInvocationWithNoContext() { assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(this.target::someUserMethod1); + .isThrownBy(this.target::someUserMethod1); } @Test @@ -92,13 +92,13 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests { public void targetIsSerializableBeforeUse() throws Exception { BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(this.target); assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(chompedTarget::someAdminMethod); + .isThrownBy(chompedTarget::someAdminMethod); } @Test public void targetIsSerializableAfterUse() throws Exception { assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(this.target::someAdminMethod); + .isThrownBy(this.target::someAdminMethod); SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("u", "p", "ROLE_A")); BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(this.target); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(chompedTarget::someAdminMethod); diff --git a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java index 155f97422f..b37ee9d353 100644 --- a/config/src/test/java/org/springframework/security/config/method/SecuredTests.java +++ b/config/src/test/java/org/springframework/security/config/method/SecuredTests.java @@ -48,14 +48,14 @@ public class SecuredTests { @Test public void securedAdminRoleDenied() { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER")); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.service::securedAdminRole); } @Test public void securedAdminRoleGranted() { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN")); + .setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN")); this.service.securedAdminRole(); } diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java index e26eec154a..50ffbbcd26 100644 --- a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java @@ -154,7 +154,7 @@ public class ClientRegistrationsBeanDefinitionParserTests { assertThat(googleRegistration.getClientId()).isEqualTo("google-client-id"); assertThat(googleRegistration.getClientSecret()).isEqualTo("google-client-secret"); assertThat(googleRegistration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); assertThat(googleRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(googleRegistration.getRedirectUri()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}"); assertThat(googleRegistration.getScopes()).isNull(); @@ -164,9 +164,9 @@ public class ClientRegistrationsBeanDefinitionParserTests { assertThat(googleProviderDetails.getAuthorizationUri()).isEqualTo("https://example.com/o/oauth2/v2/auth"); assertThat(googleProviderDetails.getTokenUri()).isEqualTo("https://example.com/oauth2/v4/token"); assertThat(googleProviderDetails.getUserInfoEndpoint().getUri()) - .isEqualTo("https://example.com/oauth2/v3/userinfo"); + .isEqualTo("https://example.com/oauth2/v3/userinfo"); assertThat(googleProviderDetails.getUserInfoEndpoint().getAuthenticationMethod()) - .isEqualTo(AuthenticationMethod.HEADER); + .isEqualTo(AuthenticationMethod.HEADER); assertThat(googleProviderDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo("sub"); assertThat(googleProviderDetails.getJwkSetUri()).isEqualTo("https://example.com/oauth2/v3/certs"); assertThat(googleProviderDetails.getIssuerUri()).isEqualTo(serverUrl); @@ -175,7 +175,7 @@ public class ClientRegistrationsBeanDefinitionParserTests { @Test public void parseWhenMultipleClientsConfiguredThenAvailableInRepository() { this.spring.configLocations(ClientRegistrationsBeanDefinitionParserTests.xml("MultiClientRegistration")) - .autowire(); + .autowire(); assertThat(this.clientRegistrationRepository).isInstanceOf(InMemoryClientRegistrationRepository.class); ClientRegistration googleRegistration = this.clientRegistrationRepository.findByRegistrationId("google-login"); assertThat(googleRegistration).isNotNull(); @@ -183,21 +183,21 @@ public class ClientRegistrationsBeanDefinitionParserTests { assertThat(googleRegistration.getClientId()).isEqualTo("google-client-id"); assertThat(googleRegistration.getClientSecret()).isEqualTo("google-client-secret"); assertThat(googleRegistration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); assertThat(googleRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(googleRegistration.getRedirectUri()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}"); assertThat(googleRegistration.getScopes()) - .isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email")); + .isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email")); assertThat(googleRegistration.getClientName()).isEqualTo("Google"); ProviderDetails googleProviderDetails = googleRegistration.getProviderDetails(); assertThat(googleProviderDetails).isNotNull(); assertThat(googleProviderDetails.getAuthorizationUri()) - .isEqualTo("https://accounts.google.com/o/oauth2/v2/auth"); + .isEqualTo("https://accounts.google.com/o/oauth2/v2/auth"); assertThat(googleProviderDetails.getTokenUri()).isEqualTo("https://www.googleapis.com/oauth2/v4/token"); assertThat(googleProviderDetails.getUserInfoEndpoint().getUri()) - .isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo"); + .isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo"); assertThat(googleProviderDetails.getUserInfoEndpoint().getAuthenticationMethod()) - .isEqualTo(AuthenticationMethod.HEADER); + .isEqualTo(AuthenticationMethod.HEADER); assertThat(googleProviderDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo("sub"); assertThat(googleProviderDetails.getJwkSetUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/certs"); assertThat(googleProviderDetails.getIssuerUri()).isEqualTo("https://accounts.google.com"); @@ -207,11 +207,11 @@ public class ClientRegistrationsBeanDefinitionParserTests { assertThat(githubRegistration.getClientId()).isEqualTo("github-client-id"); assertThat(githubRegistration.getClientSecret()).isEqualTo("github-client-secret"); assertThat(githubRegistration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); assertThat(githubRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(githubRegistration.getRedirectUri()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}"); assertThat(googleRegistration.getScopes()) - .isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email")); + .isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email")); assertThat(githubRegistration.getClientName()).isEqualTo("Github"); ProviderDetails githubProviderDetails = githubRegistration.getProviderDetails(); assertThat(githubProviderDetails).isNotNull(); @@ -219,7 +219,7 @@ public class ClientRegistrationsBeanDefinitionParserTests { assertThat(githubProviderDetails.getTokenUri()).isEqualTo("https://github.com/login/oauth/access_token"); assertThat(githubProviderDetails.getUserInfoEndpoint().getUri()).isEqualTo("https://api.github.com/user"); assertThat(githubProviderDetails.getUserInfoEndpoint().getAuthenticationMethod()) - .isEqualTo(AuthenticationMethod.HEADER); + .isEqualTo(AuthenticationMethod.HEADER); assertThat(githubProviderDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo("id"); } diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java index eefb9f2049..81ab751a60 100644 --- a/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java +++ b/config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java @@ -42,12 +42,12 @@ public class CommonOAuth2ProviderTests { assertThat(providerDetails.getAuthorizationUri()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth"); assertThat(providerDetails.getTokenUri()).isEqualTo("https://www.googleapis.com/oauth2/v4/token"); assertThat(providerDetails.getUserInfoEndpoint().getUri()) - .isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo"); + .isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo"); assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo(IdTokenClaimNames.SUB); assertThat(providerDetails.getJwkSetUri()).isEqualTo("https://www.googleapis.com/oauth2/v3/certs"); assertThat(providerDetails.getIssuerUri()).isEqualTo("https://accounts.google.com"); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL); assertThat(registration.getScopes()).containsOnly("openid", "profile", "email"); @@ -65,7 +65,7 @@ public class CommonOAuth2ProviderTests { assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo("id"); assertThat(providerDetails.getJwkSetUri()).isNull(); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL); assertThat(registration.getScopes()).containsOnly("read:user"); @@ -80,11 +80,11 @@ public class CommonOAuth2ProviderTests { assertThat(providerDetails.getAuthorizationUri()).isEqualTo("https://www.facebook.com/v2.8/dialog/oauth"); assertThat(providerDetails.getTokenUri()).isEqualTo("https://graph.facebook.com/v2.8/oauth/access_token"); assertThat(providerDetails.getUserInfoEndpoint().getUri()) - .isEqualTo("https://graph.facebook.com/me?fields=id,name,email"); + .isEqualTo("https://graph.facebook.com/me?fields=id,name,email"); assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo("id"); assertThat(providerDetails.getJwkSetUri()).isNull(); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_POST); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_POST); assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL); assertThat(registration.getScopes()).containsOnly("public_profile", "email"); @@ -95,8 +95,11 @@ public class CommonOAuth2ProviderTests { @Test public void getBuilderWhenOktaShouldHaveOktaSettings() { ClientRegistration registration = builder(CommonOAuth2Provider.OKTA) - .authorizationUri("https://example.com/auth").tokenUri("https://example.com/token") - .userInfoUri("https://example.com/info").jwkSetUri("https://example.com/jwkset").build(); + .authorizationUri("https://example.com/auth") + .tokenUri("https://example.com/token") + .userInfoUri("https://example.com/info") + .jwkSetUri("https://example.com/jwkset") + .build(); ProviderDetails providerDetails = registration.getProviderDetails(); assertThat(providerDetails.getAuthorizationUri()).isEqualTo("https://example.com/auth"); assertThat(providerDetails.getTokenUri()).isEqualTo("https://example.com/token"); @@ -104,7 +107,7 @@ public class CommonOAuth2ProviderTests { assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo(IdTokenClaimNames.SUB); assertThat(providerDetails.getJwkSetUri()).isEqualTo("https://example.com/jwkset"); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL); assertThat(registration.getScopes()).containsOnly("openid", "profile", "email"); diff --git a/config/src/test/java/org/springframework/security/config/saml2/RelyingPartyRegistrationsBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/saml2/RelyingPartyRegistrationsBeanDefinitionParserTests.java index b891b31f32..0d89c36370 100644 --- a/config/src/test/java/org/springframework/security/config/saml2/RelyingPartyRegistrationsBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/saml2/RelyingPartyRegistrationsBeanDefinitionParserTests.java @@ -140,28 +140,28 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests { String metadataConfig = METADATA_LOCATION_XML_CONFIG.replace("${metadata-location}", serverUrl); this.spring.context(metadataConfig).autowire(); assertThat(this.relyingPartyRegistrationRepository) - .isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class); + .isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class); RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository - .findByRegistrationId("one"); + .findByRegistrationId("one"); RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails = relyingPartyRegistration - .getAssertingPartyDetails(); + .getAssertingPartyDetails(); assertThat(relyingPartyRegistration).isNotNull(); assertThat(relyingPartyRegistration.getRegistrationId()).isEqualTo("one"); assertThat(relyingPartyRegistration.getEntityId()) - .isEqualTo("{baseUrl}/saml2/service-provider-metadata/{registrationId}"); + .isEqualTo("{baseUrl}/saml2/service-provider-metadata/{registrationId}"); assertThat(relyingPartyRegistration.getAssertionConsumerServiceLocation()) - .isEqualTo("{baseUrl}/login/saml2/sso/{registrationId}"); + .isEqualTo("{baseUrl}/login/saml2/sso/{registrationId}"); assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()).isEqualTo(Saml2MessageBinding.POST); assertThat(assertingPartyDetails.getEntityId()) - .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"); + .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"); assertThat(assertingPartyDetails.getWantAuthnRequestsSigned()).isFalse(); assertThat(assertingPartyDetails.getVerificationX509Credentials()).hasSize(1); assertThat(assertingPartyDetails.getEncryptionX509Credentials()).hasSize(1); assertThat(assertingPartyDetails.getSingleSignOnServiceLocation()) - .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"); + .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"); assertThat(assertingPartyDetails.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT); assertThat(assertingPartyDetails.getSigningAlgorithms()) - .containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); + .containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); } @Test @@ -175,63 +175,63 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests { serverUrl); this.spring.context(metadataConfig).autowire(); assertThat(this.relyingPartyRegistrationRepository) - .isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class); + .isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class); RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository - .findByRegistrationId("one"); + .findByRegistrationId("one"); RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails = relyingPartyRegistration - .getAssertingPartyDetails(); + .getAssertingPartyDetails(); assertThat(relyingPartyRegistration).isNotNull(); assertThat(relyingPartyRegistration.getRegistrationId()).isEqualTo("one"); assertThat(relyingPartyRegistration.getEntityId()).isEqualTo("https://rp.example.org"); assertThat(relyingPartyRegistration.getAssertionConsumerServiceLocation()) - .isEqualTo("https://rp.example.org/location"); + .isEqualTo("https://rp.example.org/location"); assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()) - .isEqualTo(Saml2MessageBinding.REDIRECT); + .isEqualTo(Saml2MessageBinding.REDIRECT); assertThat(assertingPartyDetails.getEntityId()) - .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"); + .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"); assertThat(assertingPartyDetails.getWantAuthnRequestsSigned()).isFalse(); assertThat(assertingPartyDetails.getVerificationX509Credentials()).hasSize(1); assertThat(assertingPartyDetails.getEncryptionX509Credentials()).hasSize(1); assertThat(assertingPartyDetails.getSingleSignOnServiceLocation()) - .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"); + .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"); assertThat(assertingPartyDetails.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.REDIRECT); assertThat(assertingPartyDetails.getSigningAlgorithms()) - .containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); + .containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); } @Test public void parseWhenSingleRelyingPartyRegistrationThenAvailableInRepository() { this.spring.configLocations(xml("SingleRegistration")).autowire(); assertThat(this.relyingPartyRegistrationRepository) - .isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class); + .isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class); RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository - .findByRegistrationId("one"); + .findByRegistrationId("one"); RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails = relyingPartyRegistration - .getAssertingPartyDetails(); + .getAssertingPartyDetails(); assertThat(relyingPartyRegistration).isNotNull(); assertThat(relyingPartyRegistration.getRegistrationId()).isEqualTo("one"); assertThat(relyingPartyRegistration.getEntityId()) - .isEqualTo("{baseUrl}/saml2/service-provider-metadata/{registrationId}"); + .isEqualTo("{baseUrl}/saml2/service-provider-metadata/{registrationId}"); assertThat(relyingPartyRegistration.getAssertionConsumerServiceLocation()) - .isEqualTo("{baseUrl}/login/saml2/sso/{registrationId}"); + .isEqualTo("{baseUrl}/login/saml2/sso/{registrationId}"); assertThat(relyingPartyRegistration.getAssertionConsumerServiceBinding()) - .isEqualTo(Saml2MessageBinding.REDIRECT); + .isEqualTo(Saml2MessageBinding.REDIRECT); assertThat(assertingPartyDetails.getEntityId()).isEqualTo("https://accounts.google.com/o/saml2/idp/entity-id"); assertThat(assertingPartyDetails.getWantAuthnRequestsSigned()).isTrue(); assertThat(assertingPartyDetails.getSingleSignOnServiceLocation()) - .isEqualTo("https://accounts.google.com/o/saml2/idp/sso-url"); + .isEqualTo("https://accounts.google.com/o/saml2/idp/sso-url"); assertThat(assertingPartyDetails.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.POST); assertThat(assertingPartyDetails.getVerificationX509Credentials()).hasSize(1); assertThat(assertingPartyDetails.getEncryptionX509Credentials()).hasSize(1); assertThat(assertingPartyDetails.getSigningAlgorithms()) - .containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); + .containsExactly("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); } @Test public void parseWhenMultiRelyingPartyRegistrationThenAvailableInRepository() { this.spring.configLocations(xml("MultiRegistration")).autowire(); assertThat(this.relyingPartyRegistrationRepository) - .isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class); + .isInstanceOf(InMemoryRelyingPartyRegistrationRepository.class); RelyingPartyRegistration one = this.relyingPartyRegistrationRepository.findByRegistrationId("one"); RelyingPartyRegistration.AssertingPartyDetails google = one.getAssertingPartyDetails(); RelyingPartyRegistration two = this.relyingPartyRegistrationRepository.findByRegistrationId("two"); @@ -244,7 +244,7 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests { assertThat(google.getEntityId()).isEqualTo("https://accounts.google.com/o/saml2/idp/entity-id"); assertThat(google.getWantAuthnRequestsSigned()).isTrue(); assertThat(google.getSingleSignOnServiceLocation()) - .isEqualTo("https://accounts.google.com/o/saml2/idp/sso-url"); + .isEqualTo("https://accounts.google.com/o/saml2/idp/sso-url"); assertThat(google.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.POST); assertThat(google.getVerificationX509Credentials()).hasSize(1); assertThat(google.getEncryptionX509Credentials()).hasSize(1); @@ -255,10 +255,10 @@ public class RelyingPartyRegistrationsBeanDefinitionParserTests { assertThat(two.getAssertionConsumerServiceLocation()).isEqualTo("{baseUrl}/login/saml2/sso/{registrationId}"); assertThat(two.getAssertionConsumerServiceBinding()).isEqualTo(Saml2MessageBinding.POST); assertThat(simpleSaml.getEntityId()) - .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"); + .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"); assertThat(simpleSaml.getWantAuthnRequestsSigned()).isFalse(); assertThat(simpleSaml.getSingleSignOnServiceLocation()) - .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"); + .isEqualTo("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"); assertThat(simpleSaml.getSingleSignOnServiceBinding()).isEqualTo(Saml2MessageBinding.POST); assertThat(simpleSaml.getVerificationX509Credentials()).hasSize(1); assertThat(simpleSaml.getEncryptionX509Credentials()).hasSize(1); diff --git a/config/src/test/java/org/springframework/security/config/test/SpringTestParentApplicationContextExecutionListener.java b/config/src/test/java/org/springframework/security/config/test/SpringTestParentApplicationContextExecutionListener.java index d0ea038d55..a2f4fde703 100644 --- a/config/src/test/java/org/springframework/security/config/test/SpringTestParentApplicationContextExecutionListener.java +++ b/config/src/test/java/org/springframework/security/config/test/SpringTestParentApplicationContextExecutionListener.java @@ -31,7 +31,7 @@ public class SpringTestParentApplicationContextExecutionListener implements Test ApplicationContext parent = testContext.getApplicationContext(); Object testInstance = testContext.getTestInstance(); getContexts(testInstance).forEach((springTestContext) -> springTestContext - .postProcessor((applicationContext) -> applicationContext.setParent(parent))); + .postProcessor((applicationContext) -> applicationContext.setParent(parent))); } private static List getContexts(Object test) throws IllegalAccessException { diff --git a/config/src/test/java/org/springframework/security/config/util/SpringSecurityVersions.java b/config/src/test/java/org/springframework/security/config/util/SpringSecurityVersions.java index 672f7de4aa..3814c60fb8 100644 --- a/config/src/test/java/org/springframework/security/config/util/SpringSecurityVersions.java +++ b/config/src/test/java/org/springframework/security/config/util/SpringSecurityVersions.java @@ -34,7 +34,7 @@ public final class SpringSecurityVersions { public static String getCurrentXsdVersionFromSpringSchemas() { Properties properties = new Properties(); try (InputStream is = SpringSecurityCoreVersion.class.getClassLoader() - .getResourceAsStream("META-INF/spring.schemas")) { + .getResourceAsStream("META-INF/spring.schemas")) { properties.load(is); } catch (IOException ex) { @@ -42,7 +42,7 @@ public final class SpringSecurityVersions { } String inPackageLocation = properties - .getProperty("https://www.springframework.org/schema/security/spring-security.xsd"); + .getProperty("https://www.springframework.org/schema/security/spring-security.xsd"); Matcher matcher = SCHEMA_VERSION_PATTERN.matcher(inPackageLocation); if (matcher.find()) { return matcher.group(0); diff --git a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java index f47a095f09..45efb31d88 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java @@ -35,8 +35,13 @@ public class AuthorizeExchangeSpecTests { @Test public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() { - this.http.csrf().disable().authorizeExchange().pathMatchers(HttpMethod.POST, "/a", "/b").denyAll().anyExchange() - .permitAll(); + this.http.csrf() + .disable() + .authorizeExchange() + .pathMatchers(HttpMethod.POST, "/a", "/b") + .denyAll() + .anyExchange() + .permitAll(); WebTestClient client = buildClient(); // @formatter:off client.get() @@ -84,8 +89,8 @@ public class AuthorizeExchangeSpecTests { @Test public void antMatchersWhenPatternsInLambdaThenAnyMethod() { - this.http.csrf(ServerHttpSecurity.CsrfSpec::disable).authorizeExchange( - (exchanges) -> exchanges.pathMatchers("/a", "/b").denyAll().anyExchange().permitAll()); + this.http.csrf(ServerHttpSecurity.CsrfSpec::disable) + .authorizeExchange((exchanges) -> exchanges.pathMatchers("/a", "/b").denyAll().anyExchange().permitAll()); WebTestClient client = buildClient(); // @formatter:off client.get() @@ -111,7 +116,7 @@ public class AuthorizeExchangeSpecTests { public void antMatchersWhenNoAccessAndAnotherMatcherThenThrowsException() { this.http.authorizeExchange().pathMatchers("/incomplete"); assertThatIllegalStateException() - .isThrownBy(() -> this.http.authorizeExchange().pathMatchers("/throws-exception")); + .isThrownBy(() -> this.http.authorizeExchange().pathMatchers("/throws-exception")); } @Test diff --git a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java index 3e9f76551d..d504ea17f1 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java @@ -102,8 +102,9 @@ public class FormLoginTests { @Test public void formLoginWhenDefaultsInLambdaThenCreatesDefaultLoginPage() { SecurityWebFilterChain securityWebFilter = this.http - .authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()).formLogin(withDefaults()) - .build(); + .authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()) + .formLogin(withDefaults()) + .build(); WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build(); DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt(); @@ -269,9 +270,9 @@ public class FormLoginTests { ReactiveAuthenticationManager defaultAuthenticationManager = mock(ReactiveAuthenticationManager.class); ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class); given(defaultAuthenticationManager.authenticate(any())) - .willThrow(new RuntimeException("should not interact with default auth manager")); + .willThrow(new RuntimeException("should not interact with default auth manager")); given(customAuthenticationManager.authenticate(any())) - .willReturn(Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_USER", "ROLE_ADMIN"))); + .willReturn(Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_USER", "ROLE_ADMIN"))); // @formatter:off SecurityWebFilterChain securityWebFilter = this.http .authenticationManager(defaultAuthenticationManager) diff --git a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java index 001b965d96..8f04e20100 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java @@ -459,7 +459,7 @@ public class HeaderSpecTests { public void headersWhenCrossOriginPoliciesCustomEnabledThenCustomCrossOriginPoliciesWritten() { this.expectedHeaders.add(CrossOriginOpenerPolicyServerHttpHeadersWriter.OPENER_POLICY, CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy.SAME_ORIGIN_ALLOW_POPUPS - .getPolicy()); + .getPolicy()); this.expectedHeaders.add(CrossOriginEmbedderPolicyServerHttpHeadersWriter.EMBEDDER_POLICY, CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy.REQUIRE_CORP.getPolicy()); this.expectedHeaders.add(CrossOriginResourcePolicyServerHttpHeadersWriter.RESOURCE_POLICY, @@ -482,7 +482,7 @@ public class HeaderSpecTests { public void headersWhenCrossOriginPoliciesCustomEnabledInLambdaThenCustomCrossOriginPoliciesWritten() { this.expectedHeaders.add(CrossOriginOpenerPolicyServerHttpHeadersWriter.OPENER_POLICY, CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy.SAME_ORIGIN_ALLOW_POPUPS - .getPolicy()); + .getPolicy()); this.expectedHeaders.add(CrossOriginEmbedderPolicyServerHttpHeadersWriter.EMBEDDER_POLICY, CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy.REQUIRE_CORP.getPolicy()); this.expectedHeaders.add(CrossOriginResourcePolicyServerHttpHeadersWriter.RESOURCE_POLICY, @@ -511,8 +511,10 @@ public class HeaderSpecTests { private void assertHeaders() { WebTestClient client = buildClient(); - FluxExchangeResult response = client.get().uri("https://example.com/").exchange() - .returnResult(String.class); + FluxExchangeResult response = client.get() + .uri("https://example.com/") + .exchange() + .returnResult(String.class); Map> responseHeaders = response.getResponseHeaders(); if (!this.expectedHeaders.isEmpty()) { assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(this.expectedHeaders); diff --git a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java index a2bdd792fc..a9f633b37a 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/LogoutSpecTests.java @@ -58,7 +58,8 @@ public class LogoutSpecTests { .build(); // @formatter:on FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage - .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); + .to(driver, FormLoginTests.DefaultLoginPage.class) + .assertAt(); // @formatter:off loginPage = loginPage.loginForm() .username("user") @@ -95,7 +96,8 @@ public class LogoutSpecTests { .build(); // @formatter:on FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage - .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); + .to(driver, FormLoginTests.DefaultLoginPage.class) + .assertAt(); // @formatter:off loginPage = loginPage.loginForm() .username("user") @@ -132,7 +134,8 @@ public class LogoutSpecTests { .build(); // @formatter:on FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage - .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); + .to(driver, FormLoginTests.DefaultLoginPage.class) + .assertAt(); // @formatter:off loginPage = loginPage.loginForm() .username("user") @@ -166,7 +169,8 @@ public class LogoutSpecTests { .build(); // @formatter:on FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage - .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); + .to(driver, FormLoginTests.DefaultLoginPage.class) + .assertAt(); // @formatter:off FormLoginTests.HomePage homePage = loginPage.loginForm() .username("user") @@ -199,7 +203,8 @@ public class LogoutSpecTests { .build(); // @formatter:on FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage - .to(driver, FormLoginTests.DefaultLoginPage.class).assertAt(); + .to(driver, FormLoginTests.DefaultLoginPage.class) + .assertAt(); // @formatter:off FormLoginTests.HomePage homePage = loginPage.loginForm() .username("user") diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java index 6d892b708c..ab5097943e 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java @@ -93,11 +93,11 @@ public class OAuth2ClientSpecTests { public void registeredOAuth2AuthorizedClientWhenAuthenticatedThenRedirects() { this.spring.register(Config.class, AuthorizedClientController.class).autowire(); ReactiveClientRegistrationRepository repository = this.spring.getContext() - .getBean(ReactiveClientRegistrationRepository.class); + .getBean(ReactiveClientRegistrationRepository.class); ServerOAuth2AuthorizedClientRepository authorizedClientRepository = this.spring.getContext() - .getBean(ServerOAuth2AuthorizedClientRepository.class); + .getBean(ServerOAuth2AuthorizedClientRepository.class); given(repository.findByRegistrationId(any())) - .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); + .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); // @formatter:off this.client.get() @@ -111,11 +111,11 @@ public class OAuth2ClientSpecTests { public void registeredOAuth2AuthorizedClientWhenAnonymousThenRedirects() { this.spring.register(Config.class, AuthorizedClientController.class).autowire(); ReactiveClientRegistrationRepository repository = this.spring.getContext() - .getBean(ReactiveClientRegistrationRepository.class); + .getBean(ReactiveClientRegistrationRepository.class); ServerOAuth2AuthorizedClientRepository authorizedClientRepository = this.spring.getContext() - .getBean(ServerOAuth2AuthorizedClientRepository.class); + .getBean(ServerOAuth2AuthorizedClientRepository.class); given(repository.findByRegistrationId(any())) - .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); + .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); given(authorizedClientRepository.loadAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); // @formatter:off this.client.get() @@ -127,24 +127,27 @@ public class OAuth2ClientSpecTests { @Test public void oauth2ClientWhenCustomObjectsThenUsed() { - this.spring.register(ClientRegistrationConfig.class, OAuth2ClientCustomConfig.class, - AuthorizedClientController.class).autowire(); + this.spring + .register(ClientRegistrationConfig.class, OAuth2ClientCustomConfig.class, AuthorizedClientController.class) + .autowire(); OAuth2ClientCustomConfig config = this.spring.getContext().getBean(OAuth2ClientCustomConfig.class); ServerAuthenticationConverter converter = config.authenticationConverter; ReactiveAuthenticationManager manager = config.manager; ServerAuthorizationRequestRepository authorizationRequestRepository = config.authorizationRequestRepository; ServerRequestCache requestCache = config.requestCache; OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .redirectUri("/authorize/oauth2/code/registration-id").build(); + .redirectUri("/authorize/oauth2/code/registration-id") + .build(); OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success() - .redirectUri("/authorize/oauth2/code/registration-id").build(); + .redirectUri("/authorize/oauth2/code/registration-id") + .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes(); OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken( this.registration, authorizationExchange, accessToken); given(authorizationRequestRepository.loadAuthorizationRequest(any())) - .willReturn(Mono.just(authorizationRequest)); + .willReturn(Mono.just(authorizationRequest)); given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c"))); given(manager.authenticate(any())).willReturn(Mono.just(result)); given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request"))); @@ -166,25 +169,29 @@ public class OAuth2ClientSpecTests { @Test public void oauth2ClientWhenCustomObjectsInLambdaThenUsed() { - this.spring.register(ClientRegistrationConfig.class, OAuth2ClientInLambdaCustomConfig.class, - AuthorizedClientController.class).autowire(); + this.spring + .register(ClientRegistrationConfig.class, OAuth2ClientInLambdaCustomConfig.class, + AuthorizedClientController.class) + .autowire(); OAuth2ClientInLambdaCustomConfig config = this.spring.getContext() - .getBean(OAuth2ClientInLambdaCustomConfig.class); + .getBean(OAuth2ClientInLambdaCustomConfig.class); ServerAuthenticationConverter converter = config.authenticationConverter; ReactiveAuthenticationManager manager = config.manager; ServerAuthorizationRequestRepository authorizationRequestRepository = config.authorizationRequestRepository; ServerRequestCache requestCache = config.requestCache; OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .redirectUri("/authorize/oauth2/code/registration-id").build(); + .redirectUri("/authorize/oauth2/code/registration-id") + .build(); OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success() - .redirectUri("/authorize/oauth2/code/registration-id").build(); + .redirectUri("/authorize/oauth2/code/registration-id") + .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes(); OAuth2AuthorizationCodeAuthenticationToken result = new OAuth2AuthorizationCodeAuthenticationToken( this.registration, authorizationExchange, accessToken); given(authorizationRequestRepository.loadAuthorizationRequest(any())) - .willReturn(Mono.just(authorizationRequest)); + .willReturn(Mono.just(authorizationRequest)); given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c"))); given(manager.authenticate(any())).willReturn(Mono.just(result)); given(requestCache.getRedirectUri(any())).willReturn(Mono.just(URI.create("/saved-request"))); diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java index 19e346097c..0aa876fca9 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java @@ -129,11 +129,15 @@ public class OAuth2LoginTests { @Autowired private WebFilterChainProxy springSecurity; - private static ClientRegistration github = CommonOAuth2Provider.GITHUB.getBuilder("github").clientId("client") - .clientSecret("secret").build(); + private static ClientRegistration github = CommonOAuth2Provider.GITHUB.getBuilder("github") + .clientId("client") + .clientSecret("secret") + .build(); - private static ClientRegistration google = CommonOAuth2Provider.GOOGLE.getBuilder("google").clientId("client") - .clientSecret("secret").build(); + private static ClientRegistration google = CommonOAuth2Provider.GOOGLE.getBuilder("google") + .clientId("client") + .clientSecret("secret") + .build(); // @formatter:off private static ClientRegistration clientCredentials = TestClientRegistrations.clientCredentials() @@ -235,8 +239,10 @@ public class OAuth2LoginTests { @Test public void defaultLoginPageWithOAuth2LoginHttpBasicAndXhrRequestThenUnauthorized() { - this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginWithHttpBasic.class, - WebFluxConfig.class).autowire(); + this.spring + .register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginWithHttpBasic.class, + WebFluxConfig.class) + .autowire(); // @formatter:off this.client.get() .uri("/") @@ -248,10 +254,12 @@ public class OAuth2LoginTests { @Test public void oauth2AuthorizeWhenCustomObjectsThenUsed() { - this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2AuthorizeWithMockObjectsConfig.class, - AuthorizedClientController.class).autowire(); + this.spring + .register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2AuthorizeWithMockObjectsConfig.class, + AuthorizedClientController.class) + .autowire(); OAuth2AuthorizeWithMockObjectsConfig config = this.spring.getContext() - .getBean(OAuth2AuthorizeWithMockObjectsConfig.class); + .getBean(OAuth2AuthorizeWithMockObjectsConfig.class); ServerOAuth2AuthorizedClientRepository authorizedClientRepository = config.authorizedClientRepository; ServerAuthorizationRequestRepository authorizationRequestRepository = config.authorizationRequestRepository; ServerRequestCache requestCache = config.requestCache; @@ -272,12 +280,13 @@ public class OAuth2LoginTests { @Test public void oauth2LoginWhenCustomObjectsThenUsed() { - this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, - OAuth2LoginMockAuthenticationManagerConfig.class).autowire(); + this.spring + .register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerConfig.class) + .autowire(); String redirectLocation = "/custom-redirect-location"; WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext() - .getBean(OAuth2LoginMockAuthenticationManagerConfig.class); + .getBean(OAuth2LoginMockAuthenticationManagerConfig.class); ServerAuthenticationConverter converter = config.authenticationConverter; ReactiveAuthenticationManager manager = config.manager; ServerWebExchangeMatcher matcher = config.matcher; @@ -296,7 +305,7 @@ public class OAuth2LoginTests { WebFilterExchange webFilterExchange = invocation.getArgument(0); Authentication authentication = invocation.getArgument(1); return new RedirectServerAuthenticationSuccessHandler(redirectLocation) - .onAuthenticationSuccess(webFilterExchange, authentication); + .onAuthenticationSuccess(webFilterExchange, authentication); }); // @formatter:off webTestClient.get() @@ -314,8 +323,9 @@ public class OAuth2LoginTests { @Test public void oauth2LoginFailsWhenCustomObjectsThenUsed() { - this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, - OAuth2LoginMockAuthenticationManagerConfig.class).autowire(); + this.spring + .register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerConfig.class) + .autowire(); String redirectLocation = "/custom-redirect-location"; String failureRedirectLocation = "/failure-redirect-location"; // @formatter:off @@ -324,7 +334,7 @@ public class OAuth2LoginTests { .build(); // @formatter:on OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext() - .getBean(OAuth2LoginMockAuthenticationManagerConfig.class); + .getBean(OAuth2LoginMockAuthenticationManagerConfig.class); ServerAuthenticationConverter converter = config.authenticationConverter; ReactiveAuthenticationManager manager = config.manager; ServerWebExchangeMatcher matcher = config.matcher; @@ -333,20 +343,20 @@ public class OAuth2LoginTests { ServerAuthenticationFailureHandler failureHandler = config.failureHandler; given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c"))); given(manager.authenticate(any())) - .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("error"), "message"))); + .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("error"), "message"))); given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match()); given(resolver.resolve(any())).willReturn(Mono.empty()); given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer>) (invocation) -> { WebFilterExchange webFilterExchange = invocation.getArgument(0); Authentication authentication = invocation.getArgument(1); return new RedirectServerAuthenticationSuccessHandler(redirectLocation) - .onAuthenticationSuccess(webFilterExchange, authentication); + .onAuthenticationSuccess(webFilterExchange, authentication); }); given(failureHandler.onAuthenticationFailure(any(), any())).willAnswer((Answer>) (invocation) -> { WebFilterExchange webFilterExchange = invocation.getArgument(0); AuthenticationException authenticationException = invocation.getArgument(1); return new RedirectServerAuthenticationFailureHandler(failureRedirectLocation) - .onAuthenticationFailure(webFilterExchange, authenticationException); + .onAuthenticationFailure(webFilterExchange, authenticationException); }); // @formatter:off webTestClient.get() @@ -364,12 +374,14 @@ public class OAuth2LoginTests { @Test public void oauth2LoginWhenCustomObjectsInLambdaThenUsed() { - this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, - OAuth2LoginMockAuthenticationManagerInLambdaConfig.class).autowire(); + this.spring + .register(OAuth2LoginWithSingleClientRegistrations.class, + OAuth2LoginMockAuthenticationManagerInLambdaConfig.class) + .autowire(); String redirectLocation = "/custom-redirect-location"; WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); OAuth2LoginMockAuthenticationManagerInLambdaConfig config = this.spring.getContext() - .getBean(OAuth2LoginMockAuthenticationManagerInLambdaConfig.class); + .getBean(OAuth2LoginMockAuthenticationManagerInLambdaConfig.class); ServerAuthenticationConverter converter = config.authenticationConverter; ReactiveAuthenticationManager manager = config.manager; ServerWebExchangeMatcher matcher = config.matcher; @@ -388,7 +400,7 @@ public class OAuth2LoginTests { WebFilterExchange webFilterExchange = invocation.getArgument(0); Authentication authentication = invocation.getArgument(1); return new RedirectServerAuthenticationSuccessHandler(redirectLocation) - .onAuthenticationSuccess(webFilterExchange, authentication); + .onAuthenticationSuccess(webFilterExchange, authentication); }); // @formatter:off webTestClient.get() @@ -407,14 +419,14 @@ public class OAuth2LoginTests { @Test public void oauth2LoginWhenCustomBeansThenUsed() { this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class) - .autowire(); + .autowire(); // @formatter:off WebTestClient webTestClient = WebTestClientBuilder .bindToWebFilters(this.springSecurity) .build(); // @formatter:on OAuth2LoginWithCustomBeansConfig config = this.spring.getContext() - .getBean(OAuth2LoginWithCustomBeansConfig.class); + .getBean(OAuth2LoginWithCustomBeansConfig.class); OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build(); OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build(); OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response); @@ -456,7 +468,7 @@ public class OAuth2LoginTests { @Test public void oauth2LoginWhenAccessTokenRequestFailsThenDefaultRedirectToLogin() { this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class) - .autowire(); + .autowire(); // @formatter:off WebTestClient webTestClient = WebTestClientBuilder .bindToWebFilters(this.springSecurity) @@ -472,7 +484,7 @@ public class OAuth2LoginTests { OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeAuthenticationToken( google, exchange, accessToken); OAuth2LoginWithCustomBeansConfig config = this.spring.getContext() - .getBean(OAuth2LoginWithCustomBeansConfig.class); + .getBean(OAuth2LoginWithCustomBeansConfig.class); ServerAuthenticationConverter converter = config.authenticationConverter; given(converter.convert(any())).willReturn(Mono.just(authenticationToken)); ReactiveOAuth2AccessTokenResponseClient tokenResponseClient = config.tokenResponseClient; @@ -491,10 +503,10 @@ public class OAuth2LoginTests { @Test public void oauth2LoginWhenIdTokenValidationFailsThenDefaultRedirectToLogin() { this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class) - .autowire(); + .autowire(); WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build(); OAuth2LoginWithCustomBeansConfig config = this.spring.getContext() - .getBean(OAuth2LoginWithCustomBeansConfig.class); + .getBean(OAuth2LoginWithCustomBeansConfig.class); // @formatter:off OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests .request() @@ -525,7 +537,7 @@ public class OAuth2LoginTests { ReactiveJwtDecoderFactory jwtDecoderFactory = config.jwtDecoderFactory; OAuth2Error oauth2Error = new OAuth2Error("invalid_id_token", "Invalid ID Token", null); given(jwtDecoderFactory.createDecoder(any())).willReturn((token) -> Mono - .error(new JwtValidationException("ID Token validation failed", Collections.singleton(oauth2Error)))); + .error(new JwtValidationException("ID Token validation failed", Collections.singleton(oauth2Error)))); // @formatter:off webTestClient.get() .uri("/login/oauth2/code/google") @@ -656,7 +668,7 @@ public class OAuth2LoginTests { @Bean SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) { ReactiveUserDetailsService reactiveUserDetailsService = ReactiveAuthenticationTestConfiguration - .userDetailsService(); + .userDetailsService(); ReactiveAuthenticationManager authenticationManager = new UserDetailsRepositoryReactiveAuthenticationManager( reactiveUserDetailsService); http.authenticationManager(authenticationManager); @@ -680,7 +692,7 @@ public class OAuth2LoginTests { @Bean SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) { ReactiveUserDetailsService reactiveUserDetailsService = ReactiveAuthenticationTestConfiguration - .userDetailsService(); + .userDetailsService(); ReactiveAuthenticationManager authenticationManager = new UserDetailsRepositoryReactiveAuthenticationManager( reactiveUserDetailsService); http.authenticationManager(authenticationManager); @@ -844,8 +856,8 @@ public class OAuth2LoginTests { private final ServerSecurityContextRepository repository = mock(ServerSecurityContextRepository.class); private final ClientRegistration withLogout = TestClientRegistrations.clientRegistration() - .providerConfigurationMetadata(Collections.singletonMap("end_session_endpoint", "https://logout")) - .build(); + .providerConfigurationMetadata(Collections.singletonMap("end_session_endpoint", "https://logout")) + .build(); @Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) { diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java index 51be0c1dda..977503ca7d 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java @@ -296,9 +296,9 @@ public class OAuth2ResourceServerSpecTests { public void getWhenUsingCustomAuthenticationManagerThenUsesItAccordingly() { this.spring.register(CustomAuthenticationManagerConfig.class).autowire(); ReactiveAuthenticationManager authenticationManager = this.spring.getContext() - .getBean(ReactiveAuthenticationManager.class); + .getBean(ReactiveAuthenticationManager.class); given(authenticationManager.authenticate(any(Authentication.class))) - .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure")))); + .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure")))); // @formatter:off this.client.get() .headers((headers) -> headers @@ -314,9 +314,9 @@ public class OAuth2ResourceServerSpecTests { public void getWhenUsingCustomAuthenticationManagerInLambdaThenUsesItAccordingly() { this.spring.register(CustomAuthenticationManagerInLambdaConfig.class).autowire(); ReactiveAuthenticationManager authenticationManager = this.spring.getContext() - .getBean(ReactiveAuthenticationManager.class); + .getBean(ReactiveAuthenticationManager.class); given(authenticationManager.authenticate(any(Authentication.class))) - .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure")))); + .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure")))); // @formatter:off this.client.get() .headers((headers) -> headers @@ -332,13 +332,14 @@ public class OAuth2ResourceServerSpecTests { public void getWhenUsingCustomAuthenticationManagerResolverThenUsesItAccordingly() { this.spring.register(CustomAuthenticationManagerResolverConfig.class).autowire(); ReactiveAuthenticationManagerResolver authenticationManagerResolver = this.spring - .getContext().getBean(ReactiveAuthenticationManagerResolver.class); + .getContext() + .getBean(ReactiveAuthenticationManagerResolver.class); ReactiveAuthenticationManager authenticationManager = this.spring.getContext() - .getBean(ReactiveAuthenticationManager.class); + .getBean(ReactiveAuthenticationManager.class); given(authenticationManagerResolver.resolve(any(ServerWebExchange.class))) - .willReturn(Mono.just(authenticationManager)); + .willReturn(Mono.just(authenticationManager)); given(authenticationManager.authenticate(any(Authentication.class))) - .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure")))); + .willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure")))); // @formatter:off this.client.get() .headers((headers) -> headers @@ -354,11 +355,11 @@ public class OAuth2ResourceServerSpecTests { public void getWhenUsingCustomAuthenticationFailureHandlerThenUsesIsAccordingly() { this.spring.register(CustomAuthenticationFailureHandlerConfig.class).autowire(); ServerAuthenticationFailureHandler handler = this.spring.getContext() - .getBean(ServerAuthenticationFailureHandler.class); + .getBean(ServerAuthenticationFailureHandler.class); ReactiveAuthenticationManager authenticationManager = this.spring.getContext() - .getBean(ReactiveAuthenticationManager.class); + .getBean(ReactiveAuthenticationManager.class); given(authenticationManager.authenticate(any())) - .willReturn(Mono.error(() -> new BadCredentialsException("bad"))); + .willReturn(Mono.error(() -> new BadCredentialsException("bad"))); given(handler.onAuthenticationFailure(any(), any())).willReturn(Mono.empty()); // @formatter:off this.client.get() @@ -558,8 +559,9 @@ public class OAuth2ResourceServerSpecTests { @Test public void introspectWhenValidThenReturnsOk() { this.spring.register(IntrospectionConfig.class, RootController.class).autowire(); - this.spring.getContext().getBean(MockWebServer.class) - .setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active)); + this.spring.getContext() + .getBean(MockWebServer.class) + .setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active)); // @formatter:off this.client.get() .headers((headers) -> headers @@ -573,8 +575,9 @@ public class OAuth2ResourceServerSpecTests { @Test public void introspectWhenValidAndIntrospectionInLambdaThenReturnsOk() { this.spring.register(IntrospectionInLambdaConfig.class, RootController.class).autowire(); - this.spring.getContext().getBean(MockWebServer.class) - .setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active)); + this.spring.getContext() + .getBean(MockWebServer.class) + .setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active)); // @formatter:off this.client.get() .headers((headers) -> headers @@ -588,19 +591,20 @@ public class OAuth2ResourceServerSpecTests { @Test public void configureWhenUsingBothAuthenticationManagerResolverAndOpaqueThenWiringException() { assertThatExceptionOfType(BeanCreationException.class) - .isThrownBy(() -> this.spring.register(AuthenticationManagerResolverPlusOtherConfig.class).autowire()) - .withMessageContaining("authenticationManagerResolver"); + .isThrownBy(() -> this.spring.register(AuthenticationManagerResolverPlusOtherConfig.class).autowire()) + .withMessageContaining("authenticationManagerResolver"); } @Test public void getWhenCustomAuthenticationConverterThenConverts() { this.spring.register(ReactiveOpaqueTokenAuthenticationConverterConfig.class, RootController.class).autowire(); - this.spring.getContext().getBean(MockWebServer.class) - .setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active)); + this.spring.getContext() + .getBean(MockWebServer.class) + .setDispatcher(requiresAuth(this.clientId, this.clientSecret, this.active)); ReactiveOpaqueTokenAuthenticationConverter authenticationConverter = this.spring.getContext() - .getBean(ReactiveOpaqueTokenAuthenticationConverter.class); + .getBean(ReactiveOpaqueTokenAuthenticationConverter.class); given(authenticationConverter.convert(anyString(), any(OAuth2AuthenticatedPrincipal.class))) - .willReturn(Mono.just(new TestingAuthenticationToken("jdoe", null, Collections.emptyList()))); + .willReturn(Mono.just(new TestingAuthenticationToken("jdoe", null, Collections.emptyList()))); // @formatter:off this.client.get() .headers((headers) -> headers @@ -632,8 +636,8 @@ public class OAuth2ResourceServerSpecTests { } private static MockResponse ok(String response) { - return new MockResponse().setBody(response).setHeader(org.springframework.http.HttpHeaders.CONTENT_TYPE, - MediaType.APPLICATION_JSON_VALUE); + return new MockResponse().setBody(response) + .setHeader(org.springframework.http.HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); } private static MockResponse unauthorized() { @@ -965,7 +969,7 @@ public class OAuth2ResourceServerSpecTests { @Bean ServerAuthenticationConverter bearerTokenAuthenticationConverter() { return (exchange) -> Mono.justOrEmpty(exchange.getRequest().getCookies().getFirst("TOKEN").getValue()) - .map(BearerTokenAuthenticationToken::new); + .map(BearerTokenAuthenticationToken::new); } } diff --git a/config/src/test/java/org/springframework/security/config/web/server/PasswordManagementSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/PasswordManagementSpecTests.java index 974ae4eb8a..e4e24ff184 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/PasswordManagementSpecTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/PasswordManagementSpecTests.java @@ -40,8 +40,13 @@ public class PasswordManagementSpecTests { this.http.passwordManagement(); WebTestClient client = buildClient(); - client.get().uri("/.well-known/change-password").exchange().expectStatus().isFound().expectHeader() - .valueEquals(HttpHeaders.LOCATION, "/change-password"); + client.get() + .uri("/.well-known/change-password") + .exchange() + .expectStatus() + .isFound() + .expectHeader() + .valueEquals(HttpHeaders.LOCATION, "/change-password"); } @Test @@ -50,8 +55,13 @@ public class PasswordManagementSpecTests { (passwordManagement) -> passwordManagement.changePasswordPage("/custom-change-password-page")); WebTestClient client = buildClient(); - client.get().uri("/.well-known/change-password").exchange().expectStatus().isFound().expectHeader() - .valueEquals(HttpHeaders.LOCATION, "/custom-change-password-page"); + client.get() + .uri("/.well-known/change-password") + .exchange() + .expectStatus() + .isFound() + .expectHeader() + .valueEquals(HttpHeaders.LOCATION, "/custom-change-password-page"); } private WebTestClient buildClient() { @@ -61,19 +71,19 @@ public class PasswordManagementSpecTests { @Test public void whenSettingNullChangePasswordPage() { assertThatIllegalArgumentException().isThrownBy(() -> this.http.passwordManagement().changePasswordPage(null)) - .withMessage("changePasswordPage cannot be empty"); + .withMessage("changePasswordPage cannot be empty"); } @Test public void whenSettingEmptyChangePasswordPage() { assertThatIllegalArgumentException().isThrownBy(() -> this.http.passwordManagement().changePasswordPage("")) - .withMessage("changePasswordPage cannot be empty"); + .withMessage("changePasswordPage cannot be empty"); } @Test public void whenSettingBlankChangePasswordPage() { assertThatIllegalArgumentException().isThrownBy(() -> this.http.passwordManagement().changePasswordPage(" ")) - .withMessage("changePasswordPage cannot be empty"); + .withMessage("changePasswordPage cannot be empty"); } } diff --git a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java index 149ba09b29..28a124db63 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java @@ -142,7 +142,7 @@ public class ServerHttpSecurityTests { @Test public void basic() { given(this.authenticationManager.authenticate(any())) - .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); + .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); this.http.httpBasic(); this.http.authenticationManager(this.authenticationManager); ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); @@ -166,7 +166,7 @@ public class ServerHttpSecurityTests { @Test public void basicWithGlobalWebSessionServerSecurityContextRepository() { given(this.authenticationManager.authenticate(any())) - .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); + .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); this.http.securityContextRepository(new WebSessionServerSecurityContextRepository()); this.http.httpBasic(); this.http.authenticationManager(this.authenticationManager); @@ -229,7 +229,7 @@ public class ServerHttpSecurityTests { this.http.httpBasic().authenticationManager(authenticationManager); this.http.authorizeExchange().anyExchange().authenticated(); given(authenticationManager.authenticate(any())) - .willReturn(Mono.error(() -> new BadCredentialsException("bad"))); + .willReturn(Mono.error(() -> new BadCredentialsException("bad"))); given(authenticationFailureHandler.onAuthenticationFailure(any(), any())).willReturn(Mono.empty()); WebTestClient client = buildClient(); // @formatter:off @@ -261,58 +261,64 @@ public class ServerHttpSecurityTests { SecurityWebFilterChain securityWebFilterChain = this.http.csrf().disable().build(); assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).isNotPresent(); Optional logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class) - .map((logoutWebFilter) -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter, - LogoutWebFilter.class, "logoutHandler")); + .map((logoutWebFilter) -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter, + LogoutWebFilter.class, "logoutHandler")); assertThat(logoutHandler).get().isExactlyInstanceOf(SecurityContextServerLogoutHandler.class); } @Test public void csrfServerLogoutHandlerAppliedIfCsrfIsEnabled() { - SecurityWebFilterChain securityWebFilterChain = this.http.csrf().csrfTokenRepository(this.csrfTokenRepository) - .and().build(); + SecurityWebFilterChain securityWebFilterChain = this.http.csrf() + .csrfTokenRepository(this.csrfTokenRepository) + .and() + .build(); assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).get() - .extracting((csrfWebFilter) -> ReflectionTestUtils.getField(csrfWebFilter, "csrfTokenRepository")) - .isEqualTo(this.csrfTokenRepository); + .extracting((csrfWebFilter) -> ReflectionTestUtils.getField(csrfWebFilter, "csrfTokenRepository")) + .isEqualTo(this.csrfTokenRepository); Optional logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class) - .map((logoutWebFilter) -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter, - LogoutWebFilter.class, "logoutHandler")); - assertThat(logoutHandler).get().isExactlyInstanceOf(DelegatingServerLogoutHandler.class) - .extracting((delegatingLogoutHandler) -> ((List) ReflectionTestUtils - .getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream() - .map(ServerLogoutHandler::getClass).collect(Collectors.toList())) - .isEqualTo(Arrays.asList(SecurityContextServerLogoutHandler.class, CsrfServerLogoutHandler.class)); + .map((logoutWebFilter) -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter, + LogoutWebFilter.class, "logoutHandler")); + assertThat(logoutHandler).get() + .isExactlyInstanceOf(DelegatingServerLogoutHandler.class) + .extracting((delegatingLogoutHandler) -> ((List) ReflectionTestUtils + .getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream() + .map(ServerLogoutHandler::getClass) + .collect(Collectors.toList())) + .isEqualTo(Arrays.asList(SecurityContextServerLogoutHandler.class, CsrfServerLogoutHandler.class)); } @Test @SuppressWarnings("unchecked") public void addFilterAfterIsApplied() { SecurityWebFilterChain securityWebFilterChain = this.http - .addFilterAfter(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE) - .build(); + .addFilterAfter(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE) + .build(); // @formatter:off List filters = securityWebFilterChain.getWebFilters() .map(WebFilter::getClass) .collectList() .block(); // @formatter:on - assertThat(filters).isNotNull().isNotEmpty().containsSequence(SecurityContextServerWebExchangeWebFilter.class, - TestWebFilter.class); + assertThat(filters).isNotNull() + .isNotEmpty() + .containsSequence(SecurityContextServerWebExchangeWebFilter.class, TestWebFilter.class); } @Test @SuppressWarnings("unchecked") public void addFilterBeforeIsApplied() { SecurityWebFilterChain securityWebFilterChain = this.http - .addFilterBefore(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE) - .build(); + .addFilterBefore(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE) + .build(); // @formatter:off List filters = securityWebFilterChain.getWebFilters() .map(WebFilter::getClass) .collectList() .block(); // @formatter:on - assertThat(filters).isNotNull().isNotEmpty().containsSequence(TestWebFilter.class, - SecurityContextServerWebExchangeWebFilter.class); + assertThat(filters).isNotNull() + .isNotEmpty() + .containsSequence(TestWebFilter.class, SecurityContextServerWebExchangeWebFilter.class); } @Test @@ -350,7 +356,7 @@ public class ServerHttpSecurityTests { @Test public void basicWithAnonymous() { given(this.authenticationManager.authenticate(any())) - .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); + .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); this.http.httpBasic().and().anonymous(); this.http.authenticationManager(this.authenticationManager); ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); @@ -418,7 +424,7 @@ public class ServerHttpSecurityTests { public void basicWithCustomAuthenticationManager() { ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class); given(customAuthenticationManager.authenticate(any())) - .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); + .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); // @formatter:off SecurityWebFilterChain securityFilterChain = this.http .httpBasic() @@ -446,7 +452,7 @@ public class ServerHttpSecurityTests { public void requestWhenBasicWithAuthenticationManagerInLambdaThenAuthenticationManagerUsed() { ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class); given(customAuthenticationManager.authenticate(any())) - .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); + .willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); // @formatter:off SecurityWebFilterChain securityFilterChain = this.http .httpBasic((httpBasic) -> httpBasic @@ -487,8 +493,8 @@ public class ServerHttpSecurityTests { public void x509WhenCustomizedThenAddsX509Filter() { X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class); ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class); - this.http.x509( - (x509) -> x509.principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager)); + this.http + .x509((x509) -> x509.principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager)); SecurityWebFilterChain securityWebFilterChain = this.http.build(); WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst(); assertThat(x509WebFilter).isNotNull(); @@ -523,7 +529,8 @@ public class ServerHttpSecurityTests { ServerCsrfTokenRepository customServerCsrfTokenRepository = mock(ServerCsrfTokenRepository.class); given(customServerCsrfTokenRepository.loadToken(any(ServerWebExchange.class))).willReturn(Mono.empty()); SecurityWebFilterChain securityFilterChain = this.http - .csrf((csrf) -> csrf.csrfTokenRepository(customServerCsrfTokenRepository)).build(); + .csrf((csrf) -> csrf.csrfTokenRepository(customServerCsrfTokenRepository)) + .build(); WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain); WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build(); client.post().uri("/").exchange().expectStatus().isForbidden(); @@ -537,7 +544,7 @@ public class ServerHttpSecurityTests { given(this.csrfTokenRepository.generateToken(any(ServerWebExchange.class))).willReturn(Mono.empty()); ServerCsrfTokenRequestHandler requestHandler = mock(ServerCsrfTokenRequestHandler.class); given(requestHandler.resolveCsrfTokenValue(any(ServerWebExchange.class), any(CsrfToken.class))) - .willReturn(Mono.just(csrfToken.getToken())); + .willReturn(Mono.just(csrfToken.getToken())); // @formatter:off this.http.csrf((csrf) -> csrf .csrfTokenRepository(this.csrfTokenRepository) @@ -590,15 +597,22 @@ public class ServerHttpSecurityTests { ReactiveClientRegistrationRepository clientRegistrationRepository = mock( ReactiveClientRegistrationRepository.class); SecurityWebFilterChain securityFilterChain = this.http.oauth2Login() - .clientRegistrationRepository(clientRegistrationRepository).and().authorizeExchange().anyExchange() - .authenticated().and().requestCache((c) -> c.requestCache(requestCache)).build(); + .clientRegistrationRepository(clientRegistrationRepository) + .and() + .authorizeExchange() + .anyExchange() + .authenticated() + .and() + .requestCache((c) -> c.requestCache(requestCache)) + .build(); WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build(); client.get().uri("/test").exchange(); ArgumentCaptor captor = ArgumentCaptor.forClass(ServerWebExchange.class); verify(requestCache).saveRequest(captor.capture()); assertThat(captor.getValue().getRequest().getURI().toString()).isEqualTo("/test"); OAuth2LoginAuthenticationWebFilter authenticationWebFilter = getWebFilter(securityFilterChain, - OAuth2LoginAuthenticationWebFilter.class).get(); + OAuth2LoginAuthenticationWebFilter.class) + .get(); Object handler = ReflectionTestUtils.getField(authenticationWebFilter, "authenticationSuccessHandler"); assertThat(ReflectionTestUtils.getField(handler, "requestCache")).isSameAs(requestCache); } @@ -611,10 +625,12 @@ public class ServerHttpSecurityTests { ReactiveClientRegistrationRepository.class); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().build(); given(authorizationRequestRepository.removeAuthorizationRequest(any())) - .willReturn(Mono.just(authorizationRequest)); + .willReturn(Mono.just(authorizationRequest)); SecurityWebFilterChain securityFilterChain = this.http.oauth2Login() - .clientRegistrationRepository(clientRegistrationRepository) - .authorizationRequestRepository(authorizationRequestRepository).and().build(); + .clientRegistrationRepository(clientRegistrationRepository) + .authorizationRequestRepository(authorizationRequestRepository) + .and() + .build(); WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build(); client.get().uri("/login/oauth2/code/registration-id").exchange(); verify(authorizationRequestRepository).removeAuthorizationRequest(any()); @@ -625,18 +641,21 @@ public class ServerHttpSecurityTests { ReactiveClientRegistrationRepository clientRegistrationRepository = mock( ReactiveClientRegistrationRepository.class); given(clientRegistrationRepository.findByRegistrationId(anyString())) - .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); + .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); SecurityWebFilterChain securityFilterChain = this.http.oauth2Login() - .clientRegistrationRepository(clientRegistrationRepository).and().build(); + .clientRegistrationRepository(clientRegistrationRepository) + .and() + .build(); WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build(); client.get().uri("/oauth2/authorization/registration-id").exchange().expectStatus().is3xxRedirection(); OAuth2AuthorizationRequestRedirectWebFilter filter = getWebFilter(securityFilterChain, - OAuth2AuthorizationRequestRedirectWebFilter.class).get(); + OAuth2AuthorizationRequestRedirectWebFilter.class) + .get(); assertThat(ReflectionTestUtils.getField(filter, "authorizationRedirectStrategy")) - .isInstanceOf(DefaultServerRedirectStrategy.class); + .isInstanceOf(DefaultServerRedirectStrategy.class); } @Test @@ -645,21 +664,24 @@ public class ServerHttpSecurityTests { ReactiveClientRegistrationRepository clientRegistrationRepository = mock( ReactiveClientRegistrationRepository.class); given(clientRegistrationRepository.findByRegistrationId(anyString())) - .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); + .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); given(authorizationRedirectStrategy.sendRedirect(any(), any())).willReturn(Mono.empty()); SecurityWebFilterChain securityFilterChain = this.http.oauth2Login() - .clientRegistrationRepository(clientRegistrationRepository) - .authorizationRedirectStrategy(authorizationRedirectStrategy).and().build(); + .clientRegistrationRepository(clientRegistrationRepository) + .authorizationRedirectStrategy(authorizationRedirectStrategy) + .and() + .build(); WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build(); client.get().uri("/oauth2/authorization/registration-id").exchange(); verify(authorizationRedirectStrategy).sendRedirect(any(), any()); OAuth2AuthorizationRequestRedirectWebFilter filter = getWebFilter(securityFilterChain, - OAuth2AuthorizationRequestRedirectWebFilter.class).get(); + OAuth2AuthorizationRequestRedirectWebFilter.class) + .get(); assertThat(ReflectionTestUtils.getField(filter, "authorizationRedirectStrategy")) - .isSameAs(authorizationRedirectStrategy); + .isSameAs(authorizationRedirectStrategy); } @Test @@ -667,18 +689,21 @@ public class ServerHttpSecurityTests { ReactiveClientRegistrationRepository clientRegistrationRepository = mock( ReactiveClientRegistrationRepository.class); given(clientRegistrationRepository.findByRegistrationId(anyString())) - .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); + .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); SecurityWebFilterChain securityFilterChain = this.http.oauth2Client() - .clientRegistrationRepository(clientRegistrationRepository).and().build(); + .clientRegistrationRepository(clientRegistrationRepository) + .and() + .build(); WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build(); client.get().uri("/oauth2/authorization/registration-id").exchange().expectStatus().is3xxRedirection(); OAuth2AuthorizationRequestRedirectWebFilter filter = getWebFilter(securityFilterChain, - OAuth2AuthorizationRequestRedirectWebFilter.class).get(); + OAuth2AuthorizationRequestRedirectWebFilter.class) + .get(); assertThat(ReflectionTestUtils.getField(filter, "authorizationRedirectStrategy")) - .isInstanceOf(DefaultServerRedirectStrategy.class); + .isInstanceOf(DefaultServerRedirectStrategy.class); } @Test @@ -687,21 +712,24 @@ public class ServerHttpSecurityTests { ReactiveClientRegistrationRepository clientRegistrationRepository = mock( ReactiveClientRegistrationRepository.class); given(clientRegistrationRepository.findByRegistrationId(anyString())) - .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); + .willReturn(Mono.just(TestClientRegistrations.clientRegistration().build())); given(authorizationRedirectStrategy.sendRedirect(any(), any())).willReturn(Mono.empty()); SecurityWebFilterChain securityFilterChain = this.http.oauth2Client() - .clientRegistrationRepository(clientRegistrationRepository) - .authorizationRedirectStrategy(authorizationRedirectStrategy).and().build(); + .clientRegistrationRepository(clientRegistrationRepository) + .authorizationRedirectStrategy(authorizationRedirectStrategy) + .and() + .build(); WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build(); client.get().uri("/oauth2/authorization/registration-id").exchange(); verify(authorizationRedirectStrategy).sendRedirect(any(), any()); OAuth2AuthorizationRequestRedirectWebFilter filter = getWebFilter(securityFilterChain, - OAuth2AuthorizationRequestRedirectWebFilter.class).get(); + OAuth2AuthorizationRequestRedirectWebFilter.class) + .get(); assertThat(ReflectionTestUtils.getField(filter, "authorizationRedirectStrategy")) - .isSameAs(authorizationRedirectStrategy); + .isSameAs(authorizationRedirectStrategy); } private boolean isX509Filter(WebFilter filter) { @@ -716,8 +744,11 @@ public class ServerHttpSecurityTests { } private Optional getWebFilter(SecurityWebFilterChain filterChain, Class filterClass) { - return (Optional) filterChain.getWebFilters().filter(Objects::nonNull) - .filter((filter) -> filter.getClass().isAssignableFrom(filterClass)).singleOrEmpty().blockOptional(); + return (Optional) filterChain.getWebFilters() + .filter(Objects::nonNull) + .filter((filter) -> filter.getClass().isAssignableFrom(filterClass)) + .singleOrEmpty() + .blockOptional(); } private WebTestClient buildClient() { @@ -730,9 +761,10 @@ public class ServerHttpSecurityTests { @GetMapping("/**") Mono pathWithinApplicationFromContext() { - return Mono.subscriberContext().filter((c) -> c.hasKey(ServerWebExchange.class)) - .map((c) -> c.get(ServerWebExchange.class)) - .map((e) -> e.getRequest().getPath().pathWithinApplication().value()); + return Mono.subscriberContext() + .filter((c) -> c.hasKey(ServerWebExchange.class)) + .map((c) -> c.get(ServerWebExchange.class)) + .map((e) -> e.getRequest().getPath().pathWithinApplication().value()); } } diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java index f9243db209..5dbb75c603 100644 --- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java @@ -112,7 +112,7 @@ public class WebSocketMessageBrokerConfigTests { this.spring.configLocations(xml("NoIdConfig")).autowire(); this.clientInboundChannel.send(message("/permitAll")); assertThatExceptionOfType(Exception.class).isThrownBy(() -> this.clientInboundChannel.send(message("/denyAll"))) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -184,7 +184,7 @@ public class WebSocketMessageBrokerConfigTests { this.spring.configLocations(xml("NoIdAuthorizationManager")).autowire(); this.clientInboundChannel.send(message("/permitAll")); assertThatExceptionOfType(Exception.class).isThrownBy(() -> this.clientInboundChannel.send(message("/denyAll"))) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -265,7 +265,7 @@ public class WebSocketMessageBrokerConfigTests { this.spring.configLocations(xml("SyncConfig")).autowire(); Message message = message("/message", SimpMessageType.CONNECT); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(InvalidCsrfTokenException.class); + .withCauseInstanceOf(InvalidCsrfTokenException.class); } @Test @@ -282,10 +282,10 @@ public class WebSocketMessageBrokerConfigTests { send(message); message = message("/permitAll", SimpMessageType.UNSUBSCRIBE); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); message = message("/anyOther", SimpMessageType.MESSAGE); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -295,10 +295,10 @@ public class WebSocketMessageBrokerConfigTests { send(message); message = message("/permitAll", SimpMessageType.UNSUBSCRIBE); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); message = message("/anyOther", SimpMessageType.MESSAGE); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -308,10 +308,10 @@ public class WebSocketMessageBrokerConfigTests { send(message); message = message("/permitAll", SimpMessageType.UNSUBSCRIBE); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); message = message("/anyOther", SimpMessageType.SUBSCRIBE); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -321,52 +321,52 @@ public class WebSocketMessageBrokerConfigTests { send(message); message = message("/permitAll", SimpMessageType.UNSUBSCRIBE); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); message = message("/anyOther", SimpMessageType.SUBSCRIBE); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); } @Test public void configureWhenUsingConnectMessageTypeThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("ConnectInterceptTypeConfig")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("ConnectInterceptTypeConfig")).autowire()); } @Test public void configureWhenUsingConnectAckMessageTypeThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("ConnectAckInterceptTypeConfig")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("ConnectAckInterceptTypeConfig")).autowire()); } @Test public void configureWhenUsingDisconnectMessageTypeThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("DisconnectInterceptTypeConfig")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("DisconnectInterceptTypeConfig")).autowire()); } @Test public void configureWhenUsingDisconnectAckMessageTypeThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("DisconnectAckInterceptTypeConfig")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("DisconnectAckInterceptTypeConfig")).autowire()); } @Test public void configureWhenUsingHeartbeatMessageTypeThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("HeartbeatInterceptTypeConfig")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("HeartbeatInterceptTypeConfig")).autowire()); } @Test public void configureWhenUsingOtherMessageTypeThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("OtherInterceptTypeConfig")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("OtherInterceptTypeConfig")).autowire()); } @Test public void configureWhenUsingUnsubscribeMessageTypeThenAutowireFails() { assertThatExceptionOfType(BeanDefinitionParsingException.class) - .isThrownBy(() -> this.spring.configLocations(xml("UnsubscribeInterceptTypeConfig")).autowire()); + .isThrownBy(() -> this.spring.configLocations(xml("UnsubscribeInterceptTypeConfig")).autowire()); } @Test @@ -383,16 +383,16 @@ public class WebSocketMessageBrokerConfigTests { MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build(); String csrfAttributeName = CsrfToken.class.getName(); String customAttributeName = this.getClass().getName(); - MvcResult result = mvc.perform( - get("/app").requestAttr(DeferredCsrfToken.class.getName(), new TestDeferredCsrfToken(this.token)) - .sessionAttr(customAttributeName, "attributeValue")) - .andReturn(); + MvcResult result = mvc + .perform(get("/app").requestAttr(DeferredCsrfToken.class.getName(), new TestDeferredCsrfToken(this.token)) + .sessionAttr(customAttributeName, "attributeValue")) + .andReturn(); CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName); String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName); String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName); assertThatCsrfToken(handshakeToken).isEqualTo(this.token).withFailMessage("CsrfToken is populated"); assertThat(handshakeValue).isEqualTo(sessionValue) - .withFailMessage("Explicitly listed session variables are not overridden"); + .withFailMessage("Explicitly listed session variables are not overridden"); } @Test @@ -402,15 +402,17 @@ public class WebSocketMessageBrokerConfigTests { MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build(); String csrfAttributeName = CsrfToken.class.getName(); String customAttributeName = this.getClass().getName(); - MvcResult result = mvc.perform(get("/app/289/tpyx6mde/websocket") + MvcResult result = mvc + .perform(get("/app/289/tpyx6mde/websocket") .requestAttr(DeferredCsrfToken.class.getName(), new TestDeferredCsrfToken(this.token)) - .sessionAttr(customAttributeName, "attributeValue")).andReturn(); + .sessionAttr(customAttributeName, "attributeValue")) + .andReturn(); CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName); String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName); String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName); assertThatCsrfToken(handshakeToken).isEqualTo(this.token).withFailMessage("CsrfToken is populated"); assertThat(handshakeValue).isEqualTo(sessionValue) - .withFailMessage("Explicitly listed session variables are not overridden"); + .withFailMessage("Explicitly listed session variables are not overridden"); } @Test @@ -425,7 +427,7 @@ public class WebSocketMessageBrokerConfigTests { this.spring.configLocations(xml("CustomPathMatcherConfig")).autowire(); Message message = message("/denyAll.a"); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); message = message("/denyAll.a.b"); send(message); } @@ -435,7 +437,7 @@ public class WebSocketMessageBrokerConfigTests { this.spring.configLocations(xml("CustomPathMatcherAuthorizationManager")).autowire(); Message message = message("/denyAll.a"); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); message = message("/denyAll.a.b"); send(message); } @@ -453,7 +455,7 @@ public class WebSocketMessageBrokerConfigTests { this.spring.configLocations(xml("IdIntegratedConfig")).autowire(); Message message = message("/denyAll"); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -461,7 +463,7 @@ public class WebSocketMessageBrokerConfigTests { this.spring.configLocations(xml("CustomInterceptorConfig")).autowire(); Message message = message("/throwAll"); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(UnsupportedOperationException.class); + .withCauseInstanceOf(UnsupportedOperationException.class); } @Test @@ -470,7 +472,7 @@ public class WebSocketMessageBrokerConfigTests { this.spring.configLocations(xml("CustomExpressionHandlerConfig")).autowire(); Message message = message("/denyNile"); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); } @Test @@ -479,18 +481,18 @@ public class WebSocketMessageBrokerConfigTests { this.spring.configLocations(xml("CustomExpressionHandlerAuthorizationManager")).autowire(); Message message = message("/denyNile"); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); } @Test public void sendWhenCustomAuthorizationManagerThenAuthorizesAccordingly() { this.spring.configLocations(xml("CustomAuthorizationManagerConfig")).autowire(); AuthorizationManager> authorizationManager = this.spring.getContext() - .getBean(AuthorizationManager.class); + .getBean(AuthorizationManager.class); given(authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false)); Message message = message("/any"); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); verify(authorizationManager).check(any(), any()); } @@ -615,8 +617,8 @@ public class WebSocketMessageBrokerConfigTests { @Override public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException { BeanDefinition inbound = registry.getBeanDefinition("clientInboundChannel"); - inbound.getConstructorArgumentValues().addIndexedArgumentValue(0, - new RootBeanDefinition(SyncTaskExecutor.class)); + inbound.getConstructorArgumentValues() + .addIndexedArgumentValue(0, new RootBeanDefinition(SyncTaskExecutor.class)); } @Override diff --git a/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java b/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java index ef1253c08d..b2b62341b7 100644 --- a/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java +++ b/config/src/test/java/org/springframework/security/htmlunit/server/MockWebResponseBuilder.java @@ -67,7 +67,7 @@ final class MockWebResponseBuilder { HttpHeaders responseHeaders = this.exchangeResult.getResponseHeaders(); List result = new ArrayList<>(responseHeaders.size()); responseHeaders.forEach((headerName, headerValues) -> headerValues - .forEach((headerValue) -> result.add(new NameValuePair(headerName, headerValue)))); + .forEach((headerValue) -> result.add(new NameValuePair(headerName, headerValue)))); return result; } diff --git a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java index ca9b4a0bb5..ea8ceb90be 100644 --- a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java +++ b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java @@ -98,9 +98,9 @@ public class MethodSecurityInterceptorWithAopConfigTests { ITargetObject target = (ITargetObject) this.appContext.getBean("target"); // Check both against interface and class assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> target.makeLowerCase("TEST")); + .isThrownBy(() -> target.makeLowerCase("TEST")); assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> target.makeUpperCase("test")); + .isThrownBy(() -> target.makeUpperCase("test")); } @Test @@ -126,9 +126,9 @@ public class MethodSecurityInterceptorWithAopConfigTests { ITargetObject target = (ITargetObject) this.appContext.getBean("target"); assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> target.makeLowerCase("TEST")); + .isThrownBy(() -> target.makeLowerCase("TEST")); assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> target.makeUpperCase("test")); + .isThrownBy(() -> target.makeUpperCase("test")); } private void setContext(String context) { diff --git a/core/src/main/java/org/springframework/security/access/annotation/Secured.java b/core/src/main/java/org/springframework/security/access/annotation/Secured.java index e8640e0af5..b5a97b95fd 100644 --- a/core/src/main/java/org/springframework/security/access/annotation/Secured.java +++ b/core/src/main/java/org/springframework/security/access/annotation/Secured.java @@ -43,6 +43,7 @@ import java.lang.annotation.Target; * @Secured({ "ROLE_ADMIN" }) * public void delete(Contact contact); * + * * @author Mark St.Godard */ @Target({ ElementType.METHOD, ElementType.TYPE }) diff --git a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java index 5643ec6201..1ff5c28ed3 100644 --- a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java @@ -57,7 +57,7 @@ public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMet Assert.notNull(annotationMetadataExtractor, "annotationMetadataExtractor cannot be null"); this.annotationExtractor = annotationMetadataExtractor; this.annotationType = (Class) GenericTypeResolver - .resolveTypeArgument(this.annotationExtractor.getClass(), AnnotationMetadataExtractor.class); + .resolveTypeArgument(this.annotationExtractor.getClass(), AnnotationMetadataExtractor.class); Assert.notNull(this.annotationType, () -> this.annotationExtractor.getClass().getName() + " must supply a generic parameter for AnnotationMetadataExtractor"); } diff --git a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java index 1c76e2b47a..76cf8cf2dc 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java @@ -119,7 +119,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr @Override public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx) { MethodSecurityExpressionOperations rootObject = (MethodSecurityExpressionOperations) ctx.getRootObject() - .getValue(); + .getValue(); this.logger.debug(LogMessage.format("Filtering with expression: %s", filterExpression.getExpressionString())); if (filterTarget instanceof Collection) { return filterCollection((Collection) filterTarget, filterExpression, ctx, rootObject); diff --git a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java index 0e8bff01ee..5582b2a145 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java +++ b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java @@ -123,7 +123,7 @@ public abstract class AbstractSecurityInterceptor protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private ApplicationEventPublisher eventPublisher; @@ -182,7 +182,7 @@ public abstract class AbstractSecurityInterceptor } if (unsupportedAttrs.size() != 0) { this.logger - .trace("Did not validate configuration attributes since validateConfigurationAttributes is false"); + .trace("Did not validate configuration attributes since validateConfigurationAttributes is false"); throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttrs); } else { @@ -276,8 +276,8 @@ public abstract class AbstractSecurityInterceptor if (token != null && token.isContextHolderRefreshRequired()) { this.securityContextHolderStrategy.setContext(token.getSecurityContext()); if (this.logger.isDebugEnabled()) { - this.logger.debug(LogMessage.of( - () -> "Reverted to original authentication " + token.getSecurityContext().getAuthentication())); + this.logger.debug(LogMessage + .of(() -> "Reverted to original authentication " + token.getSecurityContext().getAuthentication())); } } } diff --git a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java index 4101ed4c8d..8640ca08e9 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java +++ b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java @@ -62,7 +62,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean { Assert.notNull(invocation, "MethodInvocation required"); Assert.notNull(invocation.getMethod(), "MethodInvocation must provide a non-null getMethod()"); Collection attrs = this.securityInterceptor.obtainSecurityMetadataSource() - .getAttributes(invocation); + .getAttributes(invocation); if (attrs == null) { return !this.securityInterceptor.isRejectPublicInvocations(); } diff --git a/core/src/main/java/org/springframework/security/access/method/P.java b/core/src/main/java/org/springframework/security/access/method/P.java index 53fc1a71c2..8a03c9faee 100644 --- a/core/src/main/java/org/springframework/security/access/method/P.java +++ b/core/src/main/java/org/springframework/security/access/method/P.java @@ -30,7 +30,6 @@ import org.springframework.security.core.parameters.AnnotationParameterNameDisco * contain the parameter names. * * @see AnnotationParameterNameDiscoverer - * * @author Rob Winch * @since 3.2 * @deprecated use @{code org.springframework.security.core.parameters.P} diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java index d26014ee6e..bd47472566 100644 --- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java @@ -97,7 +97,7 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor boolean isSuspendingFunction = KotlinDetector.isSuspendingFunction(method); boolean hasFlowReturnType = COROUTINES_FLOW_CLASS_NAME - .equals(new MethodParameter(method, RETURN_TYPE_METHOD_PARAMETER_INDEX).getParameterType().getName()); + .equals(new MethodParameter(method, RETURN_TYPE_METHOD_PARAMETER_INDEX).getParameterType().getName()); boolean hasReactiveReturnType = Publisher.class.isAssignableFrom(returnType) || isSuspendingFunction || hasFlowReturnType; @@ -119,41 +119,41 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor PostInvocationAttribute attr = findPostInvocationAttribute(attributes); if (Mono.class.isAssignableFrom(returnType)) { return toInvoke.flatMap((auth) -> PrePostAdviceReactiveMethodInterceptor.>proceed(invocation) - .map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r)); + .map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r)); } if (Flux.class.isAssignableFrom(returnType)) { return toInvoke.flatMapMany((auth) -> PrePostAdviceReactiveMethodInterceptor.>proceed(invocation) - .map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r)); + .map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r)); } if (hasFlowReturnType) { Flux response; if (isSuspendingFunction) { response = toInvoke.flatMapMany((auth) -> Flux - .from(CoroutinesUtils.invokeSuspendingFunction(invocation.getMethod(), invocation.getThis(), - invocation.getArguments())) - .map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r)); + .from(CoroutinesUtils.invokeSuspendingFunction(invocation.getMethod(), invocation.getThis(), + invocation.getArguments())) + .map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r)); } else { ReactiveAdapter adapter = ReactiveAdapterRegistry.getSharedInstance().getAdapter(returnType); Assert.state(adapter != null, () -> "The returnType " + returnType + " on " + method + " must have a org.springframework.core.ReactiveAdapter registered"); response = toInvoke.flatMapMany((auth) -> Flux - .from(adapter.toPublisher(PrePostAdviceReactiveMethodInterceptor.flowProceed(invocation))) - .map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r)); + .from(adapter.toPublisher(PrePostAdviceReactiveMethodInterceptor.flowProceed(invocation))) + .map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r)); } return KotlinDelegate.asFlow(response); } if (isSuspendingFunction) { Mono response = toInvoke.flatMap((auth) -> Mono - .from(CoroutinesUtils.invokeSuspendingFunction(invocation.getMethod(), invocation.getThis(), - invocation.getArguments())) - .map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r)); + .from(CoroutinesUtils.invokeSuspendingFunction(invocation.getMethod(), invocation.getThis(), + invocation.getArguments())) + .map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r)); return KotlinDelegate.awaitSingleOrNull(response, invocation.getArguments()[invocation.getArguments().length - 1]); } - return toInvoke.flatMapMany( - (auth) -> Flux.from(PrePostAdviceReactiveMethodInterceptor.>proceed(invocation)) - .map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r)); + return toInvoke + .flatMapMany((auth) -> Flux.from(PrePostAdviceReactiveMethodInterceptor.>proceed(invocation)) + .map((r) -> (attr != null) ? this.postAdvice.after(auth, invocation, attr, r) : r)); } private static > T proceed(final MethodInvocation invocation) { diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java index 02d8230033..1db7d1cb9c 100644 --- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java @@ -130,8 +130,8 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur // actually implement the method) annotation = AnnotationUtils.findAnnotation(specificMethod.getDeclaringClass(), annotationClass); if (annotation != null) { - this.logger.debug( - LogMessage.format("%s found on: %s", annotation, specificMethod.getDeclaringClass().getName())); + this.logger + .debug(LogMessage.format("%s found on: %s", annotation, specificMethod.getDeclaringClass().getName())); return annotation; } return null; diff --git a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java index 1d691dabcc..eac31e2332 100644 --- a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java +++ b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java @@ -63,13 +63,13 @@ public class AffirmativeBased extends AbstractAccessDecisionManager { for (AccessDecisionVoter voter : getDecisionVoters()) { int result = voter.vote(authentication, object, configAttributes); switch (result) { - case AccessDecisionVoter.ACCESS_GRANTED: - return; - case AccessDecisionVoter.ACCESS_DENIED: - deny++; - break; - default: - break; + case AccessDecisionVoter.ACCESS_GRANTED: + return; + case AccessDecisionVoter.ACCESS_DENIED: + deny++; + break; + default: + break; } } if (deny > 0) { diff --git a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java index d9cfea4955..83f344d4ca 100644 --- a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java +++ b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java @@ -71,14 +71,14 @@ public class ConsensusBased extends AbstractAccessDecisionManager { for (AccessDecisionVoter voter : getDecisionVoters()) { int result = voter.vote(authentication, object, configAttributes); switch (result) { - case AccessDecisionVoter.ACCESS_GRANTED: - grant++; - break; - case AccessDecisionVoter.ACCESS_DENIED: - deny++; - break; - default: - break; + case AccessDecisionVoter.ACCESS_GRANTED: + grant++; + break; + case AccessDecisionVoter.ACCESS_DENIED: + deny++; + break; + default: + break; } } if (grant > deny) { diff --git a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java index 9850bf3581..c28f5200cc 100644 --- a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java +++ b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java @@ -71,14 +71,14 @@ public class UnanimousBased extends AbstractAccessDecisionManager { for (AccessDecisionVoter voter : getDecisionVoters()) { int result = voter.vote(authentication, object, singleAttributeList); switch (result) { - case AccessDecisionVoter.ACCESS_GRANTED: - grant++; - break; - case AccessDecisionVoter.ACCESS_DENIED: - throw new AccessDeniedException( - this.messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied")); - default: - break; + case AccessDecisionVoter.ACCESS_GRANTED: + grant++; + break; + case AccessDecisionVoter.ACCESS_DENIED: + throw new AccessDeniedException(this.messages + .getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied")); + default: + break; } } } diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java index 5a08efd019..0970b79aa5 100644 --- a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java +++ b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java @@ -78,7 +78,7 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager if (!user.isAccountNonExpired()) { this.logger.debug("User account is expired"); throw new AccountExpiredException(this.messages - .getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired")); + .getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired")); } } diff --git a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java index 7b7e296ce5..99e03c23cb 100644 --- a/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java +++ b/core/src/main/java/org/springframework/security/authentication/AccountStatusUserDetailsChecker.java @@ -56,7 +56,7 @@ public class AccountStatusUserDetailsChecker implements UserDetailsChecker, Mess if (!user.isCredentialsNonExpired()) { this.logger.debug("Failed to authenticate since user account credentials have expired"); throw new CredentialsExpiredException(this.messages - .getMessage("AccountStatusUserDetailsChecker.credentialsExpired", "User credentials have expired")); + .getMessage("AccountStatusUserDetailsChecker.credentialsExpired", "User credentials have expired")); } } diff --git a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java index a5e9ff8619..4a509b08c4 100644 --- a/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java +++ b/core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java @@ -125,7 +125,7 @@ public class DefaultAuthenticationEventPublisher private Constructor getEventConstructor(AuthenticationException exception) { Constructor eventConstructor = this.exceptionMappings - .get(exception.getClass().getName()); + .get(exception.getClass().getName()); return (eventConstructor != null) ? eventConstructor : this.defaultAuthenticationFailureEventConstructor; } @@ -169,7 +169,7 @@ public class DefaultAuthenticationEventPublisher Map, Class> mappings) { Assert.notEmpty(mappings, "The mappings Map must not be empty nor null"); for (Map.Entry, Class> entry : mappings - .entrySet()) { + .entrySet()) { Class exceptionClass = entry.getKey(); Class eventClass = entry.getValue(); Assert.notNull(exceptionClass, "exceptionClass cannot be null"); @@ -190,7 +190,7 @@ public class DefaultAuthenticationEventPublisher "defaultAuthenticationFailureEventClass must not be null"); try { this.defaultAuthenticationFailureEventConstructor = defaultAuthenticationFailureEventClass - .getConstructor(Authentication.class, AuthenticationException.class); + .getConstructor(Authentication.class, AuthenticationException.class); } catch (NoSuchMethodException ex) { throw new RuntimeException("Default Authentication Failure event class " @@ -201,7 +201,7 @@ public class DefaultAuthenticationEventPublisher private void addMapping(String exceptionClass, Class eventClass) { try { Constructor constructor = eventClass - .getConstructor(Authentication.class, AuthenticationException.class); + .getConstructor(Authentication.class, AuthenticationException.class); this.exceptionMappings.put(exceptionClass, constructor); } catch (NoSuchMethodException ex) { diff --git a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java index 7d5b434d52..5679dbfe49 100644 --- a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java @@ -138,7 +138,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider throw ex; } throw new BadCredentialsException(this.messages - .getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); + .getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract"); } @@ -320,21 +320,21 @@ public abstract class AbstractUserDetailsAuthenticationProvider public void check(UserDetails user) { if (!user.isAccountNonLocked()) { AbstractUserDetailsAuthenticationProvider.this.logger - .debug("Failed to authenticate since user account is locked"); + .debug("Failed to authenticate since user account is locked"); throw new LockedException(AbstractUserDetailsAuthenticationProvider.this.messages - .getMessage("AbstractUserDetailsAuthenticationProvider.locked", "User account is locked")); + .getMessage("AbstractUserDetailsAuthenticationProvider.locked", "User account is locked")); } if (!user.isEnabled()) { AbstractUserDetailsAuthenticationProvider.this.logger - .debug("Failed to authenticate since user account is disabled"); + .debug("Failed to authenticate since user account is disabled"); throw new DisabledException(AbstractUserDetailsAuthenticationProvider.this.messages - .getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled")); + .getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled")); } if (!user.isAccountNonExpired()) { AbstractUserDetailsAuthenticationProvider.this.logger - .debug("Failed to authenticate since user account has expired"); + .debug("Failed to authenticate since user account has expired"); throw new AccountExpiredException(AbstractUserDetailsAuthenticationProvider.this.messages - .getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired")); + .getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired")); } } @@ -346,10 +346,10 @@ public abstract class AbstractUserDetailsAuthenticationProvider public void check(UserDetails user) { if (!user.isCredentialsNonExpired()) { AbstractUserDetailsAuthenticationProvider.this.logger - .debug("Failed to authenticate since user account credentials have expired"); + .debug("Failed to authenticate since user account credentials have expired"); throw new CredentialsExpiredException(AbstractUserDetailsAuthenticationProvider.this.messages - .getMessage("AbstractUserDetailsAuthenticationProvider.credentialsExpired", - "User credentials have expired")); + .getMessage("AbstractUserDetailsAuthenticationProvider.credentialsExpired", + "User credentials have expired")); } } diff --git a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java index c21a9ff2f1..f43776b09e 100644 --- a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java @@ -71,13 +71,13 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication if (authentication.getCredentials() == null) { this.logger.debug("Failed to authenticate since no credentials provided"); throw new BadCredentialsException(this.messages - .getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); + .getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } String presentedPassword = authentication.getCredentials().toString(); if (!this.passwordEncoder.matches(presentedPassword, userDetails.getPassword())) { this.logger.debug("Failed to authenticate since password does not match stored value"); throw new BadCredentialsException(this.messages - .getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); + .getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } } diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java index cb85f91d4a..32e7ea70b7 100644 --- a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java @@ -248,8 +248,8 @@ public abstract class AbstractJaasAuthenticationProvider implements Authenticati private void logout(JaasAuthenticationToken token, LoginContext loginContext) throws LoginException { if (loginContext != null) { - this.log.debug( - LogMessage.of(() -> "Logging principal: [" + token.getPrincipal() + "] out of LoginContext")); + this.log + .debug(LogMessage.of(() -> "Logging principal: [" + token.getPrincipal() + "] out of LoginContext")); loginContext.logout(); return; } diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java index 2350f73e8f..096e298a8a 100644 --- a/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java +++ b/core/src/main/java/org/springframework/security/authentication/jaas/SecurityContextLoginModule.java @@ -58,7 +58,7 @@ public class SecurityContextLoginModule implements LoginModule { private static final Log log = LogFactory.getLog(SecurityContextLoginModule.class); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private Authentication authen; diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java index a617b3b60f..79b3485299 100644 --- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java @@ -67,7 +67,7 @@ public class RemoteAuthenticationProvider implements AuthenticationProvider, Ini Object credentials = authentication.getCredentials(); String password = (credentials != null) ? credentials.toString() : null; Collection authorities = this.remoteAuthenticationManager - .attemptAuthentication(username, password); + .attemptAuthentication(username, password); return UsernamePasswordAuthenticationToken.authenticated(username, password, authorities); } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java index 2bba4744f6..7b010e3b3a 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java @@ -39,8 +39,9 @@ public class AuthenticatedReactiveAuthorizationManager implements ReactiveAut @Override public Mono check(Mono authentication, T object) { - return authentication.filter(this::isNotAnonymous).map(this::getAuthorizationDecision) - .defaultIfEmpty(new AuthorizationDecision(false)); + return authentication.filter(this::isNotAnonymous) + .map(this::getAuthorizationDecision) + .defaultIfEmpty(new AuthorizationDecision(false)); } private AuthorizationDecision getAuthorizationDecision(Authentication authentication) { diff --git a/core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptor.java index c33c36e8f2..df5fd8daf2 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptor.java +++ b/core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptor.java @@ -99,9 +99,12 @@ public final class AuthorizationManagerAfterReactiveMethodInterceptor public Object invoke(MethodInvocation mi) throws Throwable { Method method = mi.getMethod(); Class type = method.getReturnType(); - Assert.state(Publisher.class.isAssignableFrom(type), - () -> String.format("The returnType %s on %s must return an instance of org.reactivestreams.Publisher " - + "(for example, a Mono or Flux) in order to support Reactor Context", type, method)); + Assert + .state(Publisher.class.isAssignableFrom(type), + () -> String.format( + "The returnType %s on %s must return an instance of org.reactivestreams.Publisher " + + "(for example, a Mono or Flux) in order to support Reactor Context", + type, method)); Mono authentication = ReactiveAuthenticationUtils.getAuthentication(); Function> postAuthorize = (result) -> postAuthorize(authentication, mi, result); ReactiveAdapter adapter = ReactiveAdapterRegistry.getSharedInstance().getAdapter(type); @@ -123,7 +126,7 @@ public final class AuthorizationManagerAfterReactiveMethodInterceptor private Mono postAuthorize(Mono authentication, MethodInvocation mi, Object result) { return this.authorizationManager.verify(authentication, new MethodInvocationResult(mi, result)) - .thenReturn(result); + .thenReturn(result); } @Override diff --git a/core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptor.java index 8aedb5ad3b..9c0d99edf1 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptor.java +++ b/core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptor.java @@ -99,9 +99,12 @@ public final class AuthorizationManagerBeforeReactiveMethodInterceptor public Object invoke(MethodInvocation mi) throws Throwable { Method method = mi.getMethod(); Class type = method.getReturnType(); - Assert.state(Publisher.class.isAssignableFrom(type), - () -> String.format("The returnType %s on %s must return an instance of org.reactivestreams.Publisher " - + "(for example, a Mono or Flux) in order to support Reactor Context", type, method)); + Assert + .state(Publisher.class.isAssignableFrom(type), + () -> String.format( + "The returnType %s on %s must return an instance of org.reactivestreams.Publisher " + + "(for example, a Mono or Flux) in order to support Reactor Context", + type, method)); Mono authentication = ReactiveAuthenticationUtils.getAuthentication(); ReactiveAdapter adapter = ReactiveAdapterRegistry.getSharedInstance().getAdapter(type); Mono preAuthorize = this.authorizationManager.verify(authentication, mi); diff --git a/core/src/main/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManager.java index 01c0cf1ca7..5a972f3e9f 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManager.java @@ -62,7 +62,7 @@ public final class MethodExpressionAuthorizationManager implements Authorization Assert.notNull(expressionHandler, "expressionHandler cannot be null"); this.expressionHandler = expressionHandler; this.expression = expressionHandler.getExpressionParser() - .parseExpression(this.expression.getExpressionString()); + .parseExpression(this.expression.getExpressionString()); } /** diff --git a/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeExpressionAttributeRegistry.java b/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeExpressionAttributeRegistry.java index dcae9b0d72..c89bbc3e31 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeExpressionAttributeRegistry.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeExpressionAttributeRegistry.java @@ -59,7 +59,7 @@ final class PostAuthorizeExpressionAttributeRegistry extends AbstractExpressionA return ExpressionAttribute.NULL_ATTRIBUTE; } Expression postAuthorizeExpression = this.expressionHandler.getExpressionParser() - .parseExpression(postAuthorize.value()); + .parseExpression(postAuthorize.value()); return new ExpressionAttribute(postAuthorizeExpression); } diff --git a/core/src/main/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptor.java index 759a63dd4a..c4eea89554 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptor.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptor.java @@ -83,12 +83,15 @@ public final class PostFilterAuthorizationReactiveMethodInterceptor return ReactiveMethodInvocationUtils.proceed(mi); } Mono toInvoke = ReactiveAuthenticationUtils.getAuthentication() - .map((auth) -> this.registry.getExpressionHandler().createEvaluationContext(auth, mi)); + .map((auth) -> this.registry.getExpressionHandler().createEvaluationContext(auth, mi)); Method method = mi.getMethod(); Class type = method.getReturnType(); - Assert.state(Publisher.class.isAssignableFrom(type), - () -> String.format("The parameter type %s on %s must be an instance of org.reactivestreams.Publisher " - + "(for example, a Mono or Flux) in order to support Reactor Context", type, method)); + Assert + .state(Publisher.class.isAssignableFrom(type), + () -> String.format( + "The parameter type %s on %s must be an instance of org.reactivestreams.Publisher " + + "(for example, a Mono or Flux) in order to support Reactor Context", + type, method)); ReactiveAdapter adapter = ReactiveAdapterRegistry.getSharedInstance().getAdapter(type); if (isMultiValue(type, adapter)) { Publisher publisher = Flux.defer(() -> ReactiveMethodInvocationUtils.proceed(mi)); @@ -108,13 +111,15 @@ public final class PostFilterAuthorizationReactiveMethodInterceptor } private Mono filterSingleValue(Publisher publisher, EvaluationContext ctx, ExpressionAttribute attribute) { - return Mono.from(publisher).doOnNext((result) -> setFilterObject(ctx, result)) - .flatMap((result) -> postFilter(ctx, result, attribute)); + return Mono.from(publisher) + .doOnNext((result) -> setFilterObject(ctx, result)) + .flatMap((result) -> postFilter(ctx, result, attribute)); } private Flux filterMultiValue(Publisher publisher, EvaluationContext ctx, ExpressionAttribute attribute) { - return Flux.from(publisher).doOnNext((result) -> setFilterObject(ctx, result)) - .flatMap((result) -> postFilter(ctx, result, attribute)); + return Flux.from(publisher) + .doOnNext((result) -> setFilterObject(ctx, result)) + .flatMap((result) -> postFilter(ctx, result, attribute)); } private void setFilterObject(EvaluationContext ctx, Object result) { @@ -123,7 +128,7 @@ public final class PostFilterAuthorizationReactiveMethodInterceptor private Mono postFilter(EvaluationContext ctx, Object result, ExpressionAttribute attribute) { return ReactiveExpressionUtils.evaluateAsBoolean(attribute.getExpression(), ctx) - .flatMap((granted) -> granted ? Mono.just(result) : Mono.empty()); + .flatMap((granted) -> granted ? Mono.just(result) : Mono.empty()); } @Override diff --git a/core/src/main/java/org/springframework/security/authorization/method/PostFilterExpressionAttributeRegistry.java b/core/src/main/java/org/springframework/security/authorization/method/PostFilterExpressionAttributeRegistry.java index 44bc2802ab..4bc33bc493 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PostFilterExpressionAttributeRegistry.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PostFilterExpressionAttributeRegistry.java @@ -58,7 +58,7 @@ final class PostFilterExpressionAttributeRegistry extends AbstractExpressionAttr return ExpressionAttribute.NULL_ATTRIBUTE; } Expression postFilterExpression = this.expressionHandler.getExpressionParser() - .parseExpression(postFilter.value()); + .parseExpression(postFilter.value()); return new ExpressionAttribute(postFilterExpression); } diff --git a/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeExpressionAttributeRegistry.java b/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeExpressionAttributeRegistry.java index 7cced570d1..dcae13eb20 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeExpressionAttributeRegistry.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeExpressionAttributeRegistry.java @@ -63,7 +63,7 @@ final class PreAuthorizeExpressionAttributeRegistry extends AbstractExpressionAt return ExpressionAttribute.NULL_ATTRIBUTE; } Expression preAuthorizeExpression = this.expressionHandler.getExpressionParser() - .parseExpression(preAuthorize.value()); + .parseExpression(preAuthorize.value()); return new ExpressionAttribute(preAuthorizeExpression); } diff --git a/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptor.java index a7af3b037c..04c5d4b337 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptor.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptor.java @@ -96,21 +96,24 @@ public final class PreFilterAuthorizationReactiveMethodInterceptor } FilterTarget filterTarget = findFilterTarget(attribute.getFilterTarget(), mi); Mono toInvoke = ReactiveAuthenticationUtils.getAuthentication() - .map((auth) -> this.registry.getExpressionHandler().createEvaluationContext(auth, mi)); + .map((auth) -> this.registry.getExpressionHandler().createEvaluationContext(auth, mi)); Method method = mi.getMethod(); Class type = filterTarget.value.getClass(); - Assert.state(Publisher.class.isAssignableFrom(type), - () -> String.format("The parameter type %s on %s must be an instance of org.reactivestreams.Publisher " - + "(for example, a Mono or Flux) in order to support Reactor Context", type, method)); + Assert + .state(Publisher.class.isAssignableFrom(type), + () -> String.format( + "The parameter type %s on %s must be an instance of org.reactivestreams.Publisher " + + "(for example, a Mono or Flux) in order to support Reactor Context", + type, method)); ReactiveAdapter adapter = ReactiveAdapterRegistry.getSharedInstance().getAdapter(type); if (isMultiValue(type, adapter)) { Flux result = toInvoke - .flatMapMany((ctx) -> filterMultiValue(filterTarget.value, attribute.getExpression(), ctx)); + .flatMapMany((ctx) -> filterMultiValue(filterTarget.value, attribute.getExpression(), ctx)); mi.getArguments()[filterTarget.index] = (adapter != null) ? adapter.fromPublisher(result) : result; } else { Mono result = toInvoke - .flatMap((ctx) -> filterSingleValue(filterTarget.value, attribute.getExpression(), ctx)); + .flatMap((ctx) -> filterSingleValue(filterTarget.value, attribute.getExpression(), ctx)); mi.getArguments()[filterTarget.index] = (adapter != null) ? adapter.fromPublisher(result) : result; } return ReactiveMethodInvocationUtils.proceed(mi); @@ -157,7 +160,7 @@ public final class PreFilterAuthorizationReactiveMethodInterceptor private Mono filterSingleValue(Publisher filterTarget, Expression filterExpression, EvaluationContext ctx) { MethodSecurityExpressionOperations rootObject = (MethodSecurityExpressionOperations) ctx.getRootObject() - .getValue(); + .getValue(); return Mono.from(filterTarget).filterWhen((filterObject) -> { rootObject.setFilterObject(filterObject); return ReactiveExpressionUtils.evaluateAsBoolean(filterExpression, ctx); @@ -166,7 +169,7 @@ public final class PreFilterAuthorizationReactiveMethodInterceptor private Flux filterMultiValue(Publisher filterTarget, Expression filterExpression, EvaluationContext ctx) { MethodSecurityExpressionOperations rootObject = (MethodSecurityExpressionOperations) ctx.getRootObject() - .getValue(); + .getValue(); return Flux.from(filterTarget).filterWhen((filterObject) -> { rootObject.setFilterObject(filterObject); return ReactiveExpressionUtils.evaluateAsBoolean(filterExpression, ctx); diff --git a/core/src/main/java/org/springframework/security/authorization/method/PreFilterExpressionAttributeRegistry.java b/core/src/main/java/org/springframework/security/authorization/method/PreFilterExpressionAttributeRegistry.java index b8b6823380..6fa8448355 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PreFilterExpressionAttributeRegistry.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PreFilterExpressionAttributeRegistry.java @@ -59,7 +59,7 @@ final class PreFilterExpressionAttributeRegistry return PreFilterExpressionAttribute.NULL_ATTRIBUTE; } Expression preFilterExpression = this.expressionHandler.getExpressionParser() - .parseExpression(preFilter.value()); + .parseExpression(preFilter.value()); return new PreFilterExpressionAttribute(preFilterExpression, preFilter.filterTarget()); } diff --git a/core/src/main/java/org/springframework/security/authorization/method/ReactiveAuthenticationUtils.java b/core/src/main/java/org/springframework/security/authorization/method/ReactiveAuthenticationUtils.java index 433587cf09..5f370a91a6 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/ReactiveAuthenticationUtils.java +++ b/core/src/main/java/org/springframework/security/authorization/method/ReactiveAuthenticationUtils.java @@ -36,8 +36,9 @@ final class ReactiveAuthenticationUtils { AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); static Mono getAuthentication() { - return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication) - .defaultIfEmpty(ANONYMOUS); + return ReactiveSecurityContextHolder.getContext() + .map(SecurityContext::getAuthentication) + .defaultIfEmpty(ANONYMOUS); } private ReactiveAuthenticationUtils() { diff --git a/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java b/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java index f500cfaa2e..b02bef249f 100644 --- a/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java +++ b/core/src/main/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextSupport.java @@ -34,7 +34,7 @@ import org.springframework.util.Assert; abstract class AbstractDelegatingSecurityContextSupport { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private final SecurityContext securityContext; diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java index 8842551912..ee249f3e6b 100644 --- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java +++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextCallable.java @@ -49,7 +49,7 @@ public final class DelegatingSecurityContextCallable implements Callable { private SecurityContext delegateSecurityContext; private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); /** * The {@link SecurityContext} that was on the {@link SecurityContextHolder} prior to diff --git a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java index 98deb61cec..cc32994939 100644 --- a/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java +++ b/core/src/main/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnable.java @@ -42,7 +42,7 @@ public final class DelegatingSecurityContextRunnable implements Runnable { private final boolean explicitSecurityContextProvided; private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); /** * The {@link SecurityContext} that the delegate {@link Runnable} will be ran as. diff --git a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java index eb4dca3605..02ba68e67d 100644 --- a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java +++ b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java @@ -205,7 +205,7 @@ public final class RsaKeyConverters { byte[] x509 = Base64.getDecoder().decode(base64Encoded.toString()); try (InputStream x509CertStream = new ByteArrayInputStream(x509)) { X509Certificate certificate = (X509Certificate) this.certificateFactory - .generateCertificate(x509CertStream); + .generateCertificate(x509CertStream); return (RSAPublicKey) certificate.getPublicKey(); } catch (CertificateException | IOException ex) { diff --git a/core/src/main/java/org/springframework/security/core/ComparableVersion.java b/core/src/main/java/org/springframework/security/core/ComparableVersion.java index 7e01b042aa..58e278754b 100644 --- a/core/src/main/java/org/springframework/security/core/ComparableVersion.java +++ b/core/src/main/java/org/springframework/security/core/ComparableVersion.java @@ -131,21 +131,21 @@ class ComparableVersion implements Comparable { } switch (item.getType()) { - case INT_ITEM: - int itemValue = ((IntItem) item).value; - return (value < itemValue) ? -1 : ((value == itemValue) ? 0 : 1); - case LONG_ITEM: - case BIGINTEGER_ITEM: - return -1; + case INT_ITEM: + int itemValue = ((IntItem) item).value; + return (value < itemValue) ? -1 : ((value == itemValue) ? 0 : 1); + case LONG_ITEM: + case BIGINTEGER_ITEM: + return -1; - case STRING_ITEM: - return 1; // 1.1 > 1-sp + case STRING_ITEM: + return 1; // 1.1 > 1-sp - case LIST_ITEM: - return 1; // 1.1 > 1-1 + case LIST_ITEM: + return 1; // 1.1 > 1-1 - default: - throw new IllegalStateException("invalid item: " + item.getClass()); + default: + throw new IllegalStateException("invalid item: " + item.getClass()); } } @@ -205,22 +205,22 @@ class ComparableVersion implements Comparable { } switch (item.getType()) { - case INT_ITEM: - return 1; - case LONG_ITEM: - long itemValue = ((LongItem) item).value; - return (value < itemValue) ? -1 : ((value == itemValue) ? 0 : 1); - case BIGINTEGER_ITEM: - return -1; + case INT_ITEM: + return 1; + case LONG_ITEM: + long itemValue = ((LongItem) item).value; + return (value < itemValue) ? -1 : ((value == itemValue) ? 0 : 1); + case BIGINTEGER_ITEM: + return -1; - case STRING_ITEM: - return 1; // 1.1 > 1-sp + case STRING_ITEM: + return 1; // 1.1 > 1-sp - case LIST_ITEM: - return 1; // 1.1 > 1-1 + case LIST_ITEM: + return 1; // 1.1 > 1-1 - default: - throw new IllegalStateException("invalid item: " + item.getClass()); + default: + throw new IllegalStateException("invalid item: " + item.getClass()); } } @@ -279,21 +279,21 @@ class ComparableVersion implements Comparable { } switch (item.getType()) { - case INT_ITEM: - case LONG_ITEM: - return 1; + case INT_ITEM: + case LONG_ITEM: + return 1; - case BIGINTEGER_ITEM: - return value.compareTo(((BigIntegerItem) item).value); + case BIGINTEGER_ITEM: + return value.compareTo(((BigIntegerItem) item).value); - case STRING_ITEM: - return 1; // 1.1 > 1-sp + case STRING_ITEM: + return 1; // 1.1 > 1-sp - case LIST_ITEM: - return 1; // 1.1 > 1-1 + case LIST_ITEM: + return 1; // 1.1 > 1-1 - default: - throw new IllegalStateException("invalid item: " + item.getClass()); + default: + throw new IllegalStateException("invalid item: " + item.getClass()); } } @@ -352,16 +352,16 @@ class ComparableVersion implements Comparable { if (followedByDigit && value.length() == 1) { // a1 = alpha-1, b1 = beta-1, m1 = milestone-1 switch (value.charAt(0)) { - case 'a': - value = "alpha"; - break; - case 'b': - value = "beta"; - break; - case 'm': - value = "milestone"; - break; - default: + case 'a': + value = "alpha"; + break; + case 'b': + value = "beta"; + break; + case 'm': + value = "milestone"; + break; + default: } } this.value = ALIASES.getProperty(value, value); @@ -403,19 +403,19 @@ class ComparableVersion implements Comparable { return comparableQualifier(value).compareTo(RELEASE_VERSION_INDEX); } switch (item.getType()) { - case INT_ITEM: - case LONG_ITEM: - case BIGINTEGER_ITEM: - return -1; // 1.any < 1.1 ? + case INT_ITEM: + case LONG_ITEM: + case BIGINTEGER_ITEM: + return -1; // 1.any < 1.1 ? - case STRING_ITEM: - return comparableQualifier(value).compareTo(comparableQualifier(((StringItem) item).value)); + case STRING_ITEM: + return comparableQualifier(value).compareTo(comparableQualifier(((StringItem) item).value)); - case LIST_ITEM: - return -1; // 1.any < 1-1 + case LIST_ITEM: + return -1; // 1.any < 1-1 - default: - throw new IllegalStateException("invalid item: " + item.getClass()); + default: + throw new IllegalStateException("invalid item: " + item.getClass()); } } @@ -485,34 +485,34 @@ class ComparableVersion implements Comparable { return first.compareTo(null); } switch (item.getType()) { - case INT_ITEM: - case LONG_ITEM: - case BIGINTEGER_ITEM: - return -1; // 1-1 < 1.0.x + case INT_ITEM: + case LONG_ITEM: + case BIGINTEGER_ITEM: + return -1; // 1-1 < 1.0.x - case STRING_ITEM: - return 1; // 1-1 > 1-sp + case STRING_ITEM: + return 1; // 1-1 > 1-sp - case LIST_ITEM: - Iterator left = iterator(); - Iterator right = ((ListItem) item).iterator(); + case LIST_ITEM: + Iterator left = iterator(); + Iterator right = ((ListItem) item).iterator(); - while (left.hasNext() || right.hasNext()) { - Item l = left.hasNext() ? left.next() : null; - Item r = right.hasNext() ? right.next() : null; + while (left.hasNext() || right.hasNext()) { + Item l = left.hasNext() ? left.next() : null; + Item r = right.hasNext() ? right.next() : null; - // if this is shorter, then invert the compare and mul with -1 - int result = l == null ? (r == null ? 0 : -1 * r.compareTo(l)) : l.compareTo(r); + // if this is shorter, then invert the compare and mul with -1 + int result = l == null ? (r == null ? 0 : -1 * r.compareTo(l)) : l.compareTo(r); - if (result != 0) { - return result; + if (result != 0) { + return result; + } } - } - return 0; + return 0; - default: - throw new IllegalStateException("invalid item: " + item.getClass()); + default: + throw new IllegalStateException("invalid item: " + item.getClass()); } } diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java index df54a6d6f1..2122dae285 100644 --- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java +++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java @@ -105,7 +105,7 @@ public final class SpringSecurityCoreVersion { private static String getSpringVersion() { Properties properties = new Properties(); try (InputStream is = SpringSecurityCoreVersion.class.getClassLoader() - .getResourceAsStream("META-INF/spring-security.versions")) { + .getResourceAsStream("META-INF/spring-security.versions")) { properties.load(is); } catch (IOException | NullPointerException ex) { diff --git a/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java b/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java index 1d544402f8..d9ac000b44 100644 --- a/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java +++ b/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java @@ -32,8 +32,8 @@ import org.springframework.security.core.Authentication; * @since 4.0 * * See: AuthenticationPrincipalArgumentResolver + * "{@docRoot}/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.html" > + * AuthenticationPrincipalArgumentResolver */ @Target({ ElementType.PARAMETER, ElementType.ANNOTATION_TYPE }) @Retention(RetentionPolicy.RUNTIME) diff --git a/core/src/main/java/org/springframework/security/core/annotation/CurrentSecurityContext.java b/core/src/main/java/org/springframework/security/core/annotation/CurrentSecurityContext.java index 11301ad7c1..a0687ab476 100644 --- a/core/src/main/java/org/springframework/security/core/annotation/CurrentSecurityContext.java +++ b/core/src/main/java/org/springframework/security/core/annotation/CurrentSecurityContext.java @@ -31,14 +31,14 @@ import java.lang.annotation.Target; * *

* See: CurrentSecurityContextArgumentResolver For Servlet + * "{@docRoot}/org/springframework/security/web/bind/support/CurrentSecurityContextArgumentResolver.html" > + * CurrentSecurityContextArgumentResolver For Servlet *

* *

* See: CurrentSecurityContextArgumentResolver For WebFlux + * "{@docRoot}/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.html" > + * CurrentSecurityContextArgumentResolver For WebFlux *

*/ @Target({ ElementType.PARAMETER, ElementType.ANNOTATION_TYPE }) diff --git a/core/src/main/java/org/springframework/security/core/parameters/P.java b/core/src/main/java/org/springframework/security/core/parameters/P.java index b6ece3bb30..060e2b2f5e 100644 --- a/core/src/main/java/org/springframework/security/core/parameters/P.java +++ b/core/src/main/java/org/springframework/security/core/parameters/P.java @@ -28,7 +28,6 @@ import java.lang.annotation.Target; * contain the parameter names. * * @see AnnotationParameterNameDiscoverer - * * @author Rob Winch * @since 5.0 */ diff --git a/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java b/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java index 34119b1d47..4aa6c2af75 100644 --- a/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java +++ b/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java @@ -41,8 +41,8 @@ import org.springframework.util.Assert; *

* For this class to function correctly in a web application, it is important that you * register an HttpSessionEventPublisher - * in the web.xml file so that this class is notified of sessions that expire. + * {@docRoot}/org/springframework/security/web/session/HttpSessionEventPublisher.html">HttpSessionEventPublisher in + * the web.xml file so that this class is notified of sessions that expire. * * @author Ben Alex * @author Luke Taylor @@ -158,16 +158,16 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener } this.sessionIds.remove(sessionId); this.principals.computeIfPresent(info.getPrincipal(), (key, sessionsUsedByPrincipal) -> { - this.logger.debug( - LogMessage.format("Removing session %s from principal's set of registered sessions", sessionId)); + this.logger + .debug(LogMessage.format("Removing session %s from principal's set of registered sessions", sessionId)); sessionsUsedByPrincipal.remove(sessionId); if (sessionsUsedByPrincipal.isEmpty()) { // No need to keep object in principals Map anymore this.logger.debug(LogMessage.format("Removing principal %s from registry", info.getPrincipal())); sessionsUsedByPrincipal = null; } - this.logger.trace( - LogMessage.format("Sessions used by '%s' : %s", info.getPrincipal(), sessionsUsedByPrincipal)); + this.logger + .trace(LogMessage.format("Sessions used by '%s' : %s", info.getPrincipal(), sessionsUsedByPrincipal)); return sessionsUsedByPrincipal; }); } diff --git a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java index cf3f0f0206..8ac12a5348 100644 --- a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java +++ b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java @@ -105,7 +105,7 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi return null; } String[] tokens = StringUtils - .delimitedListToStringArray(Utf8.decode(Base64.getDecoder().decode(Utf8.encode(key))), ":"); + .delimitedListToStringArray(Utf8.decode(Base64.getDecoder().decode(Utf8.encode(key))), ":"); Assert.isTrue(tokens.length >= 4, () -> "Expected 4 or more tokens but found " + tokens.length); long creationTime; try { diff --git a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java index 82a505ea16..9faac275e0 100644 --- a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java +++ b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java @@ -57,7 +57,7 @@ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetai private final Map users = new HashMap<>(); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private AuthenticationManager authenticationManager; @@ -130,7 +130,7 @@ public class InMemoryUserDetailsManager implements UserDetailsManager, UserDetai if (this.authenticationManager != null) { this.logger.debug(LogMessage.format("Reauthenticating user '%s' for password change request.", username)); this.authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated(username, oldPassword)); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated(username, oldPassword)); } else { this.logger.debug("No authentication manager set. Password won't be re-checked."); diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java index a700027e0e..d6a5b7c887 100644 --- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java +++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java @@ -110,7 +110,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa protected final Log logger = LogFactory.getLog(getClass()); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private String createUserSql = DEF_CREATE_USER_SQL; @@ -276,7 +276,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa if (this.authenticationManager != null) { this.logger.debug(LogMessage.format("Reauthenticating user '%s' for password change request.", username)); this.authenticationManager - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated(username, oldPassword)); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated(username, oldPassword)); } else { this.logger.debug("No authentication manager set. Password won't be re-checked."); diff --git a/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java b/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java index b8c291dde3..ee11ef2321 100644 --- a/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java +++ b/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java @@ -40,15 +40,15 @@ public class AuthenticationCredentialsNotFoundEventTests { @Test public void testRejectsNulls2() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), null, - new AuthenticationCredentialsNotFoundException("test"))); + .isThrownBy(() -> new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), null, + new AuthenticationCredentialsNotFoundException("test"))); } @Test public void testRejectsNulls3() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), - SecurityConfig.createList("TEST"), null)); + .isThrownBy(() -> new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), + SecurityConfig.createList("TEST"), null)); } } diff --git a/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java b/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java index cd1c569907..519eae87cc 100644 --- a/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java +++ b/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java @@ -44,7 +44,7 @@ public class AuthorizationFailureEventTests { @Test public void rejectsNullSecureObject() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthorizationFailureEvent(null, this.attributes, this.foo, this.exception)); + .isThrownBy(() -> new AuthorizationFailureEvent(null, this.attributes, this.foo, this.exception)); } @Test @@ -56,8 +56,8 @@ public class AuthorizationFailureEventTests { @Test public void rejectsNullAuthentication() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthorizationFailureEvent(new SimpleMethodInvocation(), this.attributes, null, - this.exception)); + .isThrownBy(() -> new AuthorizationFailureEvent(new SimpleMethodInvocation(), this.attributes, null, + this.exception)); } @Test diff --git a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java index 96af5b698a..469ce214bd 100644 --- a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java +++ b/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java @@ -48,7 +48,7 @@ public class SecurityConfigTests { @Test public void testNoArgConstructorDoesntExist() throws Exception { assertThatExceptionOfType(NoSuchMethodException.class) - .isThrownBy(() -> SecurityConfig.class.getDeclaredConstructor((Class[]) null)); + .isThrownBy(() -> SecurityConfig.class.getDeclaredConstructor((Class[]) null)); } @Test diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java index 4c6697d6a6..b702469a4a 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java +++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java @@ -69,21 +69,21 @@ public class Jsr250MethodSecurityMetadataSourceTests { @Test public void noRoleMethodHasNoAttributes() throws Exception { Collection accessAttributes = this.mds - .findAttributes(this.a.getClass().getMethod("noRoleMethod"), null); + .findAttributes(this.a.getClass().getMethod("noRoleMethod"), null); assertThat(accessAttributes).isNull(); } @Test public void classRoleIsAppliedToNoRoleMethod() throws Exception { Collection accessAttributes = this.mds - .findAttributes(this.userAllowed.getClass().getMethod("noRoleMethod"), null); + .findAttributes(this.userAllowed.getClass().getMethod("noRoleMethod"), null); assertThat(accessAttributes).isNull(); } @Test public void methodRoleOverridesClassRole() throws Exception { Collection accessAttributes = this.mds - .findAttributes(this.userAllowed.getClass().getMethod("adminMethod"), null); + .findAttributes(this.userAllowed.getClass().getMethod("adminMethod"), null); assertThat(accessAttributes).hasSize(1); assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_ADMIN"); } diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java index cc92d1eadf..67146fa833 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java +++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java @@ -42,15 +42,16 @@ public class Jsr250VoterTests { attrs.add(new Jsr250SecurityConfig("B")); attrs.add(new Jsr250SecurityConfig("C")); assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "A"), new Object(), attrs)) - .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); + .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "B"), new Object(), attrs)) - .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); + .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "C"), new Object(), attrs)) - .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); + .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "NONE"), new Object(), attrs)) - .isEqualTo(AccessDecisionVoter.ACCESS_DENIED); + .isEqualTo(AccessDecisionVoter.ACCESS_DENIED); assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "A"), new Object(), - SecurityConfig.createList("A", "B", "C"))).isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN); + SecurityConfig.createList("A", "B", "C"))) + .isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN); } } diff --git a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java index 1189a10b9f..e47af5b0b3 100644 --- a/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandlerTests.java @@ -53,9 +53,9 @@ public class AbstractSecurityExpressionHandlerTests { public void beanNamesAreCorrectlyResolved() { this.handler.setApplicationContext(new AnnotationConfigApplicationContext(TestConfiguration.class)); Expression expression = this.handler.getExpressionParser() - .parseExpression("@number10.compareTo(@number20) < 0"); + .parseExpression("@number10.compareTo(@number20) < 0"); assertThat(expression.getValue(this.handler.createEvaluationContext(mock(Authentication.class), new Object()))) - .isEqualTo(true); + .isEqualTo(true); } @Test diff --git a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java index 33c4a77fac..66b963b2a9 100644 --- a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java @@ -138,7 +138,7 @@ public class DefaultMethodSecurityExpressionHandlerTests { map.put("key2", "value2"); map.put("key3", "value3"); Expression expression = this.handler.getExpressionParser() - .parseExpression("(filterObject.key eq 'key1') or (filterObject.value eq 'value2')"); + .parseExpression("(filterObject.key eq 'key1') or (filterObject.value eq 'value2')"); EvaluationContext context = this.handler.createEvaluationContext(this.authentication, this.methodInvocation); Object filtered = this.handler.filter(map, expression, context); assertThat(filtered == map); @@ -181,8 +181,9 @@ public class DefaultMethodSecurityExpressionHandlerTests { this.methodInvocation); verifyNoInteractions(mockAuthenticationSupplier); assertThat(context.getRootObject()).extracting(TypedValue::getValue) - .asInstanceOf(InstanceOfAssertFactories.type(MethodSecurityExpressionRoot.class)) - .extracting(SecurityExpressionRoot::getAuthentication).isEqualTo(this.authentication); + .asInstanceOf(InstanceOfAssertFactories.type(MethodSecurityExpressionRoot.class)) + .extracting(SecurityExpressionRoot::getAuthentication) + .isEqualTo(this.authentication); verify(mockAuthenticationSupplier).get(); } diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java index 017e38061d..5fd30e9318 100644 --- a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java @@ -47,7 +47,7 @@ public class MethodExpressionVoterTests { MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray()); assertThat(this.am.vote(this.joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "hasRole('blah')")))) - .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); + .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); } @Test @@ -64,7 +64,7 @@ public class MethodExpressionVoterTests { assertThat(this.am.vote(this.joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "(#argument == principal) and (principal == 'joe')")))) - .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); + .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); } @Test @@ -73,7 +73,7 @@ public class MethodExpressionVoterTests { MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), arg); assertThat(this.am.vote(this.joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "collection", null)))) - .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); + .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); // All objects should have been removed, because the expression is always false assertThat(arg).isEmpty(); } @@ -117,7 +117,7 @@ public class MethodExpressionVoterTests { assertThat(this.am.vote(this.joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "T(org.springframework.security.access.expression.method.SecurityRules).isJoe(#argument)")))) - .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); + .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); } private List createAttributes(ConfigAttribute... attributes) { diff --git a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java index b723e29574..0709d2eb95 100644 --- a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java @@ -164,7 +164,7 @@ public class PrePostAnnotationSecurityMetadataSourceTests { @Test public void customAnnotationAtInterfaceLevelIsDetected() { ConfigAttribute[] attrs = this.mds.getAttributes(this.annotatedAtInterfaceLevel) - .toArray(new ConfigAttribute[0]); + .toArray(new ConfigAttribute[0]); assertThat(attrs).hasSize(1); } diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java index c8cbdd0dbd..6175ba64a2 100644 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyAuthoritiesMapperTests.java @@ -36,7 +36,7 @@ public class RoleHierarchyAuthoritiesMapperTests { rh.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C"); RoleHierarchyAuthoritiesMapper mapper = new RoleHierarchyAuthoritiesMapper(rh); Collection authorities = mapper - .mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D")); + .mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D")); assertThat(authorities).hasSize(4); mapper = new RoleHierarchyAuthoritiesMapper(new NullRoleHierarchy()); authorities = mapper.mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D")); diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java index dea1471b01..c95024d686 100644 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImplTests.java @@ -55,11 +55,14 @@ public class RoleHierarchyImplTests { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( - roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)) + .isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( - roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)) + .isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( - roleHierarchyImpl.getReachableGrantedAuthorities(authorities2), authorities2)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authorities2), authorities2)) + .isTrue(); } @Test @@ -71,10 +74,12 @@ public class RoleHierarchyImplTests { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( - roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)) + .isTrue(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_D"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( - roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)) + .isTrue(); } @Test @@ -91,35 +96,39 @@ public class RoleHierarchyImplTests { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( - roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput1), authoritiesOutput1)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput1), authoritiesOutput1)) + .isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( - roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput2), authoritiesOutput2)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput2), authoritiesOutput2)) + .isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( - roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput3), authoritiesOutput3)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput3), authoritiesOutput3)) + .isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( - roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput4), authoritiesOutput4)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authoritiesInput4), authoritiesOutput4)) + .isTrue(); } @Test public void testCyclesInRoleHierarchy() { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); assertThatExceptionOfType(CycleInRoleHierarchyException.class) - .isThrownBy(() -> roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_A")); + .isThrownBy(() -> roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_A")); assertThatExceptionOfType(CycleInRoleHierarchyException.class) - .isThrownBy(() -> roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_A")); + .isThrownBy(() -> roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_A")); assertThatExceptionOfType(CycleInRoleHierarchyException.class) - .isThrownBy(() -> roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_A")); + .isThrownBy(() -> roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_A")); assertThatExceptionOfType(CycleInRoleHierarchyException.class).isThrownBy(() -> roleHierarchyImpl - .setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_E\nROLE_E > ROLE_D\nROLE_D > ROLE_B")); + .setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_E\nROLE_E > ROLE_D\nROLE_D > ROLE_B")); assertThatExceptionOfType(CycleInRoleHierarchyException.class) - .isThrownBy(() -> roleHierarchyImpl.setHierarchy("ROLE_C > ROLE_B\nROLE_B > ROLE_A\nROLE_A > ROLE_B")); + .isThrownBy(() -> roleHierarchyImpl.setHierarchy("ROLE_C > ROLE_B\nROLE_B > ROLE_A\nROLE_A > ROLE_B")); } @Test public void testNoCyclesInRoleHierarchy() { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); assertThatNoException().isThrownBy(() -> roleHierarchyImpl - .setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D")); + .setHierarchy("ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D")); } // SEC-863 @@ -131,11 +140,14 @@ public class RoleHierarchyImplTests { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString( - roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)) + .isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString( - roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)) + .isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString( - roleHierarchyImpl.getReachableGrantedAuthorities(authorities2), authorities2)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authorities2), authorities2)) + .isTrue(); } @Test @@ -147,10 +159,12 @@ public class RoleHierarchyImplTests { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( - roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)) + .isTrue(); roleHierarchyImpl.setHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C\nROLE>C > ROLE D"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( - roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)).isTrue(); + roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)) + .isTrue(); } // gh-6954 @@ -163,7 +177,7 @@ public class RoleHierarchyImplTests { roleHierarchyImpl.setHierarchy( "ROLE_A > ROLE_B\n" + "ROLE_B > ROLE_AUTHENTICATED\n" + "ROLE_AUTHENTICATED > ROLE_UNAUTHENTICATED"); assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities)) - .containsExactlyInAnyOrderElementsOf(allAuthorities); + .containsExactlyInAnyOrderElementsOf(allAuthorities); } // gh-6954 @@ -174,9 +188,9 @@ public class RoleHierarchyImplTests { "ROLE_LOW", "ROLE_LOWER"); RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl - .setHierarchy("ROLE_HIGHEST > ROLE_HIGHER\n" + "ROLE_HIGHER > ROLE_LOW\n" + "ROLE_LOW > ROLE_LOWER"); + .setHierarchy("ROLE_HIGHEST > ROLE_HIGHER\n" + "ROLE_HIGHER > ROLE_LOW\n" + "ROLE_LOW > ROLE_LOWER"); assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities)) - .containsExactlyInAnyOrderElementsOf(allAuthorities); + .containsExactlyInAnyOrderElementsOf(allAuthorities); } // gh-6954 @@ -188,7 +202,7 @@ public class RoleHierarchyImplTests { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_HIGHEST > ROLE_HIGHER > ROLE_LOW > ROLE_LOWER"); assertThat(roleHierarchyImpl.getReachableGrantedAuthorities(flatAuthorities)) - .containsExactlyInAnyOrderElementsOf(allAuthorities); + .containsExactlyInAnyOrderElementsOf(allAuthorities); } } diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java index eb314c7178..cfd34e2817 100644 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtilsTests.java @@ -60,8 +60,8 @@ public class RoleHierarchyUtilsTests { @Test public void roleHierarchyFromMapWhenMapEmptyThenThrowsIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy( - () -> RoleHierarchyUtils.roleHierarchyFromMap(Collections.>emptyMap())); + assertThatIllegalArgumentException() + .isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(Collections.>emptyMap())); } @Test @@ -69,7 +69,7 @@ public class RoleHierarchyUtilsTests { Map> roleHierarchyMap = new HashMap<>(); roleHierarchyMap.put(null, Arrays.asList("ROLE_B", "ROLE_C")); assertThatIllegalArgumentException() - .isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap)); + .isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap)); } @Test @@ -77,7 +77,7 @@ public class RoleHierarchyUtilsTests { Map> roleHierarchyMap = new HashMap<>(); roleHierarchyMap.put("", Arrays.asList("ROLE_B", "ROLE_C")); assertThatIllegalArgumentException() - .isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap)); + .isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap)); } @Test @@ -85,7 +85,7 @@ public class RoleHierarchyUtilsTests { Map> roleHierarchyMap = new HashMap<>(); roleHierarchyMap.put("ROLE_A", null); assertThatIllegalArgumentException() - .isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap)); + .isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap)); } @Test @@ -93,7 +93,7 @@ public class RoleHierarchyUtilsTests { Map> roleHierarchyMap = new HashMap<>(); roleHierarchyMap.put("ROLE_A", Collections.emptyList()); assertThatIllegalArgumentException() - .isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap)); + .isThrownBy(() -> RoleHierarchyUtils.roleHierarchyFromMap(roleHierarchyMap)); } } diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java index 0588de0b21..2a80ab51b7 100644 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/TestHelperTests.java @@ -79,19 +79,19 @@ public class TestHelperTests { authoritiesStrings5.add("ROLE_A"); assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities1), authoritiesStrings1)) - .isTrue(); + .isTrue(); assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities2), authoritiesStrings2)) - .isTrue(); + .isTrue(); assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities3), authoritiesStrings3)) - .isTrue(); + .isTrue(); assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities4), authoritiesStrings4)) - .isTrue(); + .isTrue(); assertThat(CollectionUtils.isEqualCollection( HierarchicalRolesTestHelper.toCollectionOfAuthorityStrings(authorities5), authoritiesStrings5)) - .isTrue(); + .isTrue(); } // SEC-863 @@ -121,7 +121,8 @@ public class TestHelperTests { List authorities1 = HierarchicalRolesTestHelper.createAuthorityList("ROLE_A", "ROLE_B"); List authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString(authorities1, - authorities2)).isTrue(); + authorities2)) + .isTrue(); } // SEC-863 diff --git a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java index 90b3851d45..aba3efe718 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java @@ -57,15 +57,15 @@ public class AfterInvocationProviderManagerTests { List attr2and3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2", "GIVE_ME_SWAP3" }); List attr4 = SecurityConfig.createList(new String[] { "NEVER_CAUSES_SWAP" }); assertThat(manager.decide(null, new SimpleMethodInvocation(), attr1, "content-before-swapping")) - .isEqualTo("swap1"); + .isEqualTo("swap1"); assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2, "content-before-swapping")) - .isEqualTo("swap2"); + .isEqualTo("swap2"); assertThat(manager.decide(null, new SimpleMethodInvocation(), attr3, "content-before-swapping")) - .isEqualTo("swap3"); + .isEqualTo("swap3"); assertThat(manager.decide(null, new SimpleMethodInvocation(), attr4, "content-before-swapping")) - .isEqualTo("content-before-swapping"); + .isEqualTo("content-before-swapping"); assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2and3, "content-before-swapping")) - .isEqualTo("swap3"); + .isEqualTo("swap3"); } @Test diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java b/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java index 6d5294324c..35c1cde5ea 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java @@ -53,7 +53,7 @@ public class RunAsUserTokenTests { @Test public void testNoArgConstructorDoesntExist() { assertThatExceptionOfType(NoSuchMethodException.class) - .isThrownBy(() -> RunAsUserToken.class.getDeclaredConstructor((Class[]) null)); + .isThrownBy(() -> RunAsUserToken.class.getDeclaredConstructor((Class[]) null)); } @Test @@ -61,8 +61,8 @@ public class RunAsUserTokenTests { RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); assertThat(token.toString() - .lastIndexOf("Original Class: " + UsernamePasswordAuthenticationToken.class.getName().toString()) != -1) - .isTrue(); + .lastIndexOf("Original Class: " + UsernamePasswordAuthenticationToken.class.getName().toString()) != -1) + .isTrue(); } // SEC-1792 diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java index 7cb627c169..a120f7eb63 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java @@ -216,7 +216,7 @@ public class MethodSecurityInterceptorTests { mdsReturnsNull(); SecurityContextHolder.getContext().setAuthentication(this.token); assertThat(this.advisedTarget.publicMakeLowerCase("HELLO")) - .isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken false"); + .isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken false"); assertThat(!this.token.isAuthenticated()).isTrue(); } @@ -227,7 +227,7 @@ public class MethodSecurityInterceptorTests { mdsReturnsUserRole(); given(this.authman.authenticate(token)).willThrow(new BadCredentialsException("rejected")); assertThatExceptionOfType(AuthenticationException.class) - .isThrownBy(() -> this.advisedTarget.makeLowerCase("HELLO")); + .isThrownBy(() -> this.advisedTarget.makeLowerCase("HELLO")); } @Test @@ -239,7 +239,7 @@ public class MethodSecurityInterceptorTests { String result = this.advisedTarget.makeLowerCase("HELLO"); // Note we check the isAuthenticated remained true in following line assertThat(result) - .isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken true"); + .isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken true"); verify(this.eventPublisher).publishEvent(any(AuthorizedEvent.class)); } @@ -251,10 +251,10 @@ public class MethodSecurityInterceptorTests { createTarget(true); mdsReturnsUserRole(); given(this.authman.authenticate(this.token)).willReturn(this.token); - willThrow(new AccessDeniedException("rejected")).given(this.adm).decide(any(Authentication.class), - any(MethodInvocation.class), any(List.class)); + willThrow(new AccessDeniedException("rejected")).given(this.adm) + .decide(any(Authentication.class), any(MethodInvocation.class), any(List.class)); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.advisedTarget.makeUpperCase("HELLO")); + .isThrownBy(() -> this.advisedTarget.makeUpperCase("HELLO")); verify(this.eventPublisher).publishEvent(any(AuthorizationFailureEvent.class)); } @@ -305,7 +305,7 @@ public class MethodSecurityInterceptorTests { public void emptySecurityContextIsRejected() { mdsReturnsUserRole(); assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> this.advisedTarget.makeUpperCase("hello")); + .isThrownBy(() -> this.advisedTarget.makeUpperCase("hello")); } @Test diff --git a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java index 21417d78a7..4afe87616d 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java @@ -128,7 +128,7 @@ public class AspectJMethodSecurityInterceptorTests { willThrow(new AccessDeniedException("denied")).given(this.adm).decide(any(), any(), any()); SecurityContextHolder.getContext().setAuthentication(this.token); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.interceptor.invoke(this.joinPoint, this.aspectJCallback)); + .isThrownBy(() -> this.interceptor.invoke(this.joinPoint, this.aspectJCallback)); verify(this.aspectJCallback, never()).proceedWithObject(); } @@ -153,7 +153,7 @@ public class AspectJMethodSecurityInterceptorTests { this.interceptor.setAfterInvocationManager(aim); given(this.aspectJCallback.proceedWithObject()).willThrow(new RuntimeException()); assertThatExceptionOfType(RuntimeException.class) - .isThrownBy(() -> this.interceptor.invoke(this.joinPoint, this.aspectJCallback)); + .isThrownBy(() -> this.interceptor.invoke(this.joinPoint, this.aspectJCallback)); verifyNoMoreInteractions(aim); } @@ -171,7 +171,7 @@ public class AspectJMethodSecurityInterceptorTests { given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken); given(this.aspectJCallback.proceedWithObject()).willThrow(new RuntimeException()); assertThatExceptionOfType(RuntimeException.class) - .isThrownBy(() -> this.interceptor.invoke(this.joinPoint, this.aspectJCallback)); + .isThrownBy(() -> this.interceptor.invoke(this.joinPoint, this.aspectJCallback)); // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token); diff --git a/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java b/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java index c5206cc69e..3d388d2f48 100644 --- a/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java +++ b/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java @@ -46,7 +46,7 @@ public class DelegatingMethodSecurityMetadataSourceTests { List sources = new ArrayList(); MethodSecurityMetadataSource delegate = mock(MethodSecurityMetadataSource.class); given(delegate.getAttributes(ArgumentMatchers.any(), ArgumentMatchers.any(Class.class))) - .willReturn(null); + .willReturn(null); sources.add(delegate); this.mds = new DelegatingMethodSecurityMetadataSource(sources); assertThat(this.mds.getMethodSecurityMetadataSources()).isSameAs(sources); @@ -74,7 +74,7 @@ public class DelegatingMethodSecurityMetadataSourceTests { // Exercise the cached case assertThat(this.mds.getAttributes(mi)).isSameAs(attributes); assertThat(this.mds.getAttributes(new SimpleMethodInvocation(null, String.class.getMethod("length")))) - .isEmpty(); + .isEmpty(); } } diff --git a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java index d208cadb93..74a7c779d1 100644 --- a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java @@ -61,11 +61,11 @@ public class AffirmativeBasedTests { this.abstain = mock(AccessDecisionVoter.class); this.deny = mock(AccessDecisionVoter.class); given(this.grant.vote(any(Authentication.class), any(Object.class), any(List.class))) - .willReturn(AccessDecisionVoter.ACCESS_GRANTED); + .willReturn(AccessDecisionVoter.ACCESS_GRANTED); given(this.abstain.vote(any(Authentication.class), any(Object.class), any(List.class))) - .willReturn(AccessDecisionVoter.ACCESS_ABSTAIN); + .willReturn(AccessDecisionVoter.ACCESS_ABSTAIN); given(this.deny.vote(any(Authentication.class), any(Object.class), any(List.class))) - .willReturn(AccessDecisionVoter.ACCESS_DENIED); + .willReturn(AccessDecisionVoter.ACCESS_DENIED); } @Test @@ -95,7 +95,7 @@ public class AffirmativeBasedTests { this.mgr = new AffirmativeBased( Arrays.>asList(this.deny, this.abstain, this.abstain)); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.mgr.decide(this.user, new Object(), this.attrs)); + .isThrownBy(() -> this.mgr.decide(this.user, new Object(), this.attrs)); } @Test @@ -104,7 +104,7 @@ public class AffirmativeBasedTests { Arrays.>asList(this.abstain, this.abstain, this.abstain)); assertThat(!this.mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.mgr.decide(this.user, new Object(), this.attrs)); + .isThrownBy(() -> this.mgr.decide(this.user, new Object(), this.attrs)); } @Test diff --git a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java index 29258866e3..18cd2f834e 100644 --- a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java @@ -68,7 +68,7 @@ public class ConsensusBasedTests { TestingAuthenticationToken auth = makeTestToken(); ConsensusBased mgr = makeDecisionManager(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"))); + .isThrownBy(() -> mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"))); } @Test @@ -77,7 +77,7 @@ public class ConsensusBasedTests { ConsensusBased mgr = makeDecisionManager(); assertThat(!mgr.isAllowIfAllAbstainDecisions()).isTrue(); // check default assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"))); + .isThrownBy(() -> mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"))); } @Test diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java index 86bf83ca8f..5a06cc403b 100644 --- a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java @@ -35,7 +35,7 @@ public class RoleHierarchyVoterTests { TestingAuthenticationToken auth = new TestingAuthenticationToken("user", "password", "ROLE_A"); RoleHierarchyVoter voter = new RoleHierarchyVoter(roleHierarchyImpl); assertThat(voter.vote(auth, new Object(), SecurityConfig.createList("ROLE_B"))) - .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); + .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); } } diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java b/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java index eab34e8ad9..282b20a851 100644 --- a/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java +++ b/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java @@ -37,7 +37,7 @@ public class RoleVoterTests { Authentication userAB = new TestingAuthenticationToken("user", "pass", "A", "B"); // Vote on attribute list that has two attributes A and C (i.e. only one matching) assertThat(voter.vote(userAB, this, SecurityConfig.createList("A", "C"))) - .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); + .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); } // SEC-3128 @@ -47,7 +47,7 @@ public class RoleVoterTests { voter.setRolePrefix(""); Authentication notAuthenitcated = null; assertThat(voter.vote(notAuthenitcated, this, SecurityConfig.createList("A"))) - .isEqualTo(AccessDecisionVoter.ACCESS_DENIED); + .isEqualTo(AccessDecisionVoter.ACCESS_DENIED); } } diff --git a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java index 50fe83b212..cbf9125521 100644 --- a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationTokenTests.java @@ -53,7 +53,7 @@ public class AbstractAuthenticationTokenTests { List gotAuthorities = (List) token.getAuthorities(); assertThat(gotAuthorities).isNotSameAs(this.authorities); assertThatExceptionOfType(UnsupportedOperationException.class) - .isThrownBy(() -> gotAuthorities.set(0, new SimpleGrantedAuthority("ROLE_SUPER_USER"))); + .isThrownBy(() -> gotAuthorities.set(0, new SimpleGrantedAuthority("ROLE_SUPER_USER"))); } @Test diff --git a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java index 5ef929b5cb..74bdcb6653 100644 --- a/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java +++ b/core/src/test/java/org/springframework/security/authentication/AuthenticationTrustResolverImplTests.java @@ -35,10 +35,10 @@ public class AuthenticationTrustResolverImplTests { AuthenticationTrustResolverImpl trustResolver = new AuthenticationTrustResolverImpl(); assertThat(trustResolver.isAnonymous( new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("ignored")))) - .isTrue(); + .isTrue(); assertThat(trustResolver.isAnonymous( new TestingAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("ignored")))) - .isFalse(); + .isFalse(); } @Test @@ -46,10 +46,10 @@ public class AuthenticationTrustResolverImplTests { AuthenticationTrustResolverImpl trustResolver = new AuthenticationTrustResolverImpl(); assertThat(trustResolver.isRememberMe( new RememberMeAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("ignored")))) - .isTrue(); + .isTrue(); assertThat(trustResolver.isAnonymous( new TestingAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("ignored")))) - .isFalse(); + .isFalse(); } @Test diff --git a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java index 2eec7d4e9e..0a3f010017 100644 --- a/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java +++ b/core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java @@ -118,7 +118,7 @@ public class DefaultAuthenticationEventPublisherTests { Properties p = new Properties(); p.put(MockAuthenticationException.class.getName(), "NoSuchClass"); assertThatExceptionOfType(RuntimeException.class) - .isThrownBy(() -> this.publisher.setAdditionalExceptionMappings(p)); + .isThrownBy(() -> this.publisher.setAdditionalExceptionMappings(p)); } @Test @@ -174,7 +174,7 @@ public class DefaultAuthenticationEventPublisherTests { public void defaultAuthenticationFailureEventClassSetNullThen() { this.publisher = new DefaultAuthenticationEventPublisher(); assertThatIllegalArgumentException() - .isThrownBy(() -> this.publisher.setDefaultAuthenticationFailureEvent(null)); + .isThrownBy(() -> this.publisher.setDefaultAuthenticationFailureEvent(null)); } @Test @@ -192,7 +192,7 @@ public class DefaultAuthenticationEventPublisherTests { public void defaultAuthenticationFailureEventMissingAppropriateConstructorThen() { this.publisher = new DefaultAuthenticationEventPublisher(); assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.publisher - .setDefaultAuthenticationFailureEvent(AuthenticationFailureEventWithoutAppropriateConstructor.class)); + .setDefaultAuthenticationFailureEvent(AuthenticationFailureEventWithoutAppropriateConstructor.class)); } private static final class AuthenticationFailureEventWithoutAppropriateConstructor diff --git a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java index 59bbc448f5..dd89bd7c89 100644 --- a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java @@ -61,7 +61,7 @@ public class DelegatingReactiveAuthenticationManagerTests { // delay to try and force delegate2 to finish (i.e. make sure we didn't use // flatMap) given(this.delegate1.authenticate(any())) - .willReturn(Mono.just(this.authentication).delayElement(Duration.ofMillis(100))); + .willReturn(Mono.just(this.authentication).delayElement(Duration.ofMillis(100))); DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1, this.delegate2); StepVerifier.create(manager.authenticate(this.authentication)).expectNext(this.authentication).verifyComplete(); @@ -72,8 +72,9 @@ public class DelegatingReactiveAuthenticationManagerTests { given(this.delegate1.authenticate(any())).willReturn(Mono.error(new BadCredentialsException("Test"))); DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1, this.delegate2); - StepVerifier.create(manager.authenticate(this.authentication)).expectError(BadCredentialsException.class) - .verify(); + StepVerifier.create(manager.authenticate(this.authentication)) + .expectError(BadCredentialsException.class) + .verify(); } } diff --git a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java index b64dbce4fe..9b98bd522a 100644 --- a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java @@ -113,7 +113,7 @@ public class ProviderManagerTests { @Test public void testStartupFailsIfProvidersContainNullElement() { assertThatIllegalArgumentException() - .isThrownBy(() -> new ProviderManager(Arrays.asList(mock(AuthenticationProvider.class), null))); + .isThrownBy(() -> new ProviderManager(Arrays.asList(mock(AuthenticationProvider.class), null))); } // gh-8689 @@ -173,9 +173,9 @@ public class ProviderManagerTests { @Test public void authenticationExceptionIsRethrownIfNoLaterProviderAuthenticates() { ProviderManager mgr = new ProviderManager(Arrays - .asList(createProviderWhichThrows(new BadCredentialsException("")), createProviderWhichReturns(null))); + .asList(createProviderWhichThrows(new BadCredentialsException("")), createProviderWhichReturns(null))); assertThatExceptionOfType(BadCredentialsException.class) - .isThrownBy(() -> mgr.authenticate(mock(Authentication.class))); + .isThrownBy(() -> mgr.authenticate(mock(Authentication.class))); } // SEC-546 @@ -186,7 +186,7 @@ public class ProviderManagerTests { AuthenticationProvider otherProvider = mock(AuthenticationProvider.class); ProviderManager authMgr = new ProviderManager(Arrays.asList(iThrowAccountStatusException, otherProvider)); assertThatExceptionOfType(AccountStatusException.class) - .isThrownBy(() -> authMgr.authenticate(mock(Authentication.class))); + .isThrownBy(() -> authMgr.authenticate(mock(Authentication.class))); verifyNoInteractions(otherProvider); } @@ -208,7 +208,7 @@ public class ProviderManagerTests { AuthenticationManager parent = mock(AuthenticationManager.class); ProviderManager mgr = new ProviderManager(Collections.singletonList(iThrowAccountStatusException), parent); assertThatExceptionOfType(AccountStatusException.class) - .isThrownBy(() -> mgr.authenticate(mock(Authentication.class))); + .isThrownBy(() -> mgr.authenticate(mock(Authentication.class))); verifyNoInteractions(parent); } @@ -224,7 +224,7 @@ public class ProviderManagerTests { Collections.singletonList(createProviderWhichThrows(new BadCredentialsException(""))), parent); mgr.setAuthenticationEventPublisher(publisher); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> mgr.authenticate(authReq)) - .satisfies((ex) -> verify(publisher).publishAuthenticationFailure(ex, authReq)); + .satisfies((ex) -> verify(publisher).publishAuthenticationFailure(ex, authReq)); } @Test @@ -240,7 +240,7 @@ public class ProviderManagerTests { BadCredentialsException expected = new BadCredentialsException("I'm the one from the parent"); given(parent.authenticate(authReq)).willThrow(expected); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> mgr.authenticate(authReq)) - .isSameAs(expected); + .isSameAs(expected); } @Test @@ -264,7 +264,7 @@ public class ProviderManagerTests { createProviderWhichThrows(new BadCredentialsException("Oops"))), null); Authentication authReq = mock(Authentication.class); assertThatExceptionOfType(InternalAuthenticationServiceException.class) - .isThrownBy(() -> mgr.authenticate(authReq)); + .isThrownBy(() -> mgr.authenticate(authReq)); } // gh-6281 @@ -279,7 +279,7 @@ public class ProviderManagerTests { childMgr.setAuthenticationEventPublisher(publisher); final Authentication authReq = mock(Authentication.class); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> childMgr.authenticate(authReq)) - .isSameAs(badCredentialsExParent); + .isSameAs(badCredentialsExParent); verify(publisher).publishAuthenticationFailure(badCredentialsExParent, authReq); // Parent // publishes verifyNoMoreInteractions(publisher); // Child should not publish (duplicate event) diff --git a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java index cca23a0dae..bb49d81882 100644 --- a/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/ReactiveUserDetailsServiceAuthenticationManagerTests.java @@ -66,7 +66,7 @@ public class ReactiveUserDetailsServiceAuthenticationManagerTests { @Test public void constructorNullUserDetailsService() { assertThatIllegalArgumentException() - .isThrownBy(() -> new UserDetailsRepositoryReactiveAuthenticationManager(null)); + .isThrownBy(() -> new UserDetailsRepositoryReactiveAuthenticationManager(null)); } @Test diff --git a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java index b7cdf7989f..d2680e3624 100644 --- a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java @@ -127,7 +127,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.unauthenticated(this.user, this.user.getPassword()); assertThatExceptionOfType(BadCredentialsException.class) - .isThrownBy(() -> this.manager.authenticate(token).block()); + .isThrownBy(() -> this.manager.authenticate(token).block()); verifyNoMoreInteractions(this.userDetailsPasswordService); } @@ -151,9 +151,11 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { given(this.encoder.matches(any(), any())).willReturn(true); this.manager.setPasswordEncoder(this.encoder); this.manager.setPostAuthenticationChecks(this.postAuthenticationChecks); - assertThatExceptionOfType(LockedException.class).isThrownBy(() -> this.manager + assertThatExceptionOfType(LockedException.class) + .isThrownBy(() -> this.manager .authenticate(UsernamePasswordAuthenticationToken.unauthenticated(this.user, this.user.getPassword())) - .block()).withMessage("account is locked"); + .block()) + .withMessage("account is locked"); verify(this.postAuthenticationChecks).check(eq(this.user)); } @@ -182,7 +184,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests { UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.unauthenticated(expiredUser, expiredUser.getPassword()); assertThatExceptionOfType(AccountExpiredException.class) - .isThrownBy(() -> this.manager.authenticate(token).block()); + .isThrownBy(() -> this.manager.authenticate(token).block()); } @Test diff --git a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java index 4f9e38e766..acc84f6913 100644 --- a/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/UsernamePasswordAuthenticationTokenTests.java @@ -45,7 +45,7 @@ public class UsernamePasswordAuthenticationTokenTests { // Now let's create a UsernamePasswordAuthenticationToken without any // GrantedAuthorty[]s (different constructor) UsernamePasswordAuthenticationToken noneGrantedToken = UsernamePasswordAuthenticationToken - .unauthenticated("Test", "Password"); + .unauthenticated("Test", "Password"); assertThat(!noneGrantedToken.isAuthenticated()).isTrue(); // check we're allowed to still set it to untrusted noneGrantedToken.setAuthenticated(false); @@ -68,7 +68,7 @@ public class UsernamePasswordAuthenticationTokenTests { public void testNoArgConstructorDoesntExist() throws Exception { Class clazz = UsernamePasswordAuthenticationToken.class; assertThatExceptionOfType(NoSuchMethodException.class) - .isThrownBy(() -> clazz.getDeclaredConstructor((Class[]) null)); + .isThrownBy(() -> clazz.getDeclaredConstructor((Class[]) null)); } @Test diff --git a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java index 780d391418..ca526434f7 100644 --- a/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/anonymous/AnonymousAuthenticationTokenTests.java @@ -45,7 +45,7 @@ public class AnonymousAuthenticationTokenTests { assertThatIllegalArgumentException().isThrownBy(() -> new AnonymousAuthenticationToken("key", null, ROLES_12)); assertThatIllegalArgumentException().isThrownBy(() -> new AnonymousAuthenticationToken("key", "Test", null)); assertThatIllegalArgumentException() - .isThrownBy(() -> new AnonymousAuthenticationToken("key", "Test", AuthorityUtils.NO_AUTHORITIES)); + .isThrownBy(() -> new AnonymousAuthenticationToken("key", "Test", AuthorityUtils.NO_AUTHORITIES)); } @Test @@ -68,7 +68,7 @@ public class AnonymousAuthenticationTokenTests { @Test public void testNoArgConstructorDoesntExist() { assertThatExceptionOfType(NoSuchMethodException.class) - .isThrownBy(() -> AnonymousAuthenticationToken.class.getDeclaredConstructor((Class[]) null)); + .isThrownBy(() -> AnonymousAuthenticationToken.class.getDeclaredConstructor((Class[]) null)); } @Test @@ -104,7 +104,7 @@ public class AnonymousAuthenticationTokenTests { @Test public void constructorWhenNullAuthoritiesThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AnonymousAuthenticationToken("key", "principal", null)); + .isThrownBy(() -> new AnonymousAuthenticationToken("key", "principal", null)); } @Test diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java index 0b6bf51210..b0ee8d7fb0 100644 --- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java @@ -88,9 +88,9 @@ public class DaoAuthenticationProviderTests { provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); UsernamePasswordAuthenticationToken authenticationToken = UsernamePasswordAuthenticationToken - .unauthenticated("rod", null); + .unauthenticated("rod", null); assertThatExceptionOfType(BadCredentialsException.class) - .isThrownBy(() -> provider.authenticate(authenticationToken)); + .isThrownBy(() -> provider.authenticate(authenticationToken)); } @Test @@ -123,7 +123,7 @@ public class DaoAuthenticationProviderTests { // Check that wrong password causes BadCredentialsException, rather than // CredentialsExpiredException assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> provider - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("peter", "wrong_password"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("peter", "wrong_password"))); } @Test @@ -143,7 +143,7 @@ public class DaoAuthenticationProviderTests { provider.setUserDetailsService(new MockUserDetailsServiceSimulateBackendError()); provider.setUserCache(new MockUserCache()); assertThatExceptionOfType(InternalAuthenticationServiceException.class) - .isThrownBy(() -> provider.authenticate(token)); + .isThrownBy(() -> provider.authenticate(token)); } @Test @@ -329,7 +329,7 @@ public class DaoAuthenticationProviderTests { DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceReturnsNull()); assertThatExceptionOfType(AuthenticationServiceException.class).isThrownBy(() -> provider.authenticate(token)) - .withMessage("UserDetailsService returned null, which is an interface contract violation"); + .withMessage("UserDetailsService returned null, which is an interface contract violation"); } @Test @@ -449,7 +449,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken foundUser = UsernamePasswordAuthenticationToken.unauthenticated("rod", "koala"); UsernamePasswordAuthenticationToken notFoundUser = UsernamePasswordAuthenticationToken - .unauthenticated("notFound", "koala"); + .unauthenticated("notFound", "koala"); PasswordEncoder encoder = new BCryptPasswordEncoder(10, new SecureRandom()); DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); provider.setHideUserNotFoundExceptions(false); @@ -468,13 +468,15 @@ public class DaoAuthenticationProviderTests { for (int i = 0; i < sampleSize; i++) { long start = System.currentTimeMillis(); assertThatExceptionOfType(UsernameNotFoundException.class) - .isThrownBy(() -> provider.authenticate(notFoundUser)); + .isThrownBy(() -> provider.authenticate(notFoundUser)); userNotFoundTimes.add(System.currentTimeMillis() - start); } double userFoundAvg = avg(userFoundTimes); double userNotFoundAvg = avg(userNotFoundTimes); - assertThat(Math.abs(userNotFoundAvg - userFoundAvg) <= 3).withFailMessage("User not found average " - + userNotFoundAvg + " should be within 3ms of user found average " + userFoundAvg).isTrue(); + assertThat(Math.abs(userNotFoundAvg - userFoundAvg) <= 3) + .withFailMessage("User not found average " + userNotFoundAvg + + " should be within 3ms of user found average " + userFoundAvg) + .isTrue(); } private double avg(List counts) { diff --git a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java index 605a161546..c357ec107a 100644 --- a/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java +++ b/core/src/test/java/org/springframework/security/authentication/event/AuthenticationEventTests.java @@ -35,7 +35,7 @@ public class AuthenticationEventTests { private Authentication getAuthentication() { UsernamePasswordAuthenticationToken authentication = UsernamePasswordAuthenticationToken - .unauthenticated("Principal", "Credentials"); + .unauthenticated("Principal", "Credentials"); authentication.setDetails("127.0.0.1"); return authentication; } @@ -65,7 +65,7 @@ public class AuthenticationEventTests { @Test public void testRejectsNullAuthenticationException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthenticationFailureDisabledEvent(getAuthentication(), null)); + .isThrownBy(() -> new AuthenticationFailureDisabledEvent(getAuthentication(), null)); } } diff --git a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java index 07133b8864..eb0eb41f49 100644 --- a/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/event/LoggerListenerTests.java @@ -31,7 +31,7 @@ public class LoggerListenerTests { private Authentication getAuthentication() { UsernamePasswordAuthenticationToken authentication = UsernamePasswordAuthenticationToken - .unauthenticated("Principal", "Credentials"); + .unauthenticated("Principal", "Credentials"); authentication.setDetails("127.0.0.1"); return authentication; } diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java index 3df2268f58..ea9bab5653 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java @@ -121,7 +121,7 @@ public class DefaultJaasAuthenticationProviderTests { @Test public void authenticateBadUser() { assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> this.provider - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("asdf", "password"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("asdf", "password"))); verifyFailedLogin(); } @@ -236,7 +236,7 @@ public class DefaultJaasAuthenticationProviderTests { private void verifyFailedLogin() { ArgumentCaptor event = ArgumentCaptor - .forClass(JaasAuthenticationFailedEvent.class); + .forClass(JaasAuthenticationFailedEvent.class); verify(this.publisher).publishEvent(event.capture()); assertThat(event.getValue()).isInstanceOf(JaasAuthenticationFailedEvent.class); assertThat(event.getValue().getException()).isNotNull(); diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java index 4da9805811..57c751f3cb 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java @@ -76,20 +76,20 @@ public class JaasAuthenticationProviderTests { @Test public void testBadPassword() { assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> this.jaasProvider - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "asdf"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "asdf"))); assertThat(this.eventCheck.failedEvent).as("Failure event not fired").isNotNull(); assertThat(this.eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null") - .isNotNull(); + .isNotNull(); assertThat(this.eventCheck.successEvent).as("Success event was fired").isNull(); } @Test public void testBadUser() { assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> this.jaasProvider - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("asdf", "password"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("asdf", "password"))); assertThat(this.eventCheck.failedEvent).as("Failure event not fired").isNotNull(); assertThat(this.eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null") - .isNotNull(); + .isNotNull(); assertThat(this.eventCheck.successEvent).as("Success event was fired").isNull(); } @@ -110,7 +110,7 @@ public class JaasAuthenticationProviderTests { myJaasProvider.setCallbackHandlers(this.jaasProvider.getCallbackHandlers()); myJaasProvider.setLoginContextName(this.jaasProvider.getLoginContextName()); assertThatIllegalArgumentException().isThrownBy(() -> myJaasProvider.afterPropertiesSet()) - .withMessageStartingWith("loginConfig must be set on"); + .withMessageStartingWith("loginConfig must be set on"); } // SEC-1239 @@ -150,10 +150,10 @@ public class JaasAuthenticationProviderTests { myJaasProvider.setLoginConfig(this.jaasProvider.getLoginConfig()); myJaasProvider.setLoginContextName(null); assertThatIllegalArgumentException().isThrownBy(myJaasProvider::afterPropertiesSet) - .withMessageStartingWith("loginContextName must be set on"); + .withMessageStartingWith("loginContextName must be set on"); myJaasProvider.setLoginContextName(""); assertThatIllegalArgumentException().isThrownBy(myJaasProvider::afterPropertiesSet) - .withMessageStartingWith("loginContextName must be set on"); + .withMessageStartingWith("loginContextName must be set on"); } @Test @@ -169,7 +169,7 @@ public class JaasAuthenticationProviderTests { Collection list = auth.getAuthorities(); Set set = AuthorityUtils.authorityListToSet(list); assertThat(set.contains("ROLE_ONE")).withFailMessage("GrantedAuthorities should not contain ROLE_ONE") - .isFalse(); + .isFalse(); assertThat(set.contains("ROLE_TEST1")).withFailMessage("GrantedAuthorities should contain ROLE_TEST1").isTrue(); assertThat(set.contains("ROLE_TEST2")).withFailMessage("GrantedAuthorities should contain ROLE_TEST2").isTrue(); boolean foundit = false; @@ -177,14 +177,14 @@ public class JaasAuthenticationProviderTests { if (a instanceof JaasGrantedAuthority) { JaasGrantedAuthority grant = (JaasGrantedAuthority) a; assertThat(grant.getPrincipal()).withFailMessage("Principal was null on JaasGrantedAuthority") - .isNotNull(); + .isNotNull(); foundit = true; } } assertThat(foundit).as("Could not find a JaasGrantedAuthority").isTrue(); assertThat(this.eventCheck.successEvent).as("Success event should be fired").isNotNull(); assertThat(this.eventCheck.successEvent.getAuthentication()).withFailMessage("Auth objects should be equal") - .isEqualTo(auth); + .isEqualTo(auth); assertThat(this.eventCheck.failedEvent).as("Failure event should not be fired").isNull(); } @@ -226,13 +226,13 @@ public class JaasAuthenticationProviderTests { assertThat(this.jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue(); Authentication auth = this.jaasProvider.authenticate(token); assertThat(auth.getAuthorities()).withFailMessage("Only ROLE_TEST1 and ROLE_TEST2 should have been returned") - .hasSize(2); + .hasSize(2); } @Test public void testUnsupportedAuthenticationObjectReturnsNull() { assertThat(this.jaasProvider - .authenticate(new TestingAuthenticationToken("foo", "bar", AuthorityUtils.NO_AUTHORITIES))).isNull(); + .authenticate(new TestingAuthenticationToken("foo", "bar", AuthorityUtils.NO_AUTHORITIES))).isNull(); } private static class MockLoginContext extends LoginContext { diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java index 8861daa15f..e50a7aa739 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasGrantedAuthorityTests.java @@ -29,13 +29,13 @@ public class JaasGrantedAuthorityTests { @Test public void authorityWithNullRoleFailsAssertion() { assertThatIllegalArgumentException().isThrownBy(() -> new JaasGrantedAuthority(null, null)) - .withMessageContaining("role cannot be null"); + .withMessageContaining("role cannot be null"); } @Test public void authorityWithNullPrincipleFailsAssertion() { assertThatIllegalArgumentException().isThrownBy(() -> new JaasGrantedAuthority("role", null)) - .withMessageContaining("principal cannot be null"); + .withMessageContaining("principal cannot be null"); } } diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java index dad7d300ad..cf377350ee 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/SecurityContextLoginModuleTests.java @@ -83,9 +83,10 @@ public class SecurityContextLoginModuleTests { SecurityContextHolder.getContext().setAuthentication(this.auth); assertThat(this.module.login()).as("Login should succeed, there is an authentication set").isTrue(); assertThat(this.module.commit()).withFailMessage("The authentication is not null, this should return true") - .isTrue(); + .isTrue(); assertThat(this.subject.getPrincipals().contains(this.auth)) - .withFailMessage("Principals should contain the authentication").isTrue(); + .withFailMessage("Principals should contain the authentication") + .isTrue(); } @Test @@ -95,9 +96,10 @@ public class SecurityContextLoginModuleTests { this.module.setSecurityContextHolderStrategy(securityContextHolderStrategy); assertThat(this.module.login()).as("Login should succeed, there is an authentication set").isTrue(); assertThat(this.module.commit()).withFailMessage("The authentication is not null, this should return true") - .isTrue(); + .isTrue(); assertThat(this.subject.getPrincipals().contains(this.auth)) - .withFailMessage("Principals should contain the authentication").isTrue(); + .withFailMessage("Principals should contain the authentication") + .isTrue(); } @Test @@ -107,7 +109,8 @@ public class SecurityContextLoginModuleTests { assertThat(this.module.logout()).as("Should return true as it succeeds").isTrue(); assertThat(this.module.getAuthentication()).as("Authentication should be null").isNull(); assertThat(this.subject.getPrincipals().contains(this.auth)) - .withFailMessage("Principals should not contain the authentication after logout").isFalse(); + .withFailMessage("Principals should not contain the authentication after logout") + .isFalse(); } @Test diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java index 79a66e8ed4..0bb7b6896a 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/memory/InMemoryConfigurationTests.java @@ -59,19 +59,19 @@ public class InMemoryConfigurationTests { @Test public void constructorNullMapped() { assertThatIllegalArgumentException() - .isThrownBy(() -> new InMemoryConfiguration((Map) null)); + .isThrownBy(() -> new InMemoryConfiguration((Map) null)); } @Test public void constructorEmptyMap() { assertThat(new InMemoryConfiguration(Collections.emptyMap()) - .getAppConfigurationEntry("name")).isNull(); + .getAppConfigurationEntry("name")).isNull(); } @Test public void constructorEmptyMapNullDefault() { assertThat(new InMemoryConfiguration(Collections.emptyMap(), null) - .getAppConfigurationEntry("name")).isNull(); + .getAppConfigurationEntry("name")).isNull(); } @Test diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java index 51e89c29ce..704b3d514f 100644 --- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java +++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImplTests.java @@ -43,7 +43,7 @@ public class RemoteAuthenticationManagerImplTests { given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException("")); manager.setAuthenticationManager(am); assertThatExceptionOfType(RemoteAuthenticationException.class) - .isThrownBy(() -> manager.attemptAuthentication("rod", "password")); + .isThrownBy(() -> manager.attemptAuthentication("rod", "password")); } @Test diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java index 2cac2be22a..a3ec05cc73 100644 --- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java @@ -64,7 +64,7 @@ public class RemoteAuthenticationProviderTests { RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider(); provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(true)); Authentication result = provider - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("rod", "password")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("rod", "password")); assertThat(result.getPrincipal()).isEqualTo("rod"); assertThat(result.getCredentials()).isEqualTo("password"); assertThat(AuthorityUtils.authorityListToSet(result.getAuthorities())).contains("foo"); @@ -74,8 +74,8 @@ public class RemoteAuthenticationProviderTests { public void testNullCredentialsDoesNotCauseNullPointerException() { RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider(); provider.setRemoteAuthenticationManager(new MockRemoteAuthenticationManager(false)); - assertThatExceptionOfType(RemoteAuthenticationException.class).isThrownBy( - () -> provider.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("rod", null))); + assertThatExceptionOfType(RemoteAuthenticationException.class) + .isThrownBy(() -> provider.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("rod", null))); } @Test diff --git a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java index fc89bc3760..9e8f123445 100644 --- a/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java +++ b/core/src/test/java/org/springframework/security/authentication/rememberme/RememberMeAuthenticationTokenTests.java @@ -41,10 +41,10 @@ public class RememberMeAuthenticationTokenTests { @Test public void testConstructorRejectsNulls() { assertThatIllegalArgumentException() - .isThrownBy(() -> new RememberMeAuthenticationToken(null, "Test", ROLES_12)); + .isThrownBy(() -> new RememberMeAuthenticationToken(null, "Test", ROLES_12)); assertThatIllegalArgumentException().isThrownBy(() -> new RememberMeAuthenticationToken("key", null, ROLES_12)); - assertThatIllegalArgumentException().isThrownBy( - () -> new RememberMeAuthenticationToken("key", "Test", Arrays.asList((GrantedAuthority) null))); + assertThatIllegalArgumentException() + .isThrownBy(() -> new RememberMeAuthenticationToken("key", "Test", Arrays.asList((GrantedAuthority) null))); } @Test diff --git a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java index 4fc02e8efd..2af0d29e9d 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java @@ -41,7 +41,7 @@ public class AuthenticatedReactiveAuthorizationManagerTests { Authentication authentication; AuthenticatedReactiveAuthorizationManager manager = AuthenticatedReactiveAuthorizationManager - .authenticated(); + .authenticated(); @Test public void checkWhenAuthenticatedThenReturnTrue() { diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityAuthorizationManagerTests.java index 7d05d0d398..9ea1922881 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthorityAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthorityAuthorizationManagerTests.java @@ -41,7 +41,7 @@ public class AuthorityAuthorizationManagerTests { @Test public void hasRoleWhenNullThenException() { assertThatIllegalArgumentException().isThrownBy(() -> AuthorityAuthorizationManager.hasRole(null)) - .withMessage("role cannot be null"); + .withMessage("role cannot be null"); } @Test @@ -49,40 +49,40 @@ public class AuthorityAuthorizationManagerTests { String ROLE_PREFIX = "ROLE_"; String ROLE_USER = ROLE_PREFIX + "USER"; assertThatIllegalArgumentException().isThrownBy(() -> AuthorityAuthorizationManager.hasRole(ROLE_USER)) - .withMessage(ROLE_USER + " should not start with " + ROLE_PREFIX + " since " + ROLE_PREFIX - + " is automatically prepended when using hasRole. Consider using hasAuthority instead."); + .withMessage(ROLE_USER + " should not start with " + ROLE_PREFIX + " since " + ROLE_PREFIX + + " is automatically prepended when using hasRole. Consider using hasAuthority instead."); } @Test public void hasAuthorityWhenNullThenException() { assertThatIllegalArgumentException().isThrownBy(() -> AuthorityAuthorizationManager.hasAuthority(null)) - .withMessage("authority cannot be null"); + .withMessage("authority cannot be null"); } @Test public void hasAnyRoleWhenNullThenException() { assertThatIllegalArgumentException().isThrownBy(() -> AuthorityAuthorizationManager.hasAnyRole(null)) - .withMessage("roles cannot be empty"); + .withMessage("roles cannot be empty"); } @Test public void hasAnyRoleWhenEmptyThenException() { assertThatIllegalArgumentException().isThrownBy(() -> AuthorityAuthorizationManager.hasAnyRole(new String[] {})) - .withMessage("roles cannot be empty"); + .withMessage("roles cannot be empty"); } @Test public void hasAnyRoleWhenContainNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> AuthorityAuthorizationManager.hasAnyRole("ADMIN", null, "USER")) - .withMessage("roles cannot contain null values"); + .isThrownBy(() -> AuthorityAuthorizationManager.hasAnyRole("ADMIN", null, "USER")) + .withMessage("roles cannot contain null values"); } @Test public void hasAnyRoleWhenCustomRolePrefixNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> AuthorityAuthorizationManager.hasAnyRole(null, new String[] { "ADMIN", "USER" })) - .withMessage("rolePrefix cannot be null"); + .isThrownBy(() -> AuthorityAuthorizationManager.hasAnyRole(null, new String[] { "ADMIN", "USER" })) + .withMessage("rolePrefix cannot be null"); } @Test @@ -90,29 +90,29 @@ public class AuthorityAuthorizationManagerTests { String ROLE_PREFIX = "ROLE_"; String ROLE_USER = ROLE_PREFIX + "USER"; assertThatIllegalArgumentException() - .isThrownBy(() -> AuthorityAuthorizationManager.hasAnyRole(new String[] { ROLE_USER })) - .withMessage(ROLE_USER + " should not start with " + ROLE_PREFIX + " since " + ROLE_PREFIX - + " is automatically prepended when using hasAnyRole. Consider using hasAnyAuthority instead."); + .isThrownBy(() -> AuthorityAuthorizationManager.hasAnyRole(new String[] { ROLE_USER })) + .withMessage(ROLE_USER + " should not start with " + ROLE_PREFIX + " since " + ROLE_PREFIX + + " is automatically prepended when using hasAnyRole. Consider using hasAnyAuthority instead."); } @Test public void hasAnyAuthorityWhenNullThenException() { assertThatIllegalArgumentException().isThrownBy(() -> AuthorityAuthorizationManager.hasAnyAuthority(null)) - .withMessage("authorities cannot be empty"); + .withMessage("authorities cannot be empty"); } @Test public void hasAnyAuthorityWhenEmptyThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> AuthorityAuthorizationManager.hasAnyAuthority(new String[] {})) - .withMessage("authorities cannot be empty"); + .isThrownBy(() -> AuthorityAuthorizationManager.hasAnyAuthority(new String[] {})) + .withMessage("authorities cannot be empty"); } @Test public void hasAnyAuthorityWhenContainNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> AuthorityAuthorizationManager.hasAnyAuthority("ADMIN", null, "USER")) - .withMessage("authorities cannot contain null values"); + .isThrownBy(() -> AuthorityAuthorizationManager.hasAnyAuthority("ADMIN", null, "USER")) + .withMessage("authorities cannot contain null values"); } @Test @@ -237,7 +237,7 @@ public class AuthorityAuthorizationManagerTests { public void setRoleHierarchyWhenNullThenIllegalArgumentException() { AuthorityAuthorizationManager manager = AuthorityAuthorizationManager.hasRole("USER"); assertThatIllegalArgumentException().isThrownBy(() -> manager.setRoleHierarchy(null)) - .withMessage("roleHierarchy cannot be null"); + .withMessage("roleHierarchy cannot be null"); } @Test diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java index ac937cfbf6..9324f020fc 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java @@ -143,37 +143,37 @@ public class AuthorityReactiveAuthorizationManagerTests { @Test public void hasRoleWhenNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasRole((String) null)); + .isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasRole((String) null)); } @Test public void hasAuthorityWhenNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAuthority((String) null)); + .isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAuthority((String) null)); } @Test public void hasAnyRoleWhenNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAnyRole((String) null)); + .isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAnyRole((String) null)); } @Test public void hasAnyAuthorityWhenNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAnyAuthority((String) null)); + .isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAnyAuthority((String) null)); } @Test public void hasAnyRoleWhenOneIsNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAnyRole("ROLE_ADMIN", (String) null)); + .isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAnyRole("ROLE_ADMIN", (String) null)); } @Test public void hasAnyAuthorityWhenOneIsNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAnyAuthority("ADMIN", (String) null)); + .isThrownBy(() -> AuthorityReactiveAuthorizationManager.hasAnyAuthority("ADMIN", (String) null)); } } diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorizationManagerTests.java index 3ca3cd91f7..bf2e8c3626 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthorizationManagerTests.java @@ -59,7 +59,8 @@ public class AuthorizationManagerTests { Object object = new Object(); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> manager.verify(() -> authentication, object)).withMessage("Access Denied"); + .isThrownBy(() -> manager.verify(() -> authentication, object)) + .withMessage("Access Denied"); } } diff --git a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java index d37423ca23..3e9ce0d810 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java @@ -38,7 +38,7 @@ class AuthorizationAnnotationUtilsTests { (p, m, args) -> null); Method method = proxy.getClass().getDeclaredMethod("findAll"); assertThatNoException() - .isThrownBy(() -> AuthorizationAnnotationUtils.findUniqueAnnotation(method, PreAuthorize.class)); + .isThrownBy(() -> AuthorizationAnnotationUtils.findUniqueAnnotation(method, PreAuthorize.class)); } private interface BaseRepository { diff --git a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterMethodInterceptorTests.java index 5ac915e090..adbfb9d6e1 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterMethodInterceptorTests.java @@ -52,15 +52,15 @@ public class AuthorizationManagerAfterMethodInterceptorTests { public void instantiateWhenMethodMatcherNullThenException() { AuthorizationManager mockAuthorizationManager = mock(AuthorizationManager.class); assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthorizationManagerAfterMethodInterceptor(null, mockAuthorizationManager)) - .withMessage("pointcut cannot be null"); + .isThrownBy(() -> new AuthorizationManagerAfterMethodInterceptor(null, mockAuthorizationManager)) + .withMessage("pointcut cannot be null"); } @Test public void instantiateWhenAuthorizationManagerNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthorizationManagerAfterMethodInterceptor(mock(Pointcut.class), null)) - .withMessage("authorizationManager cannot be null"); + .isThrownBy(() -> new AuthorizationManagerAfterMethodInterceptor(mock(Pointcut.class), null)) + .withMessage("authorizationManager cannot be null"); } @Test @@ -83,7 +83,7 @@ public class AuthorizationManagerAfterMethodInterceptorTests { given(strategy.getContext()).willReturn(new SecurityContextImpl(authentication)); MethodInvocation invocation = mock(MethodInvocation.class); AuthorizationManager authorizationManager = AuthenticatedAuthorizationManager - .authenticated(); + .authenticated(); AuthorizationManagerAfterMethodInterceptor advice = new AuthorizationManagerAfterMethodInterceptor( Pointcut.TRUE, authorizationManager); advice.setSecurityContextHolderStrategy(strategy); @@ -96,7 +96,7 @@ public class AuthorizationManagerAfterMethodInterceptorTests { AuthorizationManagerAfterMethodInterceptor advice = new AuthorizationManagerAfterMethodInterceptor( Pointcut.TRUE, AuthenticatedAuthorizationManager.authenticated()); assertThatIllegalArgumentException().isThrownBy(() -> advice.setAuthorizationEventPublisher(null)) - .withMessage("eventPublisher cannot be null"); + .withMessage("eventPublisher cannot be null"); } @Test diff --git a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptorTests.java index 199941872e..572fd754f4 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptorTests.java @@ -47,16 +47,16 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests { @Test public void instantiateWhenPointcutNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthorizationManagerAfterReactiveMethodInterceptor(null, - mock(ReactiveAuthorizationManager.class))) - .withMessage("pointcut cannot be null"); + .isThrownBy(() -> new AuthorizationManagerAfterReactiveMethodInterceptor(null, + mock(ReactiveAuthorizationManager.class))) + .withMessage("pointcut cannot be null"); } @Test public void instantiateWhenAuthorizationManagerNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthorizationManagerAfterReactiveMethodInterceptor(mock(Pointcut.class), null)) - .withMessage("authorizationManager cannot be null"); + .isThrownBy(() -> new AuthorizationManagerAfterReactiveMethodInterceptor(mock(Pointcut.class), null)) + .withMessage("authorizationManager cannot be null"); } @Test @@ -70,8 +70,9 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests { AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); - assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)).extracting(Mono::block) - .isEqualTo("john"); + assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) + .extracting(Mono::block) + .isEqualTo("john"); verify(mockReactiveAuthorizationManager).verify(any(), any()); } @@ -86,8 +87,10 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests { AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); - assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Flux.class)).extracting(Flux::collectList) - .extracting(Mono::block, InstanceOfAssertFactories.list(String.class)).containsExactly("john", "bob"); + assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Flux.class)) + .extracting(Flux::collectList) + .extracting(Mono::block, InstanceOfAssertFactories.list(String.class)) + .containsExactly("john", "bob"); verify(mockReactiveAuthorizationManager, times(2)).verify(any(), any()); } @@ -99,13 +102,14 @@ public class AuthorizationManagerAfterReactiveMethodInterceptorTests { ReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( ReactiveAuthorizationManager.class); given(mockReactiveAuthorizationManager.verify(any(), any())) - .willReturn(Mono.error(new AccessDeniedException("Access Denied"))); + .willReturn(Mono.error(new AccessDeniedException("Access Denied"))); AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); - assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> assertThat(result) - .asInstanceOf(InstanceOfAssertFactories.type(Mono.class)).extracting(Mono::block)) - .withMessage("Access Denied"); + assertThatExceptionOfType(AccessDeniedException.class) + .isThrownBy(() -> assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) + .extracting(Mono::block)) + .withMessage("Access Denied"); verify(mockReactiveAuthorizationManager).verify(any(), any()); } diff --git a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptorTests.java index e2f87d206b..af922fc4e8 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptorTests.java @@ -51,16 +51,15 @@ public class AuthorizationManagerBeforeMethodInterceptorTests { @Test public void instantiateWhenMethodMatcherNullThenException() { assertThatIllegalArgumentException() - .isThrownBy( - () -> new AuthorizationManagerBeforeMethodInterceptor(null, mock(AuthorizationManager.class))) - .withMessage("pointcut cannot be null"); + .isThrownBy(() -> new AuthorizationManagerBeforeMethodInterceptor(null, mock(AuthorizationManager.class))) + .withMessage("pointcut cannot be null"); } @Test public void instantiateWhenAuthorizationManagerNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthorizationManagerBeforeMethodInterceptor(mock(Pointcut.class), null)) - .withMessage("authorizationManager cannot be null"); + .isThrownBy(() -> new AuthorizationManagerBeforeMethodInterceptor(mock(Pointcut.class), null)) + .withMessage("authorizationManager cannot be null"); } @Test @@ -93,7 +92,7 @@ public class AuthorizationManagerBeforeMethodInterceptorTests { AuthorizationManagerBeforeMethodInterceptor advice = new AuthorizationManagerBeforeMethodInterceptor( Pointcut.TRUE, AuthenticatedAuthorizationManager.authenticated()); assertThatIllegalArgumentException().isThrownBy(() -> advice.setAuthorizationEventPublisher(null)) - .withMessage("eventPublisher cannot be null"); + .withMessage("eventPublisher cannot be null"); } @Test diff --git a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptorTests.java index f63b331138..13f6f40575 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptorTests.java @@ -47,17 +47,17 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests { @Test public void instantiateWhenPointcutNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthorizationManagerBeforeReactiveMethodInterceptor(null, - mock(ReactiveAuthorizationManager.class))) - .withMessage("pointcut cannot be null"); + .isThrownBy(() -> new AuthorizationManagerBeforeReactiveMethodInterceptor(null, + mock(ReactiveAuthorizationManager.class))) + .withMessage("pointcut cannot be null"); } @Test public void instantiateWhenAuthorizationManagerNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthorizationManagerBeforeReactiveMethodInterceptor(mock(Pointcut.class), null)) - .withMessage("authorizationManager cannot be null"); + .isThrownBy(() -> new AuthorizationManagerBeforeReactiveMethodInterceptor(mock(Pointcut.class), null)) + .withMessage("authorizationManager cannot be null"); } @Test @@ -71,8 +71,9 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests { AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); - assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)).extracting(Mono::block) - .isEqualTo("john"); + assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) + .extracting(Mono::block) + .isEqualTo("john"); verify(mockReactiveAuthorizationManager).verify(any(), eq(mockMethodInvocation)); } @@ -87,8 +88,10 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests { AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); - assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Flux.class)).extracting(Flux::collectList) - .extracting(Mono::block, InstanceOfAssertFactories.list(String.class)).containsExactly("john", "bob"); + assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Flux.class)) + .extracting(Flux::collectList) + .extracting(Mono::block, InstanceOfAssertFactories.list(String.class)) + .containsExactly("john", "bob"); verify(mockReactiveAuthorizationManager).verify(any(), eq(mockMethodInvocation)); } @@ -100,13 +103,14 @@ public class AuthorizationManagerBeforeReactiveMethodInterceptorTests { ReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( ReactiveAuthorizationManager.class); given(mockReactiveAuthorizationManager.verify(any(), eq(mockMethodInvocation))) - .willReturn(Mono.error(new AccessDeniedException("Access Denied"))); + .willReturn(Mono.error(new AccessDeniedException("Access Denied"))); AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); - assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> assertThat(result) - .asInstanceOf(InstanceOfAssertFactories.type(Mono.class)).extracting(Mono::block)) - .withMessage("Access Denied"); + assertThatExceptionOfType(AccessDeniedException.class) + .isThrownBy(() -> assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) + .extracting(Mono::block)) + .withMessage("Access Denied"); verify(mockReactiveAuthorizationManager).verify(any(), eq(mockMethodInvocation)); } diff --git a/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java index 504effbab8..443851b5d7 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java @@ -54,7 +54,7 @@ public class Jsr250AuthorizationManagerTests { public void setRolePrefixWhenNullThenException() { Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); assertThatIllegalArgumentException().isThrownBy(() -> manager.setRolePrefix(null)) - .withMessage("rolePrefix cannot be null"); + .withMessage("rolePrefix cannot be null"); } @Test @@ -131,7 +131,7 @@ public class Jsr250AuthorizationManagerTests { "multipleAnnotations"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.check(authentication, methodInvocation)); } @Test @@ -177,7 +177,7 @@ public class Jsr250AuthorizationManagerTests { "inheritedAnnotations"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.check(authentication, methodInvocation)); } @Test @@ -187,7 +187,7 @@ public class Jsr250AuthorizationManagerTests { ClassLevelAnnotations.class, "inheritedAnnotations"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.check(authentication, methodInvocation)); } public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo { diff --git a/core/src/test/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManagerTests.java index 9c36f80387..be29c6f328 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManagerTests.java @@ -38,19 +38,19 @@ class MethodExpressionAuthorizationManagerTests { @Test void instantiateWhenExpressionStringNullThenIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> new MethodExpressionAuthorizationManager(null)) - .withMessage("expressionString cannot be empty"); + .withMessage("expressionString cannot be empty"); } @Test void instantiateWhenExpressionStringEmptyThenIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> new MethodExpressionAuthorizationManager("")) - .withMessage("expressionString cannot be empty"); + .withMessage("expressionString cannot be empty"); } @Test void instantiateWhenExpressionStringBlankThenIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> new MethodExpressionAuthorizationManager(" ")) - .withMessage("expressionString cannot be empty"); + .withMessage("expressionString cannot be empty"); } @Test @@ -63,7 +63,7 @@ class MethodExpressionAuthorizationManagerTests { void setExpressionHandlerWhenNullThenIllegalArgumentException() { MethodExpressionAuthorizationManager manager = new MethodExpressionAuthorizationManager("hasRole('ADMIN')"); assertThatIllegalArgumentException().isThrownBy(() -> manager.setExpressionHandler(null)) - .withMessage("expressionHandler cannot be null"); + .withMessage("expressionHandler cannot be null"); } @Test diff --git a/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java index 4954b00906..37383b40d5 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java @@ -58,7 +58,7 @@ public class PostAuthorizeAuthorizationManagerTests { public void setExpressionHandlerWhenNullThenException() { PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager(); assertThatIllegalArgumentException().isThrownBy(() -> manager.setExpressionHandler(null)) - .withMessage("expressionHandler cannot be null"); + .withMessage("expressionHandler cannot be null"); } @Test @@ -153,7 +153,7 @@ public class PostAuthorizeAuthorizationManagerTests { MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, result)); + .isThrownBy(() -> manager.check(authentication, result)); } @Test @@ -164,7 +164,7 @@ public class PostAuthorizeAuthorizationManagerTests { MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, result)); + .isThrownBy(() -> manager.check(authentication, result)); } public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo { diff --git a/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManagerTests.java index 61cec711ec..d9bb194251 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManagerTests.java @@ -56,7 +56,7 @@ public class PostAuthorizeReactiveAuthorizationManagerTests { @Test public void setExpressionHandlerWhenNullThenException() { assertThatIllegalArgumentException().isThrownBy(() -> new PostAuthorizeReactiveAuthorizationManager(null)) - .withMessage("expressionHandler cannot be null"); + .withMessage("expressionHandler cannot be null"); } @Test @@ -118,7 +118,7 @@ public class PostAuthorizeReactiveAuthorizationManagerTests { @Test public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence() throws Exception { Mono authentication = Mono - .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedAdmin"); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); @@ -135,7 +135,7 @@ public class PostAuthorizeReactiveAuthorizationManagerTests { @Test public void checkRequiresUserWhenClassAnnotationsThenApplies() throws Exception { Mono authentication = Mono - .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedUser"); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); @@ -152,25 +152,25 @@ public class PostAuthorizeReactiveAuthorizationManagerTests { @Test public void checkInheritedAnnotationsWhenDuplicatedThenAnnotationConfigurationException() throws Exception { Mono authentication = Mono - .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "inheritedAnnotations"); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, result)); + .isThrownBy(() -> manager.check(authentication, result)); } @Test public void checkInheritedAnnotationsWhenConflictingThenAnnotationConfigurationException() throws Exception { Mono authentication = Mono - .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "inheritedAnnotations"); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, result)); + .isThrownBy(() -> manager.check(authentication, result)); } public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo { diff --git a/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationMethodInterceptorTests.java index 4153144ff7..aad3db83ce 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationMethodInterceptorTests.java @@ -74,7 +74,7 @@ public class PostFilterAuthorizationMethodInterceptorTests { public void setExpressionHandlerWhenNullThenException() { PostFilterAuthorizationMethodInterceptor advice = new PostFilterAuthorizationMethodInterceptor(); assertThatIllegalArgumentException().isThrownBy(() -> advice.setExpressionHandler(null)) - .withMessage("expressionHandler cannot be null"); + .withMessage("expressionHandler cannot be null"); } @Test @@ -82,7 +82,7 @@ public class PostFilterAuthorizationMethodInterceptorTests { PostFilterAuthorizationMethodInterceptor advice = new PostFilterAuthorizationMethodInterceptor(); MethodMatcher methodMatcher = advice.getPointcut().getMethodMatcher(); assertThat(methodMatcher.matches(NoPostFilterClass.class.getMethod("doSomething"), NoPostFilterClass.class)) - .isFalse(); + .isFalse(); } @Test @@ -91,7 +91,7 @@ public class PostFilterAuthorizationMethodInterceptorTests { MethodMatcher methodMatcher = advice.getPointcut().getMethodMatcher(); assertThat( methodMatcher.matches(TestClass.class.getMethod("doSomethingArray", String[].class), TestClass.class)) - .isTrue(); + .isTrue(); } @Test @@ -115,7 +115,7 @@ public class PostFilterAuthorizationMethodInterceptorTests { "inheritedAnnotations"); PostFilterAuthorizationMethodInterceptor advice = new PostFilterAuthorizationMethodInterceptor(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> advice.invoke(methodInvocation)); + .isThrownBy(() -> advice.invoke(methodInvocation)); } @Test @@ -124,7 +124,7 @@ public class PostFilterAuthorizationMethodInterceptorTests { ConflictingAnnotations.class, "inheritedAnnotations"); PostFilterAuthorizationMethodInterceptor advice = new PostFilterAuthorizationMethodInterceptor(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> advice.invoke(methodInvocation)); + .isThrownBy(() -> advice.invoke(methodInvocation)); } @Test diff --git a/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptorTests.java index fdea2e7e23..0235b50464 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptorTests.java @@ -52,22 +52,24 @@ public class PostFilterAuthorizationReactiveMethodInterceptorTests { @Test public void setExpressionHandlerWhenNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new PostFilterAuthorizationReactiveMethodInterceptor(null)) - .withMessage("expressionHandler cannot be null"); + .isThrownBy(() -> new PostFilterAuthorizationReactiveMethodInterceptor(null)) + .withMessage("expressionHandler cannot be null"); } @Test public void methodMatcherWhenMethodHasNotPostFilterAnnotationThenNotMatches() throws Exception { PostFilterAuthorizationReactiveMethodInterceptor interceptor = new PostFilterAuthorizationReactiveMethodInterceptor(); - assertThat(interceptor.getPointcut().getMethodMatcher() - .matches(NoPostFilterClass.class.getMethod("doSomething"), NoPostFilterClass.class)).isFalse(); + assertThat(interceptor.getPointcut() + .getMethodMatcher() + .matches(NoPostFilterClass.class.getMethod("doSomething"), NoPostFilterClass.class)).isFalse(); } @Test public void methodMatcherWhenMethodHasPostFilterAnnotationThenMatches() throws Exception { PostFilterAuthorizationReactiveMethodInterceptor interceptor = new PostFilterAuthorizationReactiveMethodInterceptor(); - assertThat(interceptor.getPointcut().getMethodMatcher() - .matches(TestClass.class.getMethod("doSomethingFlux", Flux.class), TestClass.class)).isTrue(); + assertThat(interceptor.getPointcut() + .getMethodMatcher() + .matches(TestClass.class.getMethod("doSomethingFlux", Flux.class), TestClass.class)).isTrue(); } @Test @@ -97,8 +99,10 @@ public class PostFilterAuthorizationReactiveMethodInterceptorTests { }; PostFilterAuthorizationReactiveMethodInterceptor interceptor = new PostFilterAuthorizationReactiveMethodInterceptor(); Object result = interceptor.invoke(methodInvocation); - assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Flux.class)).extracting(Flux::collectList) - .extracting(Mono::block, InstanceOfAssertFactories.list(String.class)).containsOnly("john"); + assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Flux.class)) + .extracting(Flux::collectList) + .extracting(Mono::block, InstanceOfAssertFactories.list(String.class)) + .containsOnly("john"); } @Test @@ -107,7 +111,7 @@ public class PostFilterAuthorizationReactiveMethodInterceptorTests { "inheritedAnnotations"); PostFilterAuthorizationReactiveMethodInterceptor interceptor = new PostFilterAuthorizationReactiveMethodInterceptor(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> interceptor.invoke(methodInvocation)); + .isThrownBy(() -> interceptor.invoke(methodInvocation)); } @Test @@ -116,7 +120,7 @@ public class PostFilterAuthorizationReactiveMethodInterceptorTests { ConflictingAnnotations.class, "inheritedAnnotations"); PostFilterAuthorizationReactiveMethodInterceptor interceptor = new PostFilterAuthorizationReactiveMethodInterceptor(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> interceptor.invoke(methodInvocation)); + .isThrownBy(() -> interceptor.invoke(methodInvocation)); } @PostFilter("filterObject == 'john'") diff --git a/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManagerTests.java index d85e85ac9d..cb43868dbf 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManagerTests.java @@ -56,7 +56,7 @@ public class PreAuthorizeAuthorizationManagerTests { public void setExpressionHandlerWhenNullThenException() { PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager(); assertThatIllegalArgumentException().isThrownBy(() -> manager.setExpressionHandler(null)) - .withMessage("expressionHandler cannot be null"); + .withMessage("expressionHandler cannot be null"); } @Test @@ -121,7 +121,7 @@ public class PreAuthorizeAuthorizationManagerTests { "inheritedAnnotations"); PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.check(authentication, methodInvocation)); } @Test @@ -131,7 +131,7 @@ public class PreAuthorizeAuthorizationManagerTests { ClassLevelAnnotations.class, "inheritedAnnotations"); PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.check(authentication, methodInvocation)); } @Test diff --git a/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManagerTests.java index b5273d42b7..fa9d75a527 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManagerTests.java @@ -53,7 +53,7 @@ public class PreAuthorizeReactiveAuthorizationManagerTests { @Test public void setExpressionHandlerWhenNullThenException() { assertThatIllegalArgumentException().isThrownBy(() -> new PreAuthorizeReactiveAuthorizationManager(null)) - .withMessage("expressionHandler cannot be null"); + .withMessage("expressionHandler cannot be null"); } @Test @@ -62,7 +62,8 @@ public class PreAuthorizeReactiveAuthorizationManagerTests { "doSomething", new Class[] {}, new Object[] {}); PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager(); AuthorizationDecision decision = manager - .check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation).block(); + .check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation) + .block(); assertThat(decision).isNull(); } @@ -72,7 +73,8 @@ public class PreAuthorizeReactiveAuthorizationManagerTests { "doSomethingString", new Class[] { String.class }, new Object[] { "grant" }); PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager(); AuthorizationDecision decision = manager - .check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation).block(); + .check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation) + .block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -83,7 +85,8 @@ public class PreAuthorizeReactiveAuthorizationManagerTests { "doSomethingString", new Class[] { String.class }, new Object[] { "deny" }); PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager(); AuthorizationDecision decision = manager - .check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation).block(); + .check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation) + .block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -91,7 +94,7 @@ public class PreAuthorizeReactiveAuthorizationManagerTests { @Test public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence() throws Exception { Mono authentication = Mono - .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedAdmin"); PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager(); @@ -107,7 +110,7 @@ public class PreAuthorizeReactiveAuthorizationManagerTests { @Test public void checkRequiresUserWhenClassAnnotationsThenApplies() throws Exception { Mono authentication = Mono - .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedUser"); PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager(); @@ -123,23 +126,23 @@ public class PreAuthorizeReactiveAuthorizationManagerTests { @Test public void checkInheritedAnnotationsWhenDuplicatedThenAnnotationConfigurationException() throws Exception { Mono authentication = Mono - .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "inheritedAnnotations"); PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.check(authentication, methodInvocation)); } @Test public void checkInheritedAnnotationsWhenConflictingThenAnnotationConfigurationException() throws Exception { Mono authentication = Mono - .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .just(new TestingAuthenticationToken("user", "password", "ROLE_USER")); MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "inheritedAnnotations"); PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.check(authentication, methodInvocation)); } public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo { diff --git a/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptorTests.java index f215a99a72..6d51063544 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptorTests.java @@ -76,7 +76,7 @@ public class PreFilterAuthorizationMethodInterceptorTests { public void setExpressionHandlerWhenNullThenException() { PreFilterAuthorizationMethodInterceptor advice = new PreFilterAuthorizationMethodInterceptor(); assertThatIllegalArgumentException().isThrownBy(() -> advice.setExpressionHandler(null)) - .withMessage("expressionHandler cannot be null"); + .withMessage("expressionHandler cannot be null"); } @Test @@ -84,7 +84,7 @@ public class PreFilterAuthorizationMethodInterceptorTests { PreFilterAuthorizationMethodInterceptor advice = new PreFilterAuthorizationMethodInterceptor(); MethodMatcher methodMatcher = advice.getPointcut().getMethodMatcher(); assertThat(methodMatcher.matches(NoPreFilterClass.class.getMethod("doSomething"), NoPreFilterClass.class)) - .isFalse(); + .isFalse(); } @Test @@ -92,7 +92,8 @@ public class PreFilterAuthorizationMethodInterceptorTests { PreFilterAuthorizationMethodInterceptor advice = new PreFilterAuthorizationMethodInterceptor(); MethodMatcher methodMatcher = advice.getPointcut().getMethodMatcher(); assertThat(methodMatcher.matches(TestClass.class.getMethod("doSomethingListFilterTargetMatch", List.class), - TestClass.class)).isTrue(); + TestClass.class)) + .isTrue(); } @Test @@ -100,8 +101,8 @@ public class PreFilterAuthorizationMethodInterceptorTests { MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingListFilterTargetNotMatch", new Class[] { List.class }, new Object[] { new ArrayList<>() }); PreFilterAuthorizationMethodInterceptor advice = new PreFilterAuthorizationMethodInterceptor(); - assertThatIllegalArgumentException().isThrownBy(() -> advice.invoke(methodInvocation)).withMessage( - "Filter target was null, or no argument with name 'filterTargetNotMatch' found in method."); + assertThatIllegalArgumentException().isThrownBy(() -> advice.invoke(methodInvocation)) + .withMessage("Filter target was null, or no argument with name 'filterTargetNotMatch' found in method."); } @Test @@ -110,7 +111,7 @@ public class PreFilterAuthorizationMethodInterceptorTests { "doSomethingListFilterTargetMatch", new Class[] { List.class }, new Object[] { null }); PreFilterAuthorizationMethodInterceptor advice = new PreFilterAuthorizationMethodInterceptor(); assertThatIllegalArgumentException().isThrownBy(() -> advice.invoke(methodInvocation)) - .withMessage("Filter target was null, or no argument with name 'list' found in method."); + .withMessage("Filter target was null, or no argument with name 'list' found in method."); } @Test @@ -132,7 +133,7 @@ public class PreFilterAuthorizationMethodInterceptorTests { "doSomethingListFilterTargetNotProvided", new Class[] { List.class }, new Object[] { null }); PreFilterAuthorizationMethodInterceptor advice = new PreFilterAuthorizationMethodInterceptor(); assertThatIllegalArgumentException().isThrownBy(() -> advice.invoke(methodInvocation)) - .withMessage("Filter target was null. Make sure you passing the correct value in the method argument."); + .withMessage("Filter target was null. Make sure you passing the correct value in the method argument."); } @Test @@ -154,8 +155,8 @@ public class PreFilterAuthorizationMethodInterceptorTests { "doSomethingArrayFilterTargetNotProvided", new Class[] { String[].class }, new Object[] { new String[] {} }); PreFilterAuthorizationMethodInterceptor advice = new PreFilterAuthorizationMethodInterceptor(); - assertThatIllegalStateException().isThrownBy(() -> advice.invoke(methodInvocation)).withMessage( - "Pre-filtering on array types is not supported. Using a Collection will solve this problem."); + assertThatIllegalStateException().isThrownBy(() -> advice.invoke(methodInvocation)) + .withMessage("Pre-filtering on array types is not supported. Using a Collection will solve this problem."); } @Test @@ -165,7 +166,7 @@ public class PreFilterAuthorizationMethodInterceptorTests { new Object[] { "", new ArrayList<>() }); PreFilterAuthorizationMethodInterceptor advice = new PreFilterAuthorizationMethodInterceptor(); assertThatIllegalStateException().isThrownBy(() -> advice.invoke(methodInvocation)) - .withMessage("Unable to determine the method argument for filtering. Specify the filter target."); + .withMessage("Unable to determine the method argument for filtering. Specify the filter target."); } @Test @@ -174,7 +175,7 @@ public class PreFilterAuthorizationMethodInterceptorTests { "inheritedAnnotations"); PreFilterAuthorizationMethodInterceptor advice = new PreFilterAuthorizationMethodInterceptor(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> advice.invoke(methodInvocation)); + .isThrownBy(() -> advice.invoke(methodInvocation)); } @Test @@ -183,7 +184,7 @@ public class PreFilterAuthorizationMethodInterceptorTests { ConflictingAnnotations.class, "inheritedAnnotations"); PreFilterAuthorizationMethodInterceptor advice = new PreFilterAuthorizationMethodInterceptor(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> advice.invoke(methodInvocation)); + .isThrownBy(() -> advice.invoke(methodInvocation)); } @Test diff --git a/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptorTests.java index 913018842b..f37e5f83a1 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptorTests.java @@ -54,7 +54,7 @@ public class PreFilterAuthorizationReactiveMethodInterceptorTests { @Test public void setExpressionHandlerWhenNullThenException() { assertThatIllegalArgumentException().isThrownBy(() -> new PreFilterAuthorizationReactiveMethodInterceptor(null)) - .withMessage("expressionHandler cannot be null"); + .withMessage("expressionHandler cannot be null"); } @Test @@ -69,22 +69,24 @@ public class PreFilterAuthorizationReactiveMethodInterceptorTests { public void setParameterNameDiscovererWhenNullThenException() { PreFilterAuthorizationReactiveMethodInterceptor interceptor = new PreFilterAuthorizationReactiveMethodInterceptor(); assertThatIllegalArgumentException().isThrownBy(() -> interceptor.setParameterNameDiscoverer(null)) - .withMessage("parameterNameDiscoverer cannot be null"); + .withMessage("parameterNameDiscoverer cannot be null"); } @Test public void methodMatcherWhenMethodHasNotPreFilterAnnotationThenNotMatches() throws Exception { PreFilterAuthorizationReactiveMethodInterceptor interceptor = new PreFilterAuthorizationReactiveMethodInterceptor(); - assertThat(interceptor.getPointcut().getMethodMatcher().matches(NoPreFilterClass.class.getMethod("doSomething"), - NoPreFilterClass.class)).isFalse(); + assertThat(interceptor.getPointcut() + .getMethodMatcher() + .matches(NoPreFilterClass.class.getMethod("doSomething"), NoPreFilterClass.class)).isFalse(); } @Test public void methodMatcherWhenMethodHasPreFilterAnnotationThenMatches() throws Exception { PreFilterAuthorizationReactiveMethodInterceptor interceptor = new PreFilterAuthorizationReactiveMethodInterceptor(); - assertThat(interceptor.getPointcut().getMethodMatcher() - .matches(TestClass.class.getMethod("doSomethingFluxFilterTargetMatch", Flux.class), TestClass.class)) - .isTrue(); + assertThat(interceptor.getPointcut() + .getMethodMatcher() + .matches(TestClass.class.getMethod("doSomethingFluxFilterTargetMatch", Flux.class), TestClass.class)) + .isTrue(); } @Test @@ -92,8 +94,8 @@ public class PreFilterAuthorizationReactiveMethodInterceptorTests { MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingFluxFilterTargetNotMatch", new Class[] { Flux.class }, new Object[] { Flux.empty() }); PreFilterAuthorizationReactiveMethodInterceptor interceptor = new PreFilterAuthorizationReactiveMethodInterceptor(); - assertThatIllegalArgumentException().isThrownBy(() -> interceptor.invoke(methodInvocation)).withMessage( - "Filter target was null, or no argument with name 'filterTargetNotMatch' found in method."); + assertThatIllegalArgumentException().isThrownBy(() -> interceptor.invoke(methodInvocation)) + .withMessage("Filter target was null, or no argument with name 'filterTargetNotMatch' found in method."); } @Test @@ -102,7 +104,7 @@ public class PreFilterAuthorizationReactiveMethodInterceptorTests { "doSomethingFluxFilterTargetMatch", new Class[] { Flux.class }, new Object[] { null }); PreFilterAuthorizationReactiveMethodInterceptor interceptor = new PreFilterAuthorizationReactiveMethodInterceptor(); assertThatIllegalArgumentException().isThrownBy(() -> interceptor.invoke(methodInvocation)) - .withMessage("Filter target was null, or no argument with name 'flux' found in method."); + .withMessage("Filter target was null, or no argument with name 'flux' found in method."); } @Test @@ -132,8 +134,10 @@ public class PreFilterAuthorizationReactiveMethodInterceptorTests { }; PreFilterAuthorizationReactiveMethodInterceptor interceptor = new PreFilterAuthorizationReactiveMethodInterceptor(); Object result = interceptor.invoke(methodInvocation); - assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Flux.class)).extracting(Flux::collectList) - .extracting(Mono::block, InstanceOfAssertFactories.list(String.class)).containsOnly("john"); + assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Flux.class)) + .extracting(Flux::collectList) + .extracting(Mono::block, InstanceOfAssertFactories.list(String.class)) + .containsOnly("john"); } @Test @@ -142,7 +146,7 @@ public class PreFilterAuthorizationReactiveMethodInterceptorTests { "inheritedAnnotations"); PreFilterAuthorizationReactiveMethodInterceptor interceptor = new PreFilterAuthorizationReactiveMethodInterceptor(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> interceptor.invoke(methodInvocation)); + .isThrownBy(() -> interceptor.invoke(methodInvocation)); } @Test @@ -151,7 +155,7 @@ public class PreFilterAuthorizationReactiveMethodInterceptorTests { ConflictingAnnotations.class, "inheritedAnnotations"); PreFilterAuthorizationReactiveMethodInterceptor interceptor = new PreFilterAuthorizationReactiveMethodInterceptor(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> interceptor.invoke(methodInvocation)); + .isThrownBy(() -> interceptor.invoke(methodInvocation)); } @PreFilter("filterObject == 'john'") diff --git a/core/src/test/java/org/springframework/security/authorization/method/SecuredAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/SecuredAuthorizationManagerTests.java index f546d8cb03..f4049be87f 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/SecuredAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/SecuredAuthorizationManagerTests.java @@ -115,7 +115,7 @@ public class SecuredAuthorizationManagerTests { "inheritedAnnotations"); SecuredAuthorizationManager manager = new SecuredAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.check(authentication, methodInvocation)); } @Test @@ -125,7 +125,7 @@ public class SecuredAuthorizationManagerTests { ClassLevelAnnotations.class, "inheritedAnnotations"); SecuredAuthorizationManager manager = new SecuredAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.check(authentication, methodInvocation)); } @Test diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java index 827e1b40df..74829b8494 100644 --- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java +++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextScheduledExecutorServiceTests.java @@ -54,7 +54,7 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT @SuppressWarnings("unchecked") public void scheduleRunnable() { given((ScheduledFuture) this.delegate.schedule(this.wrappedRunnable, 1, TimeUnit.SECONDS)) - .willReturn(this.expectedResult); + .willReturn(this.expectedResult); ScheduledFuture result = this.executor.schedule(this.runnable, 1, TimeUnit.SECONDS); assertThatObject(result).isEqualTo(this.expectedResult); verify(this.delegate).schedule(this.wrappedRunnable, 1, TimeUnit.SECONDS); @@ -72,7 +72,7 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT @SuppressWarnings("unchecked") public void scheduleAtFixedRate() { given((ScheduledFuture) this.delegate.scheduleAtFixedRate(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS)) - .willReturn(this.expectedResult); + .willReturn(this.expectedResult); ScheduledFuture result = this.executor.scheduleAtFixedRate(this.runnable, 1, 2, TimeUnit.SECONDS); assertThatObject(result).isEqualTo(this.expectedResult); verify(this.delegate).scheduleAtFixedRate(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS); @@ -82,7 +82,8 @@ public abstract class AbstractDelegatingSecurityContextScheduledExecutorServiceT @SuppressWarnings("unchecked") public void scheduleWithFixedDelay() { given((ScheduledFuture) this.delegate.scheduleWithFixedDelay(this.wrappedRunnable, 1, 2, - TimeUnit.SECONDS)).willReturn(this.expectedResult); + TimeUnit.SECONDS)) + .willReturn(this.expectedResult); ScheduledFuture result = this.executor.scheduleWithFixedDelay(this.runnable, 1, 2, TimeUnit.SECONDS); assertThatObject(result).isEqualTo(this.expectedResult); verify(this.delegate).scheduleWithFixedDelay(this.wrappedRunnable, 1, 2, TimeUnit.SECONDS); diff --git a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java index 9012c26e5f..340586ff70 100644 --- a/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java +++ b/core/src/test/java/org/springframework/security/concurrent/AbstractDelegatingSecurityContextTestSupport.java @@ -73,19 +73,23 @@ public abstract class AbstractDelegatingSecurityContextTestSupport { protected MockedStatic delegatingSecurityContextRunnable; public final void explicitSecurityContextSetup() throws Exception { - this.delegatingSecurityContextCallable.when(() -> DelegatingSecurityContextCallable.create(eq(this.callable), - this.securityContextCaptor.capture(), any())).thenReturn(this.wrappedCallable); - this.delegatingSecurityContextRunnable.when(() -> DelegatingSecurityContextRunnable.create(eq(this.runnable), - this.securityContextCaptor.capture(), any())).thenReturn(this.wrappedRunnable); + this.delegatingSecurityContextCallable + .when(() -> DelegatingSecurityContextCallable.create(eq(this.callable), + this.securityContextCaptor.capture(), any())) + .thenReturn(this.wrappedCallable); + this.delegatingSecurityContextRunnable + .when(() -> DelegatingSecurityContextRunnable.create(eq(this.runnable), + this.securityContextCaptor.capture(), any())) + .thenReturn(this.wrappedRunnable); } public final void currentSecurityContextSetup() throws Exception { this.delegatingSecurityContextCallable - .when(() -> DelegatingSecurityContextCallable.create(eq(this.callable), isNull(), any())) - .thenReturn(this.wrappedCallable); + .when(() -> DelegatingSecurityContextCallable.create(eq(this.callable), isNull(), any())) + .thenReturn(this.wrappedCallable); this.delegatingSecurityContextRunnable - .when(() -> DelegatingSecurityContextRunnable.create(eq(this.runnable), isNull(), any())) - .thenReturn(this.wrappedRunnable); + .when(() -> DelegatingSecurityContextRunnable.create(eq(this.runnable), isNull(), any())) + .thenReturn(this.wrappedRunnable); } @BeforeEach diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java index 08ceac3c7d..b04e3b3bbd 100644 --- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java +++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextCallableTests.java @@ -81,7 +81,7 @@ public class DelegatingSecurityContextCallableTests { @Override public Object answer(InvocationOnMock invocation) throws Throwable { assertThat(strategy.getContext()) - .isEqualTo(DelegatingSecurityContextCallableTests.this.securityContext); + .isEqualTo(DelegatingSecurityContextCallableTests.this.securityContext); return super.answer(invocation); } }); @@ -100,7 +100,7 @@ public class DelegatingSecurityContextCallableTests { @Test public void constructorNullDelegateNonNullSecurityContext() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingSecurityContextCallable<>(null, this.securityContext)); + .isThrownBy(() -> new DelegatingSecurityContextCallable<>(null, this.securityContext)); } @Test @@ -111,7 +111,7 @@ public class DelegatingSecurityContextCallableTests { @Test public void constructorNullSecurityContext() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingSecurityContextCallable<>(this.delegate, null)); + .isThrownBy(() -> new DelegatingSecurityContextCallable<>(this.delegate, null)); } @Test @@ -158,7 +158,7 @@ public class DelegatingSecurityContextCallableTests { @Test public void createNullDelegate() { assertThatIllegalArgumentException() - .isThrownBy(() -> DelegatingSecurityContextCallable.create(null, this.securityContext)); + .isThrownBy(() -> DelegatingSecurityContextCallable.create(null, this.securityContext)); } @Test diff --git a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java index 458a46e105..804cd7b420 100644 --- a/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java +++ b/core/src/test/java/org/springframework/security/concurrent/DelegatingSecurityContextRunnableTests.java @@ -97,7 +97,7 @@ public class DelegatingSecurityContextRunnableTests { @Test public void constructorNullDelegateNonNullSecurityContext() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingSecurityContextRunnable(null, this.securityContext)); + .isThrownBy(() -> new DelegatingSecurityContextRunnable(null, this.securityContext)); } @Test @@ -108,7 +108,7 @@ public class DelegatingSecurityContextRunnableTests { @Test public void constructorNullSecurityContext() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingSecurityContextRunnable(this.delegate, null)); + .isThrownBy(() -> new DelegatingSecurityContextRunnable(this.delegate, null)); } @Test @@ -156,7 +156,7 @@ public class DelegatingSecurityContextRunnableTests { @Test public void createNullDelegate() { assertThatIllegalArgumentException() - .isThrownBy(() -> DelegatingSecurityContextRunnable.create(null, this.securityContext)); + .isThrownBy(() -> DelegatingSecurityContextRunnable.create(null, this.securityContext)); } @Test diff --git a/core/src/test/java/org/springframework/security/core/JavaVersionTests.java b/core/src/test/java/org/springframework/security/core/JavaVersionTests.java index 80a8e2ef38..5df877e4f1 100644 --- a/core/src/test/java/org/springframework/security/core/JavaVersionTests.java +++ b/core/src/test/java/org/springframework/security/core/JavaVersionTests.java @@ -38,8 +38,9 @@ public class JavaVersionTests { private void assertClassVersion(Class clazz) throws Exception { String classResourceName = clazz.getName().replaceAll("\\.", "/") + ".class"; - try (InputStream input = Thread.currentThread().getContextClassLoader() - .getResourceAsStream(classResourceName)) { + try (InputStream input = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(classResourceName)) { DataInputStream data = new DataInputStream(input); data.readInt(); data.readShort(); // minor diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java index 1051ceb142..3235e4c1b5 100644 --- a/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java +++ b/core/src/test/java/org/springframework/security/core/SpringSecurityMessageSourceTests.java @@ -33,8 +33,8 @@ public class SpringSecurityMessageSourceTests { @Test public void testOperation() { SpringSecurityMessageSource msgs = new SpringSecurityMessageSource(); - assertThat("\u4E0D\u5141\u8BB8\u8BBF\u95EE").isEqualTo( - msgs.getMessage("AbstractAccessDecisionManager.accessDenied", null, Locale.SIMPLIFIED_CHINESE)); + assertThat("\u4E0D\u5141\u8BB8\u8BBF\u95EE") + .isEqualTo(msgs.getMessage("AbstractAccessDecisionManager.accessDenied", null, Locale.SIMPLIFIED_CHINESE)); } @Test @@ -59,7 +59,7 @@ public class SpringSecurityMessageSourceTests { LocaleContextHolder.setLocale(Locale.US); MessageSourceAccessor msgs = SpringSecurityMessageSource.getAccessor(); assertThat("Access is denied") - .isEqualTo(msgs.getMessage("AbstractAccessDecisionManager.accessDenied", "Ooops")); + .isEqualTo(msgs.getMessage("AbstractAccessDecisionManager.accessDenied", "Ooops")); // Revert to original Locale Locale.setDefault(beforeSystem); LocaleContextHolder.setLocale(beforeHolder); diff --git a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java index 38a4a0a19b..a1813cfcd6 100644 --- a/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java +++ b/core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java @@ -33,7 +33,7 @@ public class AuthorityUtilsTests { @Test public void commaSeparatedStringIsParsedCorrectly() { List authorityArray = AuthorityUtils - .commaSeparatedStringToAuthorityList(" ROLE_A, B, C, ROLE_D\n,\n E "); + .commaSeparatedStringToAuthorityList(" ROLE_A, B, C, ROLE_D\n,\n E "); Set authorities = AuthorityUtils.authorityListToSet(authorityArray); assertThat(authorities.contains("B")).isTrue(); assertThat(authorities.contains("C")).isTrue(); diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java index 75ceeb7379..7243467d54 100644 --- a/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java +++ b/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTests.java @@ -46,7 +46,7 @@ public class MapBasedAttributes2GrantedAuthoritiesMapperTests { public void testAfterPropertiesSetEmptyMap() throws Exception { MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); assertThatIllegalArgumentException() - .isThrownBy(() -> mapper.setAttributes2grantedAuthoritiesMap(new HashMap())); + .isThrownBy(() -> mapper.setAttributes2grantedAuthoritiesMap(new HashMap())); } @Test @@ -206,8 +206,8 @@ public class MapBasedAttributes2GrantedAuthoritiesMapperTests { } Collection expectedColl = Arrays.asList(expectedGas); assertThat(resultColl.containsAll(expectedColl)) - .withFailMessage("Role collections should match; result: " + resultColl + ", expected: " + expectedColl) - .isTrue(); + .withFailMessage("Role collections should match; result: " + resultColl + ", expected: " + expectedColl) + .isTrue(); } } diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java index 618acbe3d8..20dd15bd10 100644 --- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java +++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleAuthoritiesMapperTests.java @@ -44,7 +44,7 @@ public class SimpleAuthoritiesMapperTests { public void defaultPrefixIsCorrectlyApplied() { SimpleAuthorityMapper mapper = new SimpleAuthorityMapper(); Set mapped = AuthorityUtils - .authorityListToSet(mapper.mapAuthorities(AuthorityUtils.createAuthorityList("AaA", "ROLE_bbb"))); + .authorityListToSet(mapper.mapAuthorities(AuthorityUtils.createAuthorityList("AaA", "ROLE_bbb"))); assertThat(mapped.contains("ROLE_AaA")).isTrue(); assertThat(mapped.contains("ROLE_bbb")).isTrue(); } @@ -76,7 +76,7 @@ public class SimpleAuthoritiesMapperTests { SimpleAuthorityMapper mapper = new SimpleAuthorityMapper(); mapper.setConvertToUpperCase(true); Set mapped = AuthorityUtils - .authorityListToSet(mapper.mapAuthorities(AuthorityUtils.createAuthorityList("AaA", "AAA"))); + .authorityListToSet(mapper.mapAuthorities(AuthorityUtils.createAuthorityList("AaA", "AAA"))); assertThat(mapped).hasSize(1); } diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java index 547b49e923..368b5a4733 100644 --- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java +++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleMappableRolesRetrieverTests.java @@ -37,7 +37,8 @@ public class SimpleMappableRolesRetrieverTests { r.setMappableAttributes(roles); Set result = r.getMappableAttributes(); assertThat(roles.containsAll(result) && result.containsAll(roles)) - .withFailMessage("Role collections do not match; result: " + result + ", expected: " + roles).isTrue(); + .withFailMessage("Role collections do not match; result: " + result + ", expected: " + roles) + .isTrue(); } } diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java index 43520ed21a..fdcae00c7e 100644 --- a/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java +++ b/core/src/test/java/org/springframework/security/core/authority/mapping/SimpleRoles2GrantedAuthoritiesMapperTests.java @@ -125,8 +125,8 @@ public class SimpleRoles2GrantedAuthoritiesMapperTests { } Collection expectedColl = Arrays.asList(expectedGas); assertThat(expectedColl.containsAll(resultColl) && resultColl.containsAll(expectedColl)) - .withFailMessage("Role collections do not match; result: " + resultColl + ", expected: " + expectedColl) - .isTrue(); + .withFailMessage("Role collections do not match; result: " + resultColl + ", expected: " + expectedColl) + .isTrue(); } private SimpleAttributes2GrantedAuthoritiesMapper getDefaultMapper() { diff --git a/core/src/test/java/org/springframework/security/core/context/ListeningSecurityContextHolderStrategyTests.java b/core/src/test/java/org/springframework/security/core/context/ListeningSecurityContextHolderStrategyTests.java index a8bb5a06b2..9cc460631f 100644 --- a/core/src/test/java/org/springframework/security/core/context/ListeningSecurityContextHolderStrategyTests.java +++ b/core/src/test/java/org/springframework/security/core/context/ListeningSecurityContextHolderStrategyTests.java @@ -129,9 +129,9 @@ public class ListeningSecurityContextHolderStrategyTests { @Test public void constructorWhenNullListenerThenIllegalArgument() { - assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy( - () -> new ListeningSecurityContextHolderStrategy(new ThreadLocalSecurityContextHolderStrategy(), - (SecurityContextChangedListener) null)); + assertThatExceptionOfType(IllegalArgumentException.class) + .isThrownBy(() -> new ListeningSecurityContextHolderStrategy(new ThreadLocalSecurityContextHolderStrategy(), + (SecurityContextChangedListener) null)); } } diff --git a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java index 178bcb081d..b68a9f4691 100644 --- a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java +++ b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java @@ -43,8 +43,8 @@ public class ReactiveSecurityContextHolderTests { SecurityContext expectedContext = new SecurityContextImpl( new TestingAuthenticationToken("user", "password", "ROLE_USER")); Mono context = Mono.subscriberContext() - .flatMap((c) -> ReactiveSecurityContextHolder.getContext()) - .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext))); + .flatMap((c) -> ReactiveSecurityContextHolder.getContext()) + .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext))); // @formatter:off StepVerifier.create(context) .expectNext(expectedContext) diff --git a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java index f16b7243b1..809467487b 100644 --- a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java +++ b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java @@ -36,49 +36,49 @@ public class AnnotationParameterNameDiscovererTests { @Test public void getParameterNamesInterfaceSingleParam() { assertThat(this.discoverer - .getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class))) - .isEqualTo(new String[] { "to" }); + .getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class))) + .isEqualTo(new String[] { "to" }); } @Test public void getParameterNamesInterfaceSingleParamAnnotatedWithMultiParams() { assertThat(this.discoverer.getParameterNames( ReflectionUtils.findMethod(Dao.class, "findMessageByToAndFrom", String.class, String.class))) - .isEqualTo(new String[] { "to", null }); + .isEqualTo(new String[] { "to", null }); } @Test public void getParameterNamesInterfaceNoAnnotation() { assertThat(this.discoverer - .getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByIdNoAnnotation", String.class))) - .isNull(); + .getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByIdNoAnnotation", String.class))) + .isNull(); } @Test public void getParameterNamesClassSingleParam() { assertThat(this.discoverer - .getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class))) - .isEqualTo(new String[] { "to" }); + .getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class))) + .isEqualTo(new String[] { "to" }); } @Test public void getParameterNamesClassSingleParamAnnotatedWithMultiParams() { assertThat(this.discoverer.getParameterNames( ReflectionUtils.findMethod(Dao.class, "findMessageByToAndFrom", String.class, String.class))) - .isEqualTo(new String[] { "to", null }); + .isEqualTo(new String[] { "to", null }); } @Test public void getParameterNamesClassNoAnnotation() { assertThat(this.discoverer - .getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByIdNoAnnotation", String.class))) - .isNull(); + .getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByIdNoAnnotation", String.class))) + .isNull(); } @Test public void getParameterNamesConstructor() throws Exception { assertThat(this.discoverer.getParameterNames(Impl.class.getDeclaredConstructor(String.class))) - .isEqualTo(new String[] { "id" }); + .isEqualTo(new String[] { "id" }); } @Test @@ -89,31 +89,31 @@ public class AnnotationParameterNameDiscovererTests { @Test public void getParameterNamesClassAnnotationOnInterface() { assertThat(this.discoverer - .getParameterNames(ReflectionUtils.findMethod(DaoImpl.class, "findMessageByTo", String.class))) - .isEqualTo(new String[] { "to" }); + .getParameterNames(ReflectionUtils.findMethod(DaoImpl.class, "findMessageByTo", String.class))) + .isEqualTo(new String[] { "to" }); assertThat(this.discoverer - .getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class))) - .isEqualTo(new String[] { "to" }); + .getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByTo", String.class))) + .isEqualTo(new String[] { "to" }); } @Test public void getParameterNamesClassAnnotationOnImpl() { assertThat(this.discoverer.getParameterNames( ReflectionUtils.findMethod(Dao.class, "findMessageByToAndFrom", String.class, String.class))) - .isEqualTo(new String[] { "to", null }); + .isEqualTo(new String[] { "to", null }); assertThat(this.discoverer.getParameterNames( ReflectionUtils.findMethod(DaoImpl.class, "findMessageByToAndFrom", String.class, String.class))) - .isEqualTo(new String[] { "to", "from" }); + .isEqualTo(new String[] { "to", "from" }); } @Test public void getParameterNamesClassAnnotationOnBaseClass() { assertThat(this.discoverer - .getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByIdNoAnnotation", String.class))) - .isNull(); - assertThat(this.discoverer.getParameterNames( - ReflectionUtils.findMethod(DaoImpl.class, "findMessageByIdNoAnnotation", String.class))) - .isEqualTo(new String[] { "id" }); + .getParameterNames(ReflectionUtils.findMethod(Dao.class, "findMessageByIdNoAnnotation", String.class))) + .isNull(); + assertThat(this.discoverer + .getParameterNames(ReflectionUtils.findMethod(DaoImpl.class, "findMessageByIdNoAnnotation", String.class))) + .isEqualTo(new String[] { "id" }); } interface Dao { diff --git a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java index 6acc8ca21c..10e28b45b9 100644 --- a/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java +++ b/core/src/test/java/org/springframework/security/core/parameters/DefaultSecurityParameterNameDiscovererTests.java @@ -47,7 +47,7 @@ public class DefaultSecurityParameterNameDiscovererTests { @Test public void constructorDefault() { List discoverers = (List) ReflectionTestUtils - .getField(this.discoverer, "parameterNameDiscoverers"); + .getField(this.discoverer, "parameterNameDiscoverers"); assertThat(discoverers).hasSize(2); ParameterNameDiscoverer annotationDisc = discoverers.get(0); assertThat(annotationDisc).isInstanceOf(AnnotationParameterNameDiscoverer.class); @@ -62,7 +62,7 @@ public class DefaultSecurityParameterNameDiscovererTests { this.discoverer = new DefaultSecurityParameterNameDiscoverer( Arrays.asList(new LocalVariableTableParameterNameDiscoverer())); List discoverers = (List) ReflectionTestUtils - .getField(this.discoverer, "parameterNameDiscoverers"); + .getField(this.discoverer, "parameterNameDiscoverers"); assertThat(discoverers).hasSize(3); assertThat(discoverers.get(0)).isInstanceOf(LocalVariableTableParameterNameDiscoverer.class); ParameterNameDiscoverer annotationDisc = discoverers.get(1); diff --git a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java index 223671a265..d1f0064d90 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/MapReactiveUserDetailsServiceTests.java @@ -39,13 +39,13 @@ public class MapReactiveUserDetailsServiceTests { @Test public void constructorNullUsers() { assertThatIllegalArgumentException() - .isThrownBy(() -> new MapReactiveUserDetailsService((Collection) null)); + .isThrownBy(() -> new MapReactiveUserDetailsService((Collection) null)); } @Test public void constructorEmptyUsers() { assertThatIllegalArgumentException() - .isThrownBy(() -> new MapReactiveUserDetailsService(Collections.emptyList())); + .isThrownBy(() -> new MapReactiveUserDetailsService(Collections.emptyList())); } @Test diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java index 8c8855718f..f99de278d1 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java @@ -65,7 +65,7 @@ public class UserTests { @Test public void testNoArgConstructorDoesntExist() { assertThatExceptionOfType(NoSuchMethodException.class) - .isThrownBy(() -> User.class.getDeclaredConstructor((Class[]) null)); + .isThrownBy(() -> User.class.getDeclaredConstructor((Class[]) null)); } @Test @@ -142,15 +142,19 @@ public class UserTests { @Test public void withUserWhenDetailsPasswordEncoderThenEncodes() { UserDetails userDetails = User.withUsername("user").password("password").roles("USER").build(); - UserDetails withEncodedPassword = User.withUserDetails(userDetails).passwordEncoder((p) -> p + "encoded") - .build(); + UserDetails withEncodedPassword = User.withUserDetails(userDetails) + .passwordEncoder((p) -> p + "encoded") + .build(); assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); } @Test public void withUsernameWhenPasswordEncoderAndPasswordThenEncodes() { - UserDetails withEncodedPassword = User.withUsername("user").password("password") - .passwordEncoder((p) -> p + "encoded").roles("USER").build(); + UserDetails withEncodedPassword = User.withUsername("user") + .password("password") + .passwordEncoder((p) -> p + "encoded") + .roles("USER") + .build(); assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); } diff --git a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java index 6fd1a41b15..7b8d9da398 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java @@ -100,7 +100,7 @@ public class JdbcDaoImplTests { public void testLookupFailsWithWrongUsername() throws Exception { JdbcDaoImpl dao = makePopulatedJdbcDao(); assertThatExceptionOfType(UsernameNotFoundException.class) - .isThrownBy(() -> dao.loadUserByUsername("UNKNOWN_USER")); + .isThrownBy(() -> dao.loadUserByUsername("UNKNOWN_USER")); } @Test @@ -119,7 +119,7 @@ public class JdbcDaoImplTests { assertThat(user.getAuthorities()).hasSize(2); assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ARBITRARY_PREFIX_ROLE_TELLER"); assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())) - .contains("ARBITRARY_PREFIX_ROLE_SUPERVISOR"); + .contains("ARBITRARY_PREFIX_ROLE_SUPERVISOR"); } @Test diff --git a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java index b9ade527a2..47c5c2ddf6 100644 --- a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java @@ -71,7 +71,7 @@ public class AnonymousAuthenticationTokenMixinTests extends AbstractMixinTests { + "\"principal\": \"user\", \"authenticated\": true, \"keyHash\": " + HASH_KEY.hashCode() + "," + "\"authorities\": [\"java.util.ArrayList\", []]}"; assertThatExceptionOfType(JsonMappingException.class) - .isThrownBy(() -> this.mapper.readValue(jsonString, AnonymousAuthenticationToken.class)); + .isThrownBy(() -> this.mapper.readValue(jsonString, AnonymousAuthenticationToken.class)); } @Test diff --git a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java index 09b01ef03b..f0626acc33 100644 --- a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java @@ -120,7 +120,7 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests assertThat(((User) token.getPrincipal()).getUsername()).isEqualTo("admin"); assertThat(((User) token.getPrincipal()).getPassword()).isEqualTo("1234"); assertThat(((User) token.getPrincipal()).getAuthorities()).hasSize(1) - .contains(new SimpleGrantedAuthority("ROLE_USER")); + .contains(new SimpleGrantedAuthority("ROLE_USER")); assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); assertThat(((User) token.getPrincipal()).isEnabled()).isEqualTo(true); } diff --git a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java index 1e26b642be..99725f4f3a 100644 --- a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java @@ -61,7 +61,7 @@ public class SimpleGrantedAuthorityMixinTests extends AbstractMixinTests { public void deserializeGrantedAuthorityWithoutRoleTest() throws IOException { String json = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\"}"; assertThatExceptionOfType(JsonMappingException.class) - .isThrownBy(() -> this.mapper.readValue(json, SimpleGrantedAuthority.class)); + .isThrownBy(() -> this.mapper.readValue(json, SimpleGrantedAuthority.class)); } } diff --git a/core/src/test/java/org/springframework/security/jackson2/UnmodifiableMapDeserializerTests.java b/core/src/test/java/org/springframework/security/jackson2/UnmodifiableMapDeserializerTests.java index 9666b8a9e9..81ce735f91 100644 --- a/core/src/test/java/org/springframework/security/jackson2/UnmodifiableMapDeserializerTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/UnmodifiableMapDeserializerTests.java @@ -36,7 +36,7 @@ class UnmodifiableMapDeserializerTests extends AbstractMixinTests { @Test void shouldSerialize() throws Exception { String mapJson = mapper - .writeValueAsString(Collections.unmodifiableMap(Collections.singletonMap("Key", "Value"))); + .writeValueAsString(Collections.unmodifiableMap(Collections.singletonMap("Key", "Value"))); JSONAssert.assertEquals(DEFAULT_MAP_JSON, mapJson, true); } @@ -46,8 +46,9 @@ class UnmodifiableMapDeserializerTests extends AbstractMixinTests { Map map = mapper.readValue(DEFAULT_MAP_JSON, Collections.unmodifiableMap(Collections.emptyMap()).getClass()); - assertThat(map).isNotNull().isInstanceOf(Collections.unmodifiableMap(Collections.emptyMap()).getClass()) - .containsAllEntriesOf(Collections.singletonMap("Key", "Value")); + assertThat(map).isNotNull() + .isInstanceOf(Collections.unmodifiableMap(Collections.emptyMap()).getClass()) + .containsAllEntriesOf(Collections.singletonMap("Key", "Value")); } } diff --git a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java index c2820b8451..312c5ae3b8 100644 --- a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java @@ -73,7 +73,7 @@ public class UserDeserializerTests extends AbstractMixinTests { String userJsonWithoutPasswordString = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON, "[]"); assertThatIllegalArgumentException() - .isThrownBy(() -> this.mapper.readValue(userJsonWithoutPasswordString, User.class)); + .isThrownBy(() -> this.mapper.readValue(userJsonWithoutPasswordString, User.class)); } @Test diff --git a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java index 21d8815642..e957f0c419 100644 --- a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java @@ -48,7 +48,7 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + "}"; public static final String AUTHENTICATED_STRINGPRINCIPAL_JSON = AUTHENTICATED_JSON - .replace(UserDeserializerTests.USER_JSON, "\"admin\""); + .replace(UserDeserializerTests.USER_JSON, "\"admin\""); private static final String NON_USER_PRINCIPAL_JSON = "{" + "\"@class\": \"org.springframework.security.jackson2.UsernamePasswordAuthenticationTokenMixinTests$NonUserPrincipal\", " @@ -58,15 +58,15 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin "\"details\": \"details\", "); private static final String AUTHENTICATED_NON_USER_PRINCIPAL_JSON = AUTHENTICATED_JSON - .replace(UserDeserializerTests.USER_JSON, NON_USER_PRINCIPAL_JSON) - .replaceAll(UserDeserializerTests.USER_PASSWORD, "null") - .replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON, - SimpleGrantedAuthorityMixinTests.NO_AUTHORITIES_ARRAYLIST_JSON); + .replace(UserDeserializerTests.USER_JSON, NON_USER_PRINCIPAL_JSON) + .replaceAll(UserDeserializerTests.USER_PASSWORD, "null") + .replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON, + SimpleGrantedAuthorityMixinTests.NO_AUTHORITIES_ARRAYLIST_JSON); private static final String UNAUTHENTICATED_STRINGPRINCIPAL_JSON = AUTHENTICATED_STRINGPRINCIPAL_JSON - .replace("\"authenticated\": true, ", "\"authenticated\": false, ") - .replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON, - SimpleGrantedAuthorityMixinTests.EMPTY_AUTHORITIES_ARRAYLIST_JSON); + .replace("\"authenticated\": true, ", "\"authenticated\": false, ") + .replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON, + SimpleGrantedAuthorityMixinTests.EMPTY_AUTHORITIES_ARRAYLIST_JSON); @Test public void serializeUnauthenticatedUsernamePasswordAuthenticationTokenMixinTest() @@ -82,7 +82,7 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin throws JsonProcessingException, JSONException { User user = createDefaultUser(); UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken - .authenticated(user.getUsername(), user.getPassword(), user.getAuthorities()); + .authenticated(user.getUsername(), user.getPassword(), user.getAuthorities()); String serializedJson = this.mapper.writeValueAsString(token); JSONAssert.assertEquals(AUTHENTICATED_STRINGPRINCIPAL_JSON, serializedJson, true); } @@ -120,8 +120,9 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin UsernamePasswordAuthenticationToken.class); assertThat(token).isNotNull(); assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class); - assertThat(((User) token.getPrincipal()).getAuthorities()).isNotNull().hasSize(1) - .contains(new SimpleGrantedAuthority("ROLE_USER")); + assertThat(((User) token.getPrincipal()).getAuthorities()).isNotNull() + .hasSize(1) + .contains(new SimpleGrantedAuthority("ROLE_USER")); assertThat(token.isAuthenticated()).isEqualTo(true); assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); } @@ -162,8 +163,9 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin UsernamePasswordAuthenticationToken.class); assertThat(token).isNotNull(); assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class); - assertThat(((User) token.getPrincipal()).getAuthorities()).isNotNull().hasSize(1) - .contains(new SimpleGrantedAuthority("ROLE_USER")); + assertThat(((User) token.getPrincipal()).getAuthorities()).isNotNull() + .hasSize(1) + .contains(new SimpleGrantedAuthority("ROLE_USER")); assertThat(token.isAuthenticated()).isEqualTo(true); assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); assertThat(token.getDetails()).isExactlyInstanceOf(String.class).isEqualTo("details"); @@ -182,7 +184,7 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin @Test public void serializingThenDeserializingWithConfiguredObjectMapperShouldWork() throws IOException { this.mapper.setDefaultPropertyInclusion(Value.construct(Include.ALWAYS, Include.NON_NULL)) - .setSerializationInclusion(Include.NON_ABSENT); + .setSerializationInclusion(Include.NON_ABSENT); UsernamePasswordAuthenticationToken original = UsernamePasswordAuthenticationToken.unauthenticated("Frodo", null); String serialized = this.mapper.writeValueAsString(original); diff --git a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java index ebe8de032e..1c75512aad 100644 --- a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java +++ b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java @@ -57,7 +57,7 @@ public class InMemoryUserDetailsManagerTests { String newPassword = "newPassword"; this.manager.updatePassword(userNotLowerCase, newPassword); assertThat(this.manager.loadUserByUsername(userNotLowerCase.getUsername()).getPassword()) - .isEqualTo(newPassword); + .isEqualTo(newPassword); } @Test @@ -75,7 +75,7 @@ public class InMemoryUserDetailsManagerTests { Properties properties = new Properties(); properties.setProperty("joe", ""); assertThatIllegalArgumentException().isThrownBy(() -> new InMemoryUserDetailsManager(properties)) - .withMessage("The entry with username 'joe' could not be converted to an UserDetails"); + .withMessage("The entry with username 'joe' could not be converted to an UserDetails"); } @Test @@ -83,7 +83,7 @@ public class InMemoryUserDetailsManagerTests { Properties properties = new Properties(); properties.setProperty("joe", "{noop}joespassword"); assertThatIllegalArgumentException().isThrownBy(() -> new InMemoryUserDetailsManager(properties)) - .withMessage("The entry with username 'joe' could not be converted to an UserDetails"); + .withMessage("The entry with username 'joe' could not be converted to an UserDetails"); } @Test diff --git a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java index 798bc9c177..38d835dcdf 100644 --- a/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java +++ b/core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java @@ -103,8 +103,8 @@ public class JdbcUserDetailsManagerTests { this.template.execute("create table users(username varchar(20) not null primary key," + "password varchar(20) not null, enabled boolean not null)"); this.template - .execute("create table authorities (username varchar(20) not null, authority varchar(20) not null, " - + "constraint fk_authorities_users foreign key(username) references users(username))"); + .execute("create table authorities (username varchar(20) not null, authority varchar(20) not null, " + + "constraint fk_authorities_users foreign key(username) references users(username))"); PopulatedDatabase.createGroupTables(this.template); PopulatedDatabase.insertGroupData(this.template); } @@ -195,7 +195,7 @@ public class JdbcUserDetailsManagerTests { @Test public void changePasswordFailsForUnauthenticatedUser() { assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.manager.changePassword("password", "newPassword")); + .isThrownBy(() -> this.manager.changePassword("password", "newPassword")); } @Test @@ -246,7 +246,7 @@ public class JdbcUserDetailsManagerTests { given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException("")); this.manager.setAuthenticationManager(am); assertThatExceptionOfType(BadCredentialsException.class) - .isThrownBy(() -> this.manager.changePassword("password", "newPassword")); + .isThrownBy(() -> this.manager.changePassword("password", "newPassword")); // Check password hasn't changed. UserDetails newJoe = this.manager.loadUserByUsername("joe"); assertThat(newJoe.getPassword()).isEqualTo("password"); @@ -298,7 +298,7 @@ public class JdbcUserDetailsManagerTests { public void renameGroupIsSuccessful() { this.manager.renameGroup("GROUP_0", "GROUP_X"); assertThat(this.template.queryForObject("select id from groups where group_name = 'GROUP_X'", Integer.class)) - .isZero(); + .isZero(); } @Test @@ -311,13 +311,13 @@ public class JdbcUserDetailsManagerTests { public void removeUserFromGroupDeletesGroupMemberRow() { this.manager.removeUserFromGroup("jerry", "GROUP_1"); assertThat(this.template.queryForList("select group_id from group_members where username = 'jerry'")) - .hasSize(1); + .hasSize(1); } @Test public void findGroupAuthoritiesReturnsCorrectAuthorities() { assertThat(AuthorityUtils.createAuthorityList("ROLE_A")) - .isEqualTo(this.manager.findGroupAuthorities("GROUP_0")); + .isEqualTo(this.manager.findGroupAuthorities("GROUP_0")); } @Test diff --git a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java index cd094dacad..298fab5248 100644 --- a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java +++ b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java @@ -47,8 +47,8 @@ public class MethodInvocationUtilsTests { @Test public void exceptionIsRaisedIfArgInfoOmittedAndMethodNameIsNotUnique() { - assertThatIllegalArgumentException().isThrownBy( - () -> MethodInvocationUtils.createFromClass(BusinessServiceImpl.class, "methodReturningAList")); + assertThatIllegalArgumentException() + .isThrownBy(() -> MethodInvocationUtils.createFromClass(BusinessServiceImpl.class, "methodReturningAList")); } @Test diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java index 4502d58ee0..883ab530f4 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java +++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2EncodingUtils.java @@ -59,20 +59,26 @@ final class Argon2EncodingUtils { static String encode(byte[] hash, Argon2Parameters parameters) throws IllegalArgumentException { StringBuilder stringBuilder = new StringBuilder(); switch (parameters.getType()) { - case Argon2Parameters.ARGON2_d: - stringBuilder.append("$argon2d"); - break; - case Argon2Parameters.ARGON2_i: - stringBuilder.append("$argon2i"); - break; - case Argon2Parameters.ARGON2_id: - stringBuilder.append("$argon2id"); - break; - default: - throw new IllegalArgumentException("Invalid algorithm type: " + parameters.getType()); + case Argon2Parameters.ARGON2_d: + stringBuilder.append("$argon2d"); + break; + case Argon2Parameters.ARGON2_i: + stringBuilder.append("$argon2i"); + break; + case Argon2Parameters.ARGON2_id: + stringBuilder.append("$argon2id"); + break; + default: + throw new IllegalArgumentException("Invalid algorithm type: " + parameters.getType()); } - stringBuilder.append("$v=").append(parameters.getVersion()).append("$m=").append(parameters.getMemory()) - .append(",t=").append(parameters.getIterations()).append(",p=").append(parameters.getLanes()); + stringBuilder.append("$v=") + .append(parameters.getVersion()) + .append("$m=") + .append(parameters.getMemory()) + .append(",t=") + .append(parameters.getIterations()) + .append(",p=") + .append(parameters.getLanes()); if (parameters.getSalt() != null) { stringBuilder.append("$").append(b64encoder.encodeToString(parameters.getSalt())); } @@ -108,17 +114,17 @@ final class Argon2EncodingUtils { } int currentPart = 1; switch (parts[currentPart++]) { - case "argon2d": - paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_d); - break; - case "argon2i": - paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_i); - break; - case "argon2id": - paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id); - break; - default: - throw new IllegalArgumentException("Invalid algorithm type: " + parts[0]); + case "argon2d": + paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_d); + break; + case "argon2i": + paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_i); + break; + case "argon2id": + paramsBuilder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id); + break; + default: + throw new IllegalArgumentException("Invalid algorithm type: " + parts[0]); } if (parts[currentPart].startsWith("v=")) { paramsBuilder.withVersion(Integer.parseInt(parts[currentPart].substring(2))); diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java index 998b4df10e..d4afce73c1 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java +++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java @@ -338,29 +338,29 @@ public final class Base64 { | ((numSigBytes > 2) ? ((source[srcOffset + 2] << 24) >>> 24) : 0); switch (numSigBytes) { - case 3: - destination[destOffset] = ALPHABET[(inBuff >>> 18)]; - destination[destOffset + 1] = ALPHABET[(inBuff >>> 12) & 0x3f]; - destination[destOffset + 2] = ALPHABET[(inBuff >>> 6) & 0x3f]; - destination[destOffset + 3] = ALPHABET[(inBuff) & 0x3f]; - return destination; + case 3: + destination[destOffset] = ALPHABET[(inBuff >>> 18)]; + destination[destOffset + 1] = ALPHABET[(inBuff >>> 12) & 0x3f]; + destination[destOffset + 2] = ALPHABET[(inBuff >>> 6) & 0x3f]; + destination[destOffset + 3] = ALPHABET[(inBuff) & 0x3f]; + return destination; - case 2: - destination[destOffset] = ALPHABET[(inBuff >>> 18)]; - destination[destOffset + 1] = ALPHABET[(inBuff >>> 12) & 0x3f]; - destination[destOffset + 2] = ALPHABET[(inBuff >>> 6) & 0x3f]; - destination[destOffset + 3] = EQUALS_SIGN; - return destination; + case 2: + destination[destOffset] = ALPHABET[(inBuff >>> 18)]; + destination[destOffset + 1] = ALPHABET[(inBuff >>> 12) & 0x3f]; + destination[destOffset + 2] = ALPHABET[(inBuff >>> 6) & 0x3f]; + destination[destOffset + 3] = EQUALS_SIGN; + return destination; - case 1: - destination[destOffset] = ALPHABET[(inBuff >>> 18)]; - destination[destOffset + 1] = ALPHABET[(inBuff >>> 12) & 0x3f]; - destination[destOffset + 2] = EQUALS_SIGN; - destination[destOffset + 3] = EQUALS_SIGN; - return destination; + case 1: + destination[destOffset] = ALPHABET[(inBuff >>> 18)]; + destination[destOffset + 1] = ALPHABET[(inBuff >>> 12) & 0x3f]; + destination[destOffset + 2] = EQUALS_SIGN; + destination[destOffset + 3] = EQUALS_SIGN; + return destination; - default: - return destination; + default: + return destination; } } @@ -391,8 +391,8 @@ public final class Base64 { } // end if: len < 0 if (off + len > source.length) { - throw new IllegalArgumentException(String.format( - "Cannot have offset of %d and length of %d with array of length %d", off, len, source.length)); + throw new IllegalArgumentException(String + .format("Cannot have offset of %d and length of %d with array of length %d", off, len, source.length)); } // end if: off < 0 boolean breakLines = (options & DO_BREAK_LINES) > 0; @@ -608,7 +608,7 @@ public final class Base64 { else { // There's a bad input character in the Base64 stream. throw new InvalidBase64CharacterException(String - .format("Bad Base64 input character decimal %d in array position %d", (source[i]) & 0xFF, i)); + .format("Bad Base64 input character decimal %d in array position %d", (source[i]) & 0xFF, i)); } } diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java index d87ca46ec4..abae39532f 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2EncodingUtilsTests.java @@ -34,16 +34,24 @@ public class Argon2EncodingUtilsTests { private TestDataEntry testDataEntry1 = new TestDataEntry( "$argon2i$v=19$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs", new Argon2EncodingUtils.Argon2Hash(this.decoder.decode("cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs"), - (new Argon2Parameters.Builder(Argon2Parameters.ARGON2_i)).withVersion(19).withMemoryAsKB(1024) - .withIterations(3).withParallelism(2).withSalt("cRdFbCw23gz2Mlxk".getBytes()).build())); + (new Argon2Parameters.Builder(Argon2Parameters.ARGON2_i)).withVersion(19) + .withMemoryAsKB(1024) + .withIterations(3) + .withParallelism(2) + .withSalt("cRdFbCw23gz2Mlxk".getBytes()) + .build())); private TestDataEntry testDataEntry2 = new TestDataEntry( "$argon2id$v=19$m=333,t=5,p=2$JDR8N3k1QWx0$+PrEoHOHsWkU9lnsxqnOFrWTVEuOh7ZRIUIbe2yUG8FgTYNCWJfHQI09JAAFKzr2JAvoejEpTMghUt0WsntQYA", new Argon2EncodingUtils.Argon2Hash( this.decoder.decode( "+PrEoHOHsWkU9lnsxqnOFrWTVEuOh7ZRIUIbe2yUG8FgTYNCWJfHQI09JAAFKzr2JAvoejEpTMghUt0WsntQYA"), - (new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id)).withVersion(19).withMemoryAsKB(333) - .withIterations(5).withParallelism(2).withSalt("$4|7y5Alt".getBytes()).build())); + (new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id)).withVersion(19) + .withMemoryAsKB(333) + .withIterations(5) + .withParallelism(2) + .withSalt("$4|7y5Alt".getBytes()) + .build())); @Test public void decodeWhenValidEncodedHashWithIThenDecodeCorrectly() { @@ -58,20 +66,25 @@ public class Argon2EncodingUtilsTests { @Test public void encodeWhenValidArgumentsWithIThenEncodeToCorrectHash() { assertThat(Argon2EncodingUtils.encode(this.testDataEntry1.decoded.getHash(), - this.testDataEntry1.decoded.getParameters())).isEqualTo(this.testDataEntry1.encoded); + this.testDataEntry1.decoded.getParameters())) + .isEqualTo(this.testDataEntry1.encoded); } @Test public void encodeWhenValidArgumentsWithID2ThenEncodeToCorrectHash() { assertThat(Argon2EncodingUtils.encode(this.testDataEntry2.decoded.getHash(), - this.testDataEntry2.decoded.getParameters())).isEqualTo(this.testDataEntry2.encoded); + this.testDataEntry2.decoded.getParameters())) + .isEqualTo(this.testDataEntry2.encoded); } @Test public void encodeWhenNonexistingAlgorithmThenThrowException() { - assertThatIllegalArgumentException().isThrownBy( - () -> Argon2EncodingUtils.encode(new byte[] { 0, 1, 2, 3 }, (new Argon2Parameters.Builder(3)) - .withVersion(19).withMemoryAsKB(333).withIterations(5).withParallelism(2).build())); + assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils.encode(new byte[] { 0, 1, 2, 3 }, + (new Argon2Parameters.Builder(3)).withVersion(19) + .withMemoryAsKB(333) + .withIterations(5) + .withParallelism(2) + .build())); } @Test @@ -81,56 +94,56 @@ public class Argon2EncodingUtilsTests { @Test public void decodeWhenNonexistingAlgorithmThenThrowException() { - assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils.decode( - "$argon2x$v=19$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); + assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils + .decode("$argon2x$v=19$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); } @Test public void decodeWhenIllegalVersionParameterThenThrowException() { - assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils.decode( - "$argon2i$v=x$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); + assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils + .decode("$argon2i$v=x$m=1024,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); } @Test public void decodeWhenIllegalMemoryParameterThenThrowException() { - assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils.decode( - "$argon2i$v=19$m=x,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); + assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils + .decode("$argon2i$v=19$m=x,t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); } @Test public void decodeWhenIllegalIterationsParameterThenThrowException() { - assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils.decode( - "$argon2i$v=19$m=1024,t=x,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); + assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils + .decode("$argon2i$v=19$m=1024,t=x,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); } @Test public void decodeWhenIllegalParallelityParameterThenThrowException() { - assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils.decode( - "$argon2i$v=19$m=1024,t=3,p=x$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); + assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils + .decode("$argon2i$v=19$m=1024,t=3,p=x$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); } @Test public void decodeWhenMissingVersionParameterThenThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils - .decode("$argon2i$m=1024,t=3,p=x$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); + .decode("$argon2i$m=1024,t=3,p=x$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); } @Test public void decodeWhenMissingMemoryParameterThenThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils - .decode("$argon2i$v=19$t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); + .decode("$argon2i$v=19$t=3,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); } @Test public void decodeWhenMissingIterationsParameterThenThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils - .decode("$argon2i$v=19$m=1024,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); + .decode("$argon2i$v=19$m=1024,p=2$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); } @Test public void decodeWhenMissingParallelityParameterThenThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> Argon2EncodingUtils - .decode("$argon2i$v=19$m=1024,t=3$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); + .decode("$argon2i$v=19$m=1024,t=3$Y1JkRmJDdzIzZ3oyTWx4aw$cGE5Cbd/cx7micVhXVBdH5qTr66JI1iUyuNNVAnErXs")); } private void assertArgon2HashEquals(Argon2EncodingUtils.Argon2Hash expected, diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java index bdf4d394ea..b3780847d9 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java @@ -218,7 +218,7 @@ public class BCryptPasswordEncoderTests { public void checkWhenNoRoundsThenTrue() { BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); assertThat(encoder.matches("password", "$2a$00$9N8N35BVs5TLqGL3pspAte5OWWA2a2aZIs.EGp7At7txYakFERMue")) - .isTrue(); + .isTrue(); assertThat(encoder.matches("wrong", "$2a$00$9N8N35BVs5TLqGL3pspAte5OWWA2a2aZIs.EGp7At7txYakFERMue")).isFalse(); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java index ea0349b2e1..f0d60b4cba 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java @@ -332,13 +332,13 @@ public class BCryptTests { @Test public void emptyByteArrayCannotBeEncoded() { assertThatIllegalArgumentException() - .isThrownBy(() -> BCrypt.encode_base64(new byte[0], 0, new StringBuilder())); + .isThrownBy(() -> BCrypt.encode_base64(new byte[0], 0, new StringBuilder())); } @Test public void moreBytesThanInTheArrayCannotBeEncoded() { assertThatIllegalArgumentException() - .isThrownBy(() -> BCrypt.encode_base64(new byte[1], 2, new StringBuilder())); + .isThrownBy(() -> BCrypt.encode_base64(new byte[1], 2, new StringBuilder())); } @Test @@ -421,13 +421,13 @@ public class BCryptTests { @Test public void hashpwFailsWhenSaltSpecifiesTooFewRounds() { assertThatIllegalArgumentException() - .isThrownBy(() -> BCrypt.hashpw("password", "$2a$03$......................")); + .isThrownBy(() -> BCrypt.hashpw("password", "$2a$03$......................")); } @Test public void hashpwFailsWhenSaltSpecifiesTooManyRounds() { assertThatIllegalArgumentException() - .isThrownBy(() -> BCrypt.hashpw("password", "$2a$32$......................")); + .isThrownBy(() -> BCrypt.hashpw("password", "$2a$32$......................")); } @Test @@ -438,13 +438,13 @@ public class BCryptTests { @Test public void hashpwWorksWithOldRevision() { assertThat(BCrypt.hashpw("password", "$2$05$......................")) - .isEqualTo("$2$05$......................bvpG2UfzdyW/S0ny/4YyEZrmczoJfVm"); + .isEqualTo("$2$05$......................bvpG2UfzdyW/S0ny/4YyEZrmczoJfVm"); } @Test public void hashpwFailsWhenSaltIsTooShort() { assertThatIllegalArgumentException() - .isThrownBy(() -> BCrypt.hashpw("password", "$2a$10$123456789012345678901")); + .isThrownBy(() -> BCrypt.hashpw("password", "$2a$10$123456789012345678901")); } @Test diff --git a/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java b/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java index d3b73f6b52..3f8939eabf 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/codec/HexTests.java @@ -31,7 +31,7 @@ public class HexTests { @Test public void encode() { assertThat(Hex.encode(new byte[] { (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D' })) - .isEqualTo(new char[] { '4', '1', '4', '2', '4', '3', '4', '4' }); + .isEqualTo(new char[] { '4', '1', '4', '2', '4', '3', '4', '4' }); } @Test @@ -52,25 +52,25 @@ public class HexTests { @Test public void decodeNotEven() { assertThatIllegalArgumentException().isThrownBy(() -> Hex.decode("414243444")) - .withMessage("Hex-encoded string must have an even number of characters"); + .withMessage("Hex-encoded string must have an even number of characters"); } @Test public void decodeExistNonHexCharAtFirst() { assertThatIllegalArgumentException().isThrownBy(() -> Hex.decode("G0")) - .withMessage("Detected a Non-hex character at 1 or 2 position"); + .withMessage("Detected a Non-hex character at 1 or 2 position"); } @Test public void decodeExistNonHexCharAtSecond() { assertThatIllegalArgumentException().isThrownBy(() -> Hex.decode("410G")) - .withMessage("Detected a Non-hex character at 3 or 4 position"); + .withMessage("Detected a Non-hex character at 3 or 4 position"); } @Test public void decodeExistNonHexCharAtBoth() { assertThatIllegalArgumentException().isThrownBy(() -> Hex.decode("4142GG")) - .withMessage("Detected a Non-hex character at 5 or 6 position"); + .withMessage("Detected a Non-hex character at 5 or 6 position"); } } diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java index 97179f7572..35cb575e50 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/AesBytesEncryptorTests.java @@ -66,7 +66,7 @@ public class AesBytesEncryptorTests { AesBytesEncryptor encryptor = new AesBytesEncryptor(this.password, this.hexSalt, this.generator); byte[] encryption = encryptor.encrypt(this.secret.getBytes()); assertThat(new String(Hex.encode(encryption))) - .isEqualTo("4b0febebd439db7ca77153cb254520c3b7232ac29355d07869433f1ecf55fe94"); + .isEqualTo("4b0febebd439db7ca77153cb254520c3b7232ac29355d07869433f1ecf55fe94"); byte[] decryption = encryptor.decrypt(encryption); assertThat(new String(decryption)).isEqualTo(this.secret); } @@ -78,7 +78,7 @@ public class AesBytesEncryptorTests { CipherAlgorithm.GCM); byte[] encryption = encryptor.encrypt(this.secret.getBytes()); assertThat(new String(Hex.encode(encryption))) - .isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee"); + .isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee"); byte[] decryption = encryptor.decrypt(encryption); assertThat(new String(decryption)).isEqualTo(this.secret); } @@ -91,7 +91,7 @@ public class AesBytesEncryptorTests { AesBytesEncryptor encryptor = new AesBytesEncryptor(secretKey, this.generator, CipherAlgorithm.GCM); byte[] encryption = encryptor.encrypt(this.secret.getBytes()); assertThat(new String(Hex.encode(encryption))) - .isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee"); + .isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee"); byte[] decryption = encryptor.decrypt(encryption); assertThat(new String(decryption)).isEqualTo(this.secret); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java b/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java index 526e45c85d..b88574740b 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/factory/PasswordEncoderFactoriesTests.java @@ -133,7 +133,7 @@ public class PasswordEncoderFactoriesTests { void constructWhenAlgorithmNotAvailableThenSkip() { try (MockedStatic pbkdf2PasswordEncoderMock = mockStatic(Pbkdf2PasswordEncoder.class)) { pbkdf2PasswordEncoderMock.when(Pbkdf2PasswordEncoder::defaultsForSpringSecurity_v5_8) - .thenThrow(new IllegalArgumentException(new NoSuchAlgorithmException())); + .thenThrow(new IllegalArgumentException(new NoSuchAlgorithmException())); assertThatNoException().isThrownBy(PasswordEncoderFactories::createDelegatingPasswordEncoder); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java index 898b6df90c..ec76f10ba4 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java @@ -86,19 +86,19 @@ public class DelegatingPasswordEncoderTests { @Test public void constructorWhenIdForEncodeDoesNotExistThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId + "INVALID", this.delegates)); + .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId + "INVALID", this.delegates)); } @Test public void constructorWhenPrefixIsNull() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates, null, "$")); + .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates, null, "$")); } @Test public void constructorWhenSuffixIsNull() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates, "$", null)); + .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates, "$", null)); } @Test @@ -109,39 +109,39 @@ public class DelegatingPasswordEncoderTests { @Test public void constructorWhenSuffixIsEmpty() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates, "$", "")); + .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates, "$", "")); } @Test public void constructorWhenPrefixAndSuffixAreEmpty() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates, "", "")); + .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates, "", "")); } @Test public void constructorWhenIdContainsPrefixThenIllegalArgumentException() { this.delegates.put('{' + this.bcryptId, this.bcrypt); assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates)); + .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates)); } @Test public void constructorWhenIdContainsSuffixThenIllegalArgumentException() { this.delegates.put(this.bcryptId + '$', this.bcrypt); assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates, "", "$")); + .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates, "", "$")); } @Test public void constructorWhenPrefixContainsSuffixThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates, "$", "$")); + .isThrownBy(() -> new DelegatingPasswordEncoder(this.bcryptId, this.delegates, "$", "$")); } @Test public void setDefaultPasswordEncoderForMatchesWhenNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.passwordEncoder.setDefaultPasswordEncoderForMatches(null)); + .isThrownBy(() -> this.passwordEncoder.setDefaultPasswordEncoderForMatches(null)); } @Test @@ -192,42 +192,41 @@ public class DelegatingPasswordEncoderTests { @Test public void matchesWhenUnMappedThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{unmapped}" + this.rawPassword)) - .withMessage("There is no PasswordEncoder mapped for the id \"unmapped\""); + .isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{unmapped}" + this.rawPassword)) + .withMessage("There is no PasswordEncoder mapped for the id \"unmapped\""); verifyNoMoreInteractions(this.bcrypt, this.noop); } @Test public void matchesWhenNoClosingPrefixStringThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{bcrypt" + this.rawPassword)) - .withMessage("There is no PasswordEncoder mapped for the id \"null\""); + .isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{bcrypt" + this.rawPassword)) + .withMessage("There is no PasswordEncoder mapped for the id \"null\""); verifyNoMoreInteractions(this.bcrypt, this.noop); } @Test public void matchesWhenNoStartingPrefixStringThenFalse() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "bcrypt}" + this.rawPassword)) - .withMessage("There is no PasswordEncoder mapped for the id \"null\""); + .isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "bcrypt}" + this.rawPassword)) + .withMessage("There is no PasswordEncoder mapped for the id \"null\""); verifyNoMoreInteractions(this.bcrypt, this.noop); } @Test public void matchesWhenNoIdStringThenFalse() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{}" + this.rawPassword)) - .withMessage("There is no PasswordEncoder mapped for the id \"\""); + .isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "{}" + this.rawPassword)) + .withMessage("There is no PasswordEncoder mapped for the id \"\""); verifyNoMoreInteractions(this.bcrypt, this.noop); } @Test public void matchesWhenPrefixInMiddleThenFalse() { assertThatIllegalArgumentException() - .isThrownBy( - () -> this.passwordEncoder.matches(this.rawPassword, "invalid" + this.bcryptEncodedPassword)) - .isInstanceOf(IllegalArgumentException.class) - .withMessage("There is no PasswordEncoder mapped for the id \"null\""); + .isThrownBy(() -> this.passwordEncoder.matches(this.rawPassword, "invalid" + this.bcryptEncodedPassword)) + .isInstanceOf(IllegalArgumentException.class) + .withMessage("There is no PasswordEncoder mapped for the id \"null\""); verifyNoMoreInteractions(this.bcrypt, this.noop); } @@ -236,8 +235,8 @@ public class DelegatingPasswordEncoderTests { this.delegates = new Hashtable<>(this.delegates); DelegatingPasswordEncoder passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates); assertThatIllegalArgumentException() - .isThrownBy(() -> passwordEncoder.matches(this.rawPassword, this.rawPassword)) - .withMessage("There is no PasswordEncoder mapped for the id \"null\""); + .isThrownBy(() -> passwordEncoder.matches(this.rawPassword, this.rawPassword)) + .withMessage("There is no PasswordEncoder mapped for the id \"null\""); verifyNoMoreInteractions(this.bcrypt, this.noop); } diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java index 446b0fc846..500724129e 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/LdapShaPasswordEncoderTests.java @@ -102,7 +102,7 @@ public class LdapShaPasswordEncoderTests { public void malformedPrefixIsRejected() { // No right brace assertThatIllegalArgumentException() - .isThrownBy(() -> this.sha.matches("somepassword", "{SSHA25ro4PKC8jhQZ26jVsozhX/xaP0suHgX")); + .isThrownBy(() -> this.sha.matches("somepassword", "{SSHA25ro4PKC8jhQZ26jVsozhX/xaP0suHgX")); } } diff --git a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java index 59a6d48e67..34aabc442b 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java @@ -95,19 +95,19 @@ public class SCryptPasswordEncoderTests { @Test public void invalidCpuCostParameter() { assertThatIllegalArgumentException() - .isThrownBy(() -> new SCryptPasswordEncoder(Integer.MIN_VALUE, 16, 2, 32, 16)); + .isThrownBy(() -> new SCryptPasswordEncoder(Integer.MIN_VALUE, 16, 2, 32, 16)); } @Test public void invalidMemoryCostParameter() { assertThatIllegalArgumentException() - .isThrownBy(() -> new SCryptPasswordEncoder(2, Integer.MAX_VALUE, 2, 32, 16)); + .isThrownBy(() -> new SCryptPasswordEncoder(2, Integer.MAX_VALUE, 2, 32, 16)); } @Test public void invalidParallelizationParameter() { assertThatIllegalArgumentException() - .isThrownBy(() -> new SCryptPasswordEncoder(2, 8, Integer.MAX_VALUE, 32, 16)); + .isThrownBy(() -> new SCryptPasswordEncoder(2, 8, Integer.MAX_VALUE, 32, 16)); } @Test diff --git a/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java b/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java index ba1a938b48..5c1b3faae5 100644 --- a/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java +++ b/data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java @@ -91,7 +91,7 @@ import org.springframework.util.Assert; public class SecurityEvaluationContextExtension implements EvaluationContextExtension { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private Authentication authentication; diff --git a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java index 0480a5f6c7..e13553664b 100644 --- a/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java +++ b/data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java @@ -95,7 +95,7 @@ public class SecurityEvaluationContextExtensionTests { TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT"); this.securityExtension = new SecurityEvaluationContextExtension(explicit); assertThatIllegalArgumentException().isThrownBy(() -> this.securityExtension.setTrustResolver(null)) - .withMessage("trustResolver cannot be null"); + .withMessage("trustResolver cannot be null"); } @Test @@ -112,7 +112,7 @@ public class SecurityEvaluationContextExtensionTests { TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT"); this.securityExtension = new SecurityEvaluationContextExtension(explicit); assertThatIllegalArgumentException().isThrownBy(() -> this.securityExtension.setRoleHierarchy(null)) - .withMessage("roleHierarchy cannot be null"); + .withMessage("roleHierarchy cannot be null"); } @Test @@ -129,7 +129,7 @@ public class SecurityEvaluationContextExtensionTests { TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT"); this.securityExtension = new SecurityEvaluationContextExtension(explicit); assertThatIllegalArgumentException().isThrownBy(() -> this.securityExtension.setPermissionEvaluator(null)) - .withMessage("permissionEvaluator cannot be null"); + .withMessage("permissionEvaluator cannot be null"); } @Test diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java index 8f52555cdb..860fc65487 100644 --- a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java +++ b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java @@ -68,7 +68,7 @@ public class HttpNamespaceWithMultipleInterceptorsTests { public HttpSession createAuthenticatedSession(String... roles) { MockHttpSession session = new MockHttpSession(); SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("bob", "bobspassword", roles)); + .setAuthentication(new TestingAuthenticationToken("bob", "bobspassword", roles)); session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext()); SecurityContextHolder.clearContext(); diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java index 7ddef56172..8a4acb695b 100644 --- a/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java +++ b/itest/context/src/integration-test/java/org/springframework/security/integration/HttpPathParameterStrippingTests.java @@ -50,7 +50,7 @@ public class HttpPathParameterStrippingTests { request.setSession(createAuthenticatedSession("ROLE_USER")); MockHttpServletResponse response = new MockHttpServletResponse(); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.fcp.doFilter(request, response, new MockFilterChain())); + .isThrownBy(() -> this.fcp.doFilter(request, response, new MockFilterChain())); } @Test @@ -60,7 +60,7 @@ public class HttpPathParameterStrippingTests { request.setSession(createAuthenticatedSession("ROLE_USER")); MockHttpServletResponse response = new MockHttpServletResponse(); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.fcp.doFilter(request, response, new MockFilterChain())); + .isThrownBy(() -> this.fcp.doFilter(request, response, new MockFilterChain())); } @Test @@ -71,13 +71,13 @@ public class HttpPathParameterStrippingTests { request.setSession(createAuthenticatedSession("ROLE_USER")); MockHttpServletResponse response = new MockHttpServletResponse(); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.fcp.doFilter(request, response, new MockFilterChain())); + .isThrownBy(() -> this.fcp.doFilter(request, response, new MockFilterChain())); } public HttpSession createAuthenticatedSession(String... roles) { MockHttpSession session = new MockHttpSession(); SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("bob", "bobspassword", roles)); + .setAuthentication(new TestingAuthenticationToken("bob", "bobspassword", roles)); session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext()); SecurityContextHolder.clearContext(); diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java index 028d94e07e..d0ef7c2358 100644 --- a/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java +++ b/itest/context/src/integration-test/java/org/springframework/security/integration/SEC936ApplicationContextTests.java @@ -46,7 +46,7 @@ public class SEC936ApplicationContextTests { @Test public void securityInterceptorHandlesCallWithNoTargetObject() { SecurityContextHolder.getContext() - .setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("bob", "bobspassword")); + .setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("bob", "bobspassword")); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.sessionRegistry::getAllPrincipals); } diff --git a/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java b/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java index df4c34f69d..a1470c9fa9 100644 --- a/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java +++ b/itest/context/src/integration-test/java/org/springframework/security/integration/python/PythonInterpreterBasedSecurityTests.java @@ -35,7 +35,7 @@ public class PythonInterpreterBasedSecurityTests { @Test public void serviceMethod() { SecurityContextHolder.getContext() - .setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("bob", "bobspassword")); + .setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("bob", "bobspassword")); // for (int i=0; i < 1000; i++) { this.service.someMethod(); diff --git a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java index 5026008135..5f7b8a6cc2 100644 --- a/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java +++ b/itest/context/src/integration-test/java/org/springframework/security/performance/FilterChainPerformanceTests.java @@ -129,8 +129,9 @@ public class FilterChainPerformanceTests { StopWatch sw = new StopWatch("Scaling with nAuthorities"); for (int user = 0; user < N_AUTHORITIES / 10; user++) { int nAuthorities = (user != 0) ? user * 10 : 1; - SecurityContextHolder.getContext().setAuthentication(UsernamePasswordAuthenticationToken - .authenticated("bob", "bobspassword", createRoles(nAuthorities))); + SecurityContextHolder.getContext() + .setAuthentication(UsernamePasswordAuthenticationToken.authenticated("bob", "bobspassword", + createRoles(nAuthorities))); this.session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext()); SecurityContextHolder.clearContext(); diff --git a/itest/ldap/embedded-ldap-none/src/integration-test/java/org/springframework/security/LdapServerBeanDefinitionParserTests.java b/itest/ldap/embedded-ldap-none/src/integration-test/java/org/springframework/security/LdapServerBeanDefinitionParserTests.java index 1c06601a35..a155b08e9c 100644 --- a/itest/ldap/embedded-ldap-none/src/integration-test/java/org/springframework/security/LdapServerBeanDefinitionParserTests.java +++ b/itest/ldap/embedded-ldap-none/src/integration-test/java/org/springframework/security/LdapServerBeanDefinitionParserTests.java @@ -42,8 +42,8 @@ public class LdapServerBeanDefinitionParserTests { @Test public void apacheDirectoryServerIsStartedByDefault() { assertThatExceptionOfType(BeanDefinitionStoreException.class) - .isThrownBy(() -> this.context = new ClassPathXmlApplicationContext("applicationContext-security.xml")) - .withMessageContaining("Embedded LDAP server is not provided"); + .isThrownBy(() -> this.context = new ClassPathXmlApplicationContext("applicationContext-security.xml")) + .withMessageContaining("Embedded LDAP server is not provided"); } } diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java index c7463f3914..607b0a2414 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java @@ -75,7 +75,7 @@ public class DefaultSpringSecurityContextSourceTests { ctxSrc.setPassword("password"); ctxSrc.afterPropertiesSet(); assertThat(ctxSrc.getAuthenticatedEnvForTest("manager", "password")) - .containsKey(AbstractContextSource.SUN_LDAP_POOLING_FLAG); + .containsKey(AbstractContextSource.SUN_LDAP_POOLING_FLAG); } @Test @@ -86,7 +86,7 @@ public class DefaultSpringSecurityContextSourceTests { ctxSrc.setPassword("password"); ctxSrc.afterPropertiesSet(); assertThat(ctxSrc.getAuthenticatedEnvForTest("user", "password")) - .doesNotContainKey(AbstractContextSource.SUN_LDAP_POOLING_FLAG); + .doesNotContainKey(AbstractContextSource.SUN_LDAP_POOLING_FLAG); } // SEC-1145. Confirms that there is no issue here with pooling. @@ -96,8 +96,9 @@ public class DefaultSpringSecurityContextSourceTests { // com.sun.jndi.ldap.LdapPoolManager.showStats(System.out); // com.sun.jndi.ldap.LdapPoolManager.showStats(System.out); // Now get it gain, with wrong password. Should fail. - assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> this.contextSource - .getContext("uid=Bob,ou=people,dc=springframework,dc=org", "wrongpassword").close()); + assertThatExceptionOfType(AuthenticationException.class).isThrownBy( + () -> this.contextSource.getContext("uid=Bob,ou=people,dc=springframework,dc=org", "wrongpassword") + .close()); } @Test @@ -166,7 +167,7 @@ public class DefaultSpringSecurityContextSourceTests { // this url should be rejected because the root DN goes into a separate parameter serverUrls.add("ldap://bar:389/dc=foobar,dc=org"); assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultSpringSecurityContextSource(serverUrls, "dc=springframework,dc=org")); + .isThrownBy(() -> new DefaultSpringSecurityContextSource(serverUrls, "dc=springframework,dc=org")); } static class EnvExposingDefaultSpringSecurityContextSource extends DefaultSpringSecurityContextSource { diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java index 3257694f4f..033b70d2eb 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateITests.java @@ -91,9 +91,9 @@ public class SpringSecurityLdapTemplateITests { @Test public void namingExceptionIsTranslatedCorrectly() { assertThatExceptionOfType(UncategorizedLdapException.class) - .isThrownBy(() -> this.template.executeReadOnly((ContextExecutor) (dirContext) -> { - throw new NamingException(); - })); + .isThrownBy(() -> this.template.executeReadOnly((ContextExecutor) (dirContext) -> { + throw new NamingException(); + })); } @Test diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java index 789df1813d..1ee6ed9197 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java @@ -73,14 +73,14 @@ public class BindAuthenticatorTests { DirContextOperations user = this.authenticator.authenticate(this.bob); assertThat(user.getStringAttribute("uid")).isEqualTo("bob"); this.authenticator - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("mouse, jerry", "jerryspassword")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("mouse, jerry", "jerryspassword")); } @Test public void testAuthenticationWithInvalidUserNameFails() { this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" }); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.authenticator - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("nonexistentsuser", "password"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("nonexistentsuser", "password"))); } @Test @@ -95,17 +95,17 @@ public class BindAuthenticatorTests { // SEC-1444 this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people", "(cn={0})", this.contextSource)); this.authenticator - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("mouse, jerry", "jerryspassword")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("mouse, jerry", "jerryspassword")); this.authenticator - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("slash/guy", "slashguyspassword")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("slash/guy", "slashguyspassword")); // SEC-1661 - this.authenticator.setUserSearch( - new FilterBasedLdapUserSearch("ou=\\\"quoted people\\\"", "(cn={0})", this.contextSource)); this.authenticator - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("quote\"guy", "quoteguyspassword")); + .setUserSearch(new FilterBasedLdapUserSearch("ou=\\\"quoted people\\\"", "(cn={0})", this.contextSource)); + this.authenticator + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("quote\"guy", "quoteguyspassword")); this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("", "(cn={0})", this.contextSource)); this.authenticator - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("quote\"guy", "quoteguyspassword")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("quote\"guy", "quoteguyspassword")); } /* @@ -133,7 +133,7 @@ public class BindAuthenticatorTests { public void testAuthenticationWithWrongPasswordFails() { this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" }); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.authenticator - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bob", "wrongpassword"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bob", "wrongpassword"))); } @Test diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java index 0994a2b4b4..5ba4a7d72c 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorTests.java @@ -78,11 +78,11 @@ public class PasswordComparisonAuthenticatorTests { public void testFailedSearchGivesUserNotFoundException() throws Exception { this.authenticator = new PasswordComparisonAuthenticator(this.contextSource); assertThat(this.authenticator.getUserDns("Bob")).withFailMessage("User DN matches shouldn't be available") - .isEmpty(); + .isEmpty(); this.authenticator.setUserSearch(new MockUserSearch(null)); this.authenticator.afterPropertiesSet(); assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> this.authenticator - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("Joe", "pass"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("Joe", "pass"))); } @Test @@ -90,7 +90,7 @@ public class PasswordComparisonAuthenticatorTests { // Don't retrieve the password this.authenticator.setUserAttributes(new String[] { "uid", "cn", "sn" }); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.authenticator - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bob", "wrongpass"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bob", "wrongpass"))); } @Test @@ -146,14 +146,14 @@ public class PasswordComparisonAuthenticatorTests { this.authenticator = new PasswordComparisonAuthenticator(this.contextSource); this.authenticator.setPasswordEncoder(NoOpPasswordEncoder.getInstance()); assertThat(this.authenticator.getUserDns("Bob")).withFailMessage("User DN matches shouldn't be available") - .isEmpty(); + .isEmpty(); DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=Bob,ou=people")); ctx.setAttributeValue("userPassword", "bobspassword"); this.authenticator.setUserSearch(new MockUserSearch(ctx)); this.authenticator - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("shouldntbeused", "bobspassword")); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("shouldntbeused", "bobspassword")); } } diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java index 4a3dc2e2d8..5dd196fb02 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearchTests.java @@ -86,7 +86,7 @@ public class FilterBasedLdapUserSearchTests { public void searchFailsOnMultipleMatches() { FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(cn=*)", this.contextSource); assertThatExceptionOfType(IncorrectResultSizeDataAccessException.class) - .isThrownBy(() -> locator.searchForUser("Ignored")); + .isThrownBy(() -> locator.searchForUser("Ignored")); } @Test diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java index 8d2757ae05..f4f3953a19 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java @@ -115,7 +115,7 @@ public class ApacheDSContainerTests { server.setPort(ports.get(0)); server.setLdapOverSslEnabled(true); assertThatIllegalArgumentException().isThrownBy(server::afterPropertiesSet) - .withMessage("When LdapOverSsl is enabled, the keyStoreFile property must be set."); + .withMessage("When LdapOverSsl is enabled, the keyStoreFile property must be set."); } @Test @@ -137,7 +137,8 @@ public class ApacheDSContainerTests { server.setKeyStoreFile(temporaryKeyStoreFile); server.setCertificatePassord("incorrect-password"); assertThatExceptionOfType(RuntimeException.class).isThrownBy(server::afterPropertiesSet) - .withMessage("Server startup failed").withRootCauseInstanceOf(UnrecoverableKeyException.class); + .withMessage("Server startup failed") + .withRootCauseInstanceOf(UnrecoverableKeyException.class); } /** diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSEmbeddedLdifTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSEmbeddedLdifTests.java index 3ffa2a735d..232f241845 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSEmbeddedLdifTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSEmbeddedLdifTests.java @@ -71,9 +71,9 @@ public class ApacheDSEmbeddedLdifTests { @Test // SEC-2387 public void customAttributeTypesShouldBeProperlyCreatedWhenLoadedFromLdif() { assertThat(this.ldapTemplate.compare("uid=objectWithCustomAttribute1", "uid", "objectWithCustomAttribute1")) - .isTrue(); + .isTrue(); assertThat(this.ldapTemplate.compare("uid=objectWithCustomAttribute1", "customAttribute", "I am custom")) - .isTrue(); + .isTrue(); } } diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java index 45b26ed34b..d5a86eb68c 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/server/UnboundIdContainerLdifTests.java @@ -52,7 +52,7 @@ public class UnboundIdContainerLdifTests { this.appCtx = new AnnotationConfigApplicationContext(CustomLdifConfig.class); DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx - .getBean(ContextSource.class); + .getBean(ContextSource.class); SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(contextSource); assertThat(template.compare("uid=bob,ou=people", "uid", "bob")).isTrue(); @@ -63,7 +63,7 @@ public class UnboundIdContainerLdifTests { this.appCtx = new AnnotationConfigApplicationContext(WildcardLdifConfig.class); DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx - .getBean(ContextSource.class); + .getBean(ContextSource.class); SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(contextSource); assertThat(template.compare("uid=bob,ou=people", "uid", "bob")).isTrue(); @@ -72,17 +72,17 @@ public class UnboundIdContainerLdifTests { @Test public void unboundIdContainerWhenMalformedLdifThenException() { assertThatExceptionOfType(Exception.class) - .isThrownBy(() -> this.appCtx = new AnnotationConfigApplicationContext(MalformedLdifConfig.class)) - .withCauseInstanceOf(IllegalStateException.class) - .withMessageContaining("Unable to load LDIF classpath:test-server-malformed.txt"); + .isThrownBy(() -> this.appCtx = new AnnotationConfigApplicationContext(MalformedLdifConfig.class)) + .withCauseInstanceOf(IllegalStateException.class) + .withMessageContaining("Unable to load LDIF classpath:test-server-malformed.txt"); } @Test public void unboundIdContainerWhenMissingLdifThenException() { assertThatExceptionOfType(Exception.class) - .isThrownBy(() -> this.appCtx = new AnnotationConfigApplicationContext(MissingLdifConfig.class)) - .withCauseInstanceOf(IllegalStateException.class) - .withMessageContaining("Unable to load LDIF classpath:does-not-exist.ldif"); + .isThrownBy(() -> this.appCtx = new AnnotationConfigApplicationContext(MissingLdifConfig.class)) + .withCauseInstanceOf(IllegalStateException.class) + .withMessageContaining("Unable to load LDIF classpath:does-not-exist.ldif"); } @Test diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java index 1761a6c4ae..cef1e20c08 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulatorTests.java @@ -77,7 +77,7 @@ public class DefaultLdapAuthoritiesPopulatorTests { this.populator.setDefaultRole("ROLE_USER"); Collection authorities = this.populator - .getGrantedAuthorities(new DirContextAdapter(new DistinguishedName("cn=notused")), "notused"); + .getGrantedAuthorities(new DirContextAdapter(new DistinguishedName("cn=notused")), "notused"); assertThat(authorities).hasSize(1); assertThat(AuthorityUtils.authorityListToSet(authorities).contains("ROLE_USER")).isTrue(); } @@ -112,7 +112,7 @@ public class DefaultLdapAuthoritiesPopulatorTests { new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org")); Set authorities = AuthorityUtils - .authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager")); + .authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager")); assertThat(authorities).as("Should have 1 role").hasSize(1); assertThat(authorities.contains("ROLE_MANAGER")).isTrue(); @@ -127,7 +127,7 @@ public class DefaultLdapAuthoritiesPopulatorTests { new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org")); Set authorities = AuthorityUtils - .authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager")); + .authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager")); assertThat(authorities).as("Should have 2 roles").hasSize(2); assertThat(authorities.contains("ROLE_MANAGER")).isTrue(); @@ -144,7 +144,7 @@ public class DefaultLdapAuthoritiesPopulatorTests { new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org")); Set authorities = AuthorityUtils - .authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager")); + .authorityListToSet(this.populator.getGrantedAuthorities(ctx, "manager")); assertThat(authorities).as("Should have 3 roles").hasSize(3); assertThat(authorities.contains("ROLE_MANAGER")).isTrue(); @@ -162,7 +162,7 @@ public class DefaultLdapAuthoritiesPopulatorTests { }; Collection authorities = this.populator - .getGrantedAuthorities(new DirContextAdapter(new DistinguishedName("cn=notused")), "notused"); + .getGrantedAuthorities(new DirContextAdapter(new DistinguishedName("cn=notused")), "notused"); assertThat(authorities).hasSize(1); assertThat(AuthorityUtils.authorityListToSet(authorities).contains("ROLE_EXTRA")).isTrue(); } @@ -177,7 +177,7 @@ public class DefaultLdapAuthoritiesPopulatorTests { new DistinguishedName("cn=mouse\\, jerry,ou=people,dc=springframework,dc=org")); Set authorities = AuthorityUtils - .authorityListToSet(this.populator.getGrantedAuthorities(ctx, "notused")); + .authorityListToSet(this.populator.getGrantedAuthorities(ctx, "notused")); assertThat(authorities).as("Should have 1 role").hasSize(1); assertThat(authorities.contains("ROLE_MANAGER")).isTrue(); diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java index 1b3948e666..14916efd88 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerModifyPasswordTests.java @@ -63,7 +63,7 @@ public class LdapUserDetailsManagerModifyPasswordTests { @WithMockUser(username = "bob", password = "bobspassword", authorities = "ROLE_USER") public void changePasswordWhenOldPasswordIsIncorrectThenThrowsException() { assertThatExceptionOfType(BadCredentialsException.class) - .isThrownBy(() -> this.userDetailsManager.changePassword("wrongoldpassword", "bobsnewpassword")); + .isThrownBy(() -> this.userDetailsManager.changePassword("wrongoldpassword", "bobsnewpassword")); } @Test @@ -76,7 +76,7 @@ public class LdapUserDetailsManagerModifyPasswordTests { assertThat(template.compare("uid=bob,ou=people", "userPassword", "bobsshinynewandformidablylongandnearlyimpossibletorememberthoughdemonstrablyhardtocrackduetoitshighlevelofentropypasswordofjustice")) - .isTrue(); + .isTrue(); } @Configuration diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java index 7dbb621690..63d7bba4ea 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManagerTests.java @@ -197,13 +197,14 @@ public class LdapUserDetailsManagerTests { this.mgr.createUser(p.createUserDetails()); - SecurityContextHolder.getContext().setAuthentication(UsernamePasswordAuthenticationToken - .authenticated("johnyossarian", "yossarianspassword", TEST_AUTHORITIES)); + SecurityContextHolder.getContext() + .setAuthentication(UsernamePasswordAuthenticationToken.authenticated("johnyossarian", "yossarianspassword", + TEST_AUTHORITIES)); this.mgr.changePassword("yossarianspassword", "yossariansnewpassword"); assertThat(this.template.compare("uid=johnyossarian,ou=test people", "userPassword", "yossariansnewpassword")) - .isTrue(); + .isTrue(); } @Test @@ -220,13 +221,13 @@ public class LdapUserDetailsManagerTests { SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class); given(strategy.getContext()).willReturn(new SecurityContextImpl(UsernamePasswordAuthenticationToken - .authenticated("johnyossarian", "yossarianspassword", TEST_AUTHORITIES))); + .authenticated("johnyossarian", "yossarianspassword", TEST_AUTHORITIES))); this.mgr.setSecurityContextHolderStrategy(strategy); this.mgr.changePassword("yossarianspassword", "yossariansnewpassword"); assertThat(this.template.compare("uid=johnyossarian,ou=test people", "userPassword", "yossariansnewpassword")) - .isTrue(); + .isTrue(); verify(strategy).getContext(); } @@ -240,10 +241,11 @@ public class LdapUserDetailsManagerTests { p.setPassword("yossarianspassword"); p.setAuthorities(TEST_AUTHORITIES); this.mgr.createUser(p.createUserDetails()); - SecurityContextHolder.getContext().setAuthentication(UsernamePasswordAuthenticationToken - .authenticated("johnyossarian", "yossarianspassword", TEST_AUTHORITIES)); + SecurityContextHolder.getContext() + .setAuthentication(UsernamePasswordAuthenticationToken.authenticated("johnyossarian", "yossarianspassword", + TEST_AUTHORITIES)); assertThatExceptionOfType(BadCredentialsException.class) - .isThrownBy(() -> this.mgr.changePassword("wrongpassword", "yossariansnewpassword")); + .isThrownBy(() -> this.mgr.changePassword("wrongpassword", "yossariansnewpassword")); } } diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java index b505bfd400..beed1a45ba 100644 --- a/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java +++ b/ldap/src/integration-test/java/org/springframework/security/ldap/userdetails/NestedLdapAuthoritiesPopulatorTests.java @@ -132,7 +132,7 @@ public class NestedLdapAuthoritiesPopulatorTests { assertThat(ldapAuthorities[0].getAttributes().get("member")).isNotNull(); assertThat(ldapAuthorities[0].getAttributes().get("member")).hasSize(3); assertThat(ldapAuthorities[0].getFirstAttributeValue("member")) - .isEqualTo("cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org"); + .isEqualTo("cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org"); // java group assertThat(ldapAuthorities[1].getAttributes().containsKey("member")).isTrue(); @@ -140,7 +140,7 @@ public class NestedLdapAuthoritiesPopulatorTests { assertThat(ldapAuthorities[1].getAttributes().get("member")).hasSize(3); assertThat(this.groovyDevelopers.getDn()).isEqualTo(ldapAuthorities[1].getFirstAttributeValue("member")); assertThat(ldapAuthorities[2].getAttributes().get("member")) - .contains("uid=closuredude,ou=people,dc=springframework,dc=org"); + .contains("uid=closuredude,ou=people,dc=springframework,dc=org"); // test non existent attribute assertThat(ldapAuthorities[2].getFirstAttributeValue("test")).isNull(); diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java index 0d0b457d81..035fb27e3b 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java +++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java @@ -43,7 +43,7 @@ public class SpringSecurityAuthenticationSource implements AuthenticationSource private static final Log log = LogFactory.getLog(SpringSecurityAuthenticationSource.class); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); /** * Get the principals of the logged in user, in this case the distinguished name. diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java index 381b3c3179..4dcb42aee0 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java +++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java @@ -233,8 +233,8 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda this.logger.debug("Failed to locate AD-specific sub-error code in message"); return; } - this.logger.info( - LogMessage.of(() -> "Active Directory authentication failed: " + subCodeToLogMessage(subErrorCode))); + this.logger + .info(LogMessage.of(() -> "Active Directory authentication failed: " + subCodeToLogMessage(subErrorCode))); if (this.convertSubErrorCodesToExceptions) { raiseExceptionForErrorCode(subErrorCode, exception); } @@ -260,41 +260,42 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda String hexString = Integer.toHexString(code); Throwable cause = new ActiveDirectoryAuthenticationException(hexString, exception.getMessage(), exception); switch (code) { - case PASSWORD_EXPIRED: - throw new CredentialsExpiredException(this.messages.getMessage( - "LdapAuthenticationProvider.credentialsExpired", "User credentials have expired"), cause); - case ACCOUNT_DISABLED: - throw new DisabledException( - this.messages.getMessage("LdapAuthenticationProvider.disabled", "User is disabled"), cause); - case ACCOUNT_EXPIRED: - throw new AccountExpiredException( - this.messages.getMessage("LdapAuthenticationProvider.expired", "User account has expired"), cause); - case ACCOUNT_LOCKED: - throw new LockedException( - this.messages.getMessage("LdapAuthenticationProvider.locked", "User account is locked"), cause); - default: - throw badCredentials(cause); + case PASSWORD_EXPIRED: + throw new CredentialsExpiredException(this.messages.getMessage( + "LdapAuthenticationProvider.credentialsExpired", "User credentials have expired"), cause); + case ACCOUNT_DISABLED: + throw new DisabledException( + this.messages.getMessage("LdapAuthenticationProvider.disabled", "User is disabled"), cause); + case ACCOUNT_EXPIRED: + throw new AccountExpiredException( + this.messages.getMessage("LdapAuthenticationProvider.expired", "User account has expired"), + cause); + case ACCOUNT_LOCKED: + throw new LockedException( + this.messages.getMessage("LdapAuthenticationProvider.locked", "User account is locked"), cause); + default: + throw badCredentials(cause); } } private String subCodeToLogMessage(int code) { switch (code) { - case USERNAME_NOT_FOUND: - return "User was not found in directory"; - case INVALID_PASSWORD: - return "Supplied password was invalid"; - case NOT_PERMITTED: - return "User not permitted to logon at this time"; - case PASSWORD_EXPIRED: - return "Password has expired"; - case ACCOUNT_DISABLED: - return "Account is disabled"; - case ACCOUNT_EXPIRED: - return "Account expired"; - case PASSWORD_NEEDS_RESET: - return "User must reset password"; - case ACCOUNT_LOCKED: - return "Account locked"; + case USERNAME_NOT_FOUND: + return "User was not found in directory"; + case INVALID_PASSWORD: + return "Supplied password was invalid"; + case NOT_PERMITTED: + return "User not permitted to logon at this time"; + case PASSWORD_EXPIRED: + return "Password has expired"; + case ACCOUNT_DISABLED: + return "Account is disabled"; + case ACCOUNT_EXPIRED: + return "Account expired"; + case PASSWORD_NEEDS_RESET: + return "User must reset password"; + case ACCOUNT_LOCKED: + return "Account locked"; } return "Unknown (error code " + Integer.toHexString(code) + ")"; } @@ -309,8 +310,8 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda } private InternalAuthenticationServiceException badLdapConnection(Throwable cause) { - return new InternalAuthenticationServiceException(this.messages.getMessage( - "LdapAuthenticationProvider.badLdapConnection", "Connection to LDAP server failed."), cause); + return new InternalAuthenticationServiceException(this.messages + .getMessage("LdapAuthenticationProvider.badLdapConnection", "Connection to LDAP server failed."), cause); } private DirContextOperations searchForUser(DirContext context, String username) throws NamingException { diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java index 730b23291a..f0b89483d7 100755 --- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java +++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java @@ -215,7 +215,7 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl { else if (tag == 1) { BERIntegral error = (BERIntegral) elt.getValue(); PasswordPolicyResponseControl.this.errorStatus = PasswordPolicyErrorStatus.values()[error - .getValue()]; + .getValue()]; } } } diff --git a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java index c00a0b8c49..d3f92397c9 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java +++ b/ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java @@ -128,7 +128,7 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch { */ public void setSearchSubtree(boolean searchSubtree) { this.searchControls - .setSearchScope(searchSubtree ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE); + .setSearchScope(searchSubtree ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE); } /** @@ -157,9 +157,9 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch { sb.append(getClass().getSimpleName()).append(" ["); sb.append("searchFilter=").append(this.searchFilter).append("; "); sb.append("searchBase=").append(this.searchBase).append("; "); - sb.append("scope=").append( - (this.searchControls.getSearchScope() != SearchControls.SUBTREE_SCOPE) ? "single-level" : "subtree") - .append("; "); + sb.append("scope=") + .append((this.searchControls.getSearchScope() != SearchControls.SUBTREE_SCOPE) ? "single-level" : "subtree") + .append("; "); sb.append("searchTimeLimit=").append(this.searchControls.getTimeLimit()).append("; "); sb.append("derefLinkFlag=").append(this.searchControls.getDerefLinkFlag()).append(" ]"); return sb.toString(); diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java index e8d24c8f1f..a1487b6665 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java @@ -84,7 +84,7 @@ public class LdapUserDetailsManager implements UserDetailsManager { private final Log logger = LogFactory.getLog(LdapUserDetailsManager.class); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); /** * The strategy for mapping usernames to LDAP distinguished names. This will be used diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java index b44e30a0d8..470c8d7842 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java @@ -83,7 +83,7 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper { } // Check for PPolicy data PasswordPolicyResponseControl ppolicy = (PasswordPolicyResponseControl) ctx - .getObjectAttribute(PasswordPolicyControl.OID); + .getObjectAttribute(PasswordPolicyControl.OID); if (ppolicy != null) { essence.setTimeBeforeExpiration(ppolicy.getTimeBeforeExpiration()); essence.setGraceLoginsRemaining(ppolicy.getGraceLoginsRemaining()); diff --git a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java index 104628f451..b5f6090a88 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java @@ -52,7 +52,7 @@ public class LdapUtilsTests { final DirContext mockCtx = mock(DirContext.class); given(mockCtx.getNameInNamespace()).willReturn(""); assertThat(LdapUtils.getRelativeName("cn=jane,dc=springframework,dc=org", mockCtx)) - .isEqualTo("cn=jane,dc=springframework,dc=org"); + .isEqualTo("cn=jane,dc=springframework,dc=org"); } @Test @@ -60,7 +60,7 @@ public class LdapUtilsTests { final DirContext mockCtx = mock(DirContext.class); given(mockCtx.getNameInNamespace()).willReturn("dc=springsecurity,dc = org"); assertThat(LdapUtils.getRelativeName("cn=jane smith, dc = springsecurity , dc=org", mockCtx)) - .isEqualTo("cn=jane smith"); + .isEqualTo("cn=jane smith"); } @Test @@ -70,15 +70,15 @@ public class LdapUtilsTests { assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine/")).isEqualTo(""); assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine.co.uk/")).isEqualTo(""); assertThat(LdapUtils.parseRootDnFromUrl("ldaps://monkeymachine.co.uk/dc=springframework,dc=org")) - .isEqualTo("dc=springframework,dc=org"); + .isEqualTo("dc=springframework,dc=org"); assertThat(LdapUtils.parseRootDnFromUrl("ldap:///dc=springframework,dc=org")) - .isEqualTo("dc=springframework,dc=org"); + .isEqualTo("dc=springframework,dc=org"); assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine/dc=springframework,dc=org")) - .isEqualTo("dc=springframework,dc=org"); + .isEqualTo("dc=springframework,dc=org"); assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine.co.uk/dc=springframework,dc=org/ou=blah")) - .isEqualTo("dc=springframework,dc=org/ou=blah"); + .isEqualTo("dc=springframework,dc=org/ou=blah"); assertThat(LdapUtils.parseRootDnFromUrl("ldap://monkeymachine.co.uk:389/dc=springframework,dc=org/ou=blah")) - .isEqualTo("dc=springframework,dc=org/ou=blah"); + .isEqualTo("dc=springframework,dc=org/ou=blah"); } } diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java index 27a0dcb215..12d9c38279 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java @@ -58,8 +58,9 @@ public class SpringSecurityAuthenticationSourceTests { @Test public void principalIsEmptyForAnonymousUser() { AuthenticationSource source = new SpringSecurityAuthenticationSource(); - SecurityContextHolder.getContext().setAuthentication( - new AnonymousAuthenticationToken("key", "anonUser", AuthorityUtils.createAuthorityList("ignored"))); + SecurityContextHolder.getContext() + .setAuthentication( + new AnonymousAuthenticationToken("key", "anonUser", AuthorityUtils.createAuthorityList("ignored"))); assertThat(source.getPrincipal()).isEqualTo(""); } @@ -84,7 +85,7 @@ public class SpringSecurityAuthenticationSourceTests { user.setDn(new DistinguishedName("uid=joe,ou=users")); AuthenticationSource source = new SpringSecurityAuthenticationSource(); SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken(user.createUserDetails(), null)); + .setAuthentication(new TestingAuthenticationToken(user.createUserDetails(), null)); assertThat(source.getPrincipal()).isEqualTo("uid=joe,ou=users"); } @@ -95,7 +96,7 @@ public class SpringSecurityAuthenticationSourceTests { user.setDn(new DistinguishedName("uid=joe,ou=users")); SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class); given(strategy.getContext()) - .willReturn(new SecurityContextImpl(new TestingAuthenticationToken(user.createUserDetails(), null))); + .willReturn(new SecurityContextImpl(new TestingAuthenticationToken(user.createUserDetails(), null))); SpringSecurityAuthenticationSource source = new SpringSecurityAuthenticationSource(); source.setSecurityContextHolderStrategy(strategy); assertThat(source.getPrincipal()).isEqualTo("uid=joe,ou=users"); diff --git a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java index cf5c58500f..51d43be1e8 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java @@ -61,7 +61,7 @@ public class SpringSecurityLdapTemplateTests { Object[] params = new Object[] {}; DirContextAdapter searchResultObject = mock(DirContextAdapter.class); given(this.ctx.search(any(DistinguishedName.class), eq(filter), eq(params), this.searchControls.capture())) - .willReturn(this.resultsEnum); + .willReturn(this.resultsEnum); given(this.resultsEnum.hasMore()).willReturn(true, false); given(this.resultsEnum.next()).willReturn(this.searchResult); given(this.searchResult.getObject()).willReturn(searchResultObject); diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java index 092523f227..319e6b9700 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java @@ -70,7 +70,7 @@ public class LdapAuthenticationProviderTests { assertThatExceptionOfType(BadCredentialsException.class).isThrownBy( () -> ldapProvider.authenticate(UsernamePasswordAuthenticationToken.unauthenticated(null, "password"))); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> ldapProvider - .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("", "bobspassword"))); + .authenticate(UsernamePasswordAuthenticationToken.unauthenticated("", "bobspassword"))); } @Test @@ -151,7 +151,9 @@ public class LdapAuthenticationProviderTests { given(mockAuthenticator.authenticate(authRequest)).willThrow(expectedCause); LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(mockAuthenticator); assertThatExceptionOfType(InternalAuthenticationServiceException.class) - .isThrownBy(() -> ldapProvider.authenticate(authRequest)).havingCause().isSameAs(expectedCause); + .isThrownBy(() -> ldapProvider.authenticate(authRequest)) + .havingCause() + .isSameAs(expectedCause); } class MockAuthenticator implements LdapAuthenticator { diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java index ec5432367c..f5c2d8b4ae 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticatorMockTests.java @@ -52,7 +52,8 @@ public class PasswordComparisonAuthenticatorMockTests { // Setup a single return value (i.e. success) final NamingEnumeration searchResults = new BasicAttributes("", null).getAll(); given(dirCtx.search(eq("cn=Bob,ou=people"), eq("(userPassword={0})"), any(Object[].class), - any(SearchControls.class))).willReturn(searchResults); + any(SearchControls.class))) + .willReturn(searchResults); authenticator.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("Bob", "bobspassword")); } diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java index e0d28f9392..92205144f6 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java @@ -95,7 +95,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); given(ctx.search(any(Name.class), eq(customSearchFilter), any(Object[].class), any(SearchControls.class))) - .willReturn(new MockNamingEnumeration(sr)); + .willReturn(new MockNamingEnumeration(sr)); ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider( "mydomain.eu", "ldap://192.168.1.200/"); customProvider.contextFactory = createContextFactoryReturning(ctx); @@ -112,7 +112,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); given(ctx.search(any(Name.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class))) - .willReturn(new MockNamingEnumeration(sr)); + .willReturn(new MockNamingEnumeration(sr)); ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider( "mydomain.eu", "ldap://192.168.1.200/"); customProvider.contextFactory = createContextFactoryReturning(ctx); @@ -132,7 +132,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); given(ctx.search(any(Name.class), eq(defaultSearchFilter), captor.capture(), any(SearchControls.class))) - .willReturn(new MockNamingEnumeration(sr)); + .willReturn(new MockNamingEnumeration(sr)); ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider( "mydomain.eu", "ldap://192.168.1.200/"); customProvider.contextFactory = createContextFactoryReturning(ctx); @@ -159,7 +159,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { DirContextAdapter dca = new DirContextAdapter(); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); given(ctx.search(eq(new DistinguishedName("DC=mydomain,DC=eu")), any(String.class), any(Object[].class), - any(SearchControls.class))).willReturn(new MockNamingEnumeration(sr)); + any(SearchControls.class))) + .willReturn(new MockNamingEnumeration(sr)); this.provider.contextFactory = createContextFactoryReturning(ctx); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe)); this.provider.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("joe@mydomain.eu", "password")); @@ -170,7 +171,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { DirContext ctx = mock(DirContext.class); given(ctx.getNameInNamespace()).willReturn(""); given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class))) - .willThrow(new NameNotFoundException()); + .willThrow(new NameNotFoundException()); this.provider.contextFactory = createContextFactoryReturning(ctx); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe)); } @@ -181,7 +182,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { DirContext ctx = mock(DirContext.class); given(ctx.getNameInNamespace()).willReturn(""); given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class))) - .willReturn(new EmptyEnumeration<>()); + .willReturn(new EmptyEnumeration<>()); this.provider.contextFactory = createContextFactoryReturning(ctx); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe)); } @@ -204,10 +205,10 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { given(searchResult.getObject()).willReturn(new DirContextAdapter("ou=1"), new DirContextAdapter("ou=2")); given(searchResults.next()).willReturn(searchResult); given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class))) - .willReturn(searchResults); + .willReturn(searchResults); this.provider.contextFactory = createContextFactoryReturning(ctx); assertThatExceptionOfType(IncorrectResultSizeDataAccessException.class) - .isThrownBy(() -> this.provider.authenticate(this.joe)); + .isThrownBy(() -> this.provider.authenticate(this.joe)); } static final String msg = "[LDAP: error code 49 - 80858585: LdapErr: DSID-DECAFF0, comment: AcceptSecurityContext error, data "; @@ -240,9 +241,9 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { new AuthenticationException(msg + dataCode + ", xxxx]")); this.provider.setConvertSubErrorCodesToExceptions(true); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe)) - .withCauseInstanceOf(ActiveDirectoryAuthenticationException.class) - .satisfies((ex) -> assertThat(((ActiveDirectoryAuthenticationException) ex.getCause()).getDataCode()) - .isEqualTo(dataCode)); + .withCauseInstanceOf(ActiveDirectoryAuthenticationException.class) + .satisfies((ex) -> assertThat(((ActiveDirectoryAuthenticationException) ex.getCause()).getDataCode()) + .isEqualTo(dataCode)); } @Test @@ -251,7 +252,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe)); this.provider.setConvertSubErrorCodesToExceptions(true); assertThatExceptionOfType(CredentialsExpiredException.class) - .isThrownBy(() -> this.provider.authenticate(this.joe)); + .isThrownBy(() -> this.provider.authenticate(this.joe)); } @Test @@ -302,10 +303,10 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { ActiveDirectoryLdapAuthenticationProvider noneReachableProvider = new ActiveDirectoryLdapAuthenticationProvider( "mydomain.eu", NON_EXISTING_LDAP_PROVIDER, "dc=ad,dc=eu,dc=mydomain"); noneReachableProvider - .setContextEnvironmentProperties(Collections.singletonMap("com.sun.jndi.ldap.connect.timeout", "5")); + .setContextEnvironmentProperties(Collections.singletonMap("com.sun.jndi.ldap.connect.timeout", "5")); assertThatExceptionOfType( org.springframework.security.authentication.InternalAuthenticationServiceException.class) - .isThrownBy(() -> noneReachableProvider.doAuthentication(this.joe)); + .isThrownBy(() -> noneReachableProvider.doAuthentication(this.joe)); } @Test @@ -323,7 +324,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { @Test public void setContextEnvironmentPropertiesEmpty() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.provider.setContextEnvironmentProperties(new Hashtable<>())); + .isThrownBy(() -> this.provider.setContextEnvironmentProperties(new Hashtable<>())); } @Test @@ -332,9 +333,9 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { env.put("java.naming.ldap.factory.socket", "unknown.package.NonExistingSocketFactory"); this.provider.setContextEnvironmentProperties(env); assertThatExceptionOfType(InternalAuthenticationServiceException.class) - .isThrownBy(() -> this.provider.authenticate(this.joe)) - .withCauseInstanceOf(org.springframework.ldap.CommunicationException.class) - .withRootCauseInstanceOf(ClassNotFoundException.class); + .isThrownBy(() -> this.provider.authenticate(this.joe)) + .withCauseInstanceOf(org.springframework.ldap.CommunicationException.class) + .withRootCauseInstanceOf(ClassNotFoundException.class); } ContextFactory createContextFactoryThrowing(final NamingException ex) { @@ -364,7 +365,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests { @SuppressWarnings("deprecation") DistinguishedName searchBaseDn = new DistinguishedName(rootDn); given(ctx.search(eq(searchBaseDn), any(String.class), any(Object[].class), any(SearchControls.class))) - .willReturn(new MockNamingEnumeration(sr)).willReturn(new MockNamingEnumeration(sr)); + .willReturn(new MockNamingEnumeration(sr)) + .willReturn(new MockNamingEnumeration(sr)); provider.contextFactory = createContextFactoryReturning(ctx); Authentication result = provider.authenticate(this.joe); assertThat(result.getAuthorities()).isEmpty(); diff --git a/ldap/src/test/java/org/springframework/security/ldap/jackson2/InetOrgPersonMixinTests.java b/ldap/src/test/java/org/springframework/security/ldap/jackson2/InetOrgPersonMixinTests.java index d9a05e6531..57659cc008 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/jackson2/InetOrgPersonMixinTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/jackson2/InetOrgPersonMixinTests.java @@ -115,7 +115,7 @@ public class InetOrgPersonMixinTests { @Test public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() { assertThatExceptionOfType(JsonProcessingException.class) - .isThrownBy(() -> new ObjectMapper().readValue(INET_ORG_PERSON_JSON, InetOrgPerson.class)); + .isThrownBy(() -> new ObjectMapper().readValue(INET_ORG_PERSON_JSON, InetOrgPerson.class)); } @Test @@ -129,7 +129,7 @@ public class InetOrgPersonMixinTests { assertThat(authentication.getCarLicense()).isEqualTo(expectedAuthentication.getCarLicense()); assertThat(authentication.getDepartmentNumber()).isEqualTo(expectedAuthentication.getDepartmentNumber()); assertThat(authentication.getDestinationIndicator()) - .isEqualTo(expectedAuthentication.getDestinationIndicator()); + .isEqualTo(expectedAuthentication.getDestinationIndicator()); assertThat(authentication.getDn()).isEqualTo(expectedAuthentication.getDn()); assertThat(authentication.getDescription()).isEqualTo(expectedAuthentication.getDescription()); assertThat(authentication.getDisplayName()).isEqualTo(expectedAuthentication.getDisplayName()); @@ -153,14 +153,14 @@ public class InetOrgPersonMixinTests { assertThat(authentication.getGivenName()).isEqualTo(expectedAuthentication.getGivenName()); assertThat(authentication.getTelephoneNumber()).isEqualTo(expectedAuthentication.getTelephoneNumber()); assertThat(authentication.getGraceLoginsRemaining()) - .isEqualTo(expectedAuthentication.getGraceLoginsRemaining()); + .isEqualTo(expectedAuthentication.getGraceLoginsRemaining()); assertThat(authentication.getTimeBeforeExpiration()) - .isEqualTo(expectedAuthentication.getTimeBeforeExpiration()); + .isEqualTo(expectedAuthentication.getTimeBeforeExpiration()); assertThat(authentication.isAccountNonExpired()).isEqualTo(expectedAuthentication.isAccountNonExpired()); assertThat(authentication.isAccountNonLocked()).isEqualTo(expectedAuthentication.isAccountNonLocked()); assertThat(authentication.isEnabled()).isEqualTo(expectedAuthentication.isEnabled()); assertThat(authentication.isCredentialsNonExpired()) - .isEqualTo(expectedAuthentication.isCredentialsNonExpired()); + .isEqualTo(expectedAuthentication.isCredentialsNonExpired()); } private DirContextAdapter createUserContext() { diff --git a/ldap/src/test/java/org/springframework/security/ldap/jackson2/LdapUserDetailsImplMixinTests.java b/ldap/src/test/java/org/springframework/security/ldap/jackson2/LdapUserDetailsImplMixinTests.java index 755623ba8f..500cea7a31 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/jackson2/LdapUserDetailsImplMixinTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/jackson2/LdapUserDetailsImplMixinTests.java @@ -91,14 +91,14 @@ public class LdapUserDetailsImplMixinTests { @Test public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() { assertThatExceptionOfType(JsonProcessingException.class) - .isThrownBy(() -> new ObjectMapper().readValue(USER_JSON, LdapUserDetailsImpl.class)); + .isThrownBy(() -> new ObjectMapper().readValue(USER_JSON, LdapUserDetailsImpl.class)); } @Test public void deserializeWhenMixinRegisteredThenDeserializes() throws Exception { LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); LdapUserDetailsImpl expectedAuthentication = (LdapUserDetailsImpl) mapper - .mapUserFromContext(createUserContext(), "ghengis", AuthorityUtils.NO_AUTHORITIES); + .mapUserFromContext(createUserContext(), "ghengis", AuthorityUtils.NO_AUTHORITIES); LdapUserDetailsImpl authentication = this.mapper.readValue(USER_JSON, LdapUserDetailsImpl.class); assertThat(authentication.getAuthorities()).containsExactlyElementsOf(expectedAuthentication.getAuthorities()); @@ -106,14 +106,14 @@ public class LdapUserDetailsImplMixinTests { assertThat(authentication.getUsername()).isEqualTo(expectedAuthentication.getUsername()); assertThat(authentication.getPassword()).isEqualTo(expectedAuthentication.getPassword()); assertThat(authentication.getGraceLoginsRemaining()) - .isEqualTo(expectedAuthentication.getGraceLoginsRemaining()); + .isEqualTo(expectedAuthentication.getGraceLoginsRemaining()); assertThat(authentication.getTimeBeforeExpiration()) - .isEqualTo(expectedAuthentication.getTimeBeforeExpiration()); + .isEqualTo(expectedAuthentication.getTimeBeforeExpiration()); assertThat(authentication.isAccountNonExpired()).isEqualTo(expectedAuthentication.isAccountNonExpired()); assertThat(authentication.isAccountNonLocked()).isEqualTo(expectedAuthentication.isAccountNonLocked()); assertThat(authentication.isEnabled()).isEqualTo(expectedAuthentication.isEnabled()); assertThat(authentication.isCredentialsNonExpired()) - .isEqualTo(expectedAuthentication.isCredentialsNonExpired()); + .isEqualTo(expectedAuthentication.isCredentialsNonExpired()); } private DirContextAdapter createUserContext() { diff --git a/ldap/src/test/java/org/springframework/security/ldap/jackson2/PersonMixinTests.java b/ldap/src/test/java/org/springframework/security/ldap/jackson2/PersonMixinTests.java index 018058888e..7a644ca4e9 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/jackson2/PersonMixinTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/jackson2/PersonMixinTests.java @@ -94,7 +94,7 @@ public class PersonMixinTests { @Test public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() { assertThatExceptionOfType(JsonProcessingException.class) - .isThrownBy(() -> new ObjectMapper().readValue(PERSON_JSON, Person.class)); + .isThrownBy(() -> new ObjectMapper().readValue(PERSON_JSON, Person.class)); } @Test @@ -113,14 +113,14 @@ public class PersonMixinTests { assertThat(authentication.getGivenName()).isEqualTo(expectedAuthentication.getGivenName()); assertThat(authentication.getTelephoneNumber()).isEqualTo(expectedAuthentication.getTelephoneNumber()); assertThat(authentication.getGraceLoginsRemaining()) - .isEqualTo(expectedAuthentication.getGraceLoginsRemaining()); + .isEqualTo(expectedAuthentication.getGraceLoginsRemaining()); assertThat(authentication.getTimeBeforeExpiration()) - .isEqualTo(expectedAuthentication.getTimeBeforeExpiration()); + .isEqualTo(expectedAuthentication.getTimeBeforeExpiration()); assertThat(authentication.isAccountNonExpired()).isEqualTo(expectedAuthentication.isAccountNonExpired()); assertThat(authentication.isAccountNonLocked()).isEqualTo(expectedAuthentication.isAccountNonLocked()); assertThat(authentication.isEnabled()).isEqualTo(expectedAuthentication.isEnabled()); assertThat(authentication.isCredentialsNonExpired()) - .isEqualTo(expectedAuthentication.isCredentialsNonExpired()); + .isEqualTo(expectedAuthentication.isCredentialsNonExpired()); } private DirContextAdapter createUserContext() { diff --git a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java index 1be134ce6d..62b18ccfbd 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSourceTests.java @@ -72,7 +72,7 @@ public class PasswordPolicyAwareContextSourceTests { public void standardExceptionIsPropagatedWhenExceptionRaisedAndNoControlsAreSet() throws Exception { willThrow(new NamingException("some LDAP exception")).given(this.ctx).reconnect(any(Control[].class)); assertThatExceptionOfType(UncategorizedLdapException.class) - .isThrownBy(() -> this.ctxSource.getContext("user", "ignored")); + .isThrownBy(() -> this.ctxSource.getContext("user", "ignored")); } @Test @@ -81,7 +81,7 @@ public class PasswordPolicyAwareContextSourceTests { new PasswordPolicyResponseControl(PasswordPolicyResponseControlTests.OPENLDAP_LOCKED_CTRL) }); willThrow(new NamingException("locked message")).given(this.ctx).reconnect(any(Control[].class)); assertThatExceptionOfType(PasswordPolicyException.class) - .isThrownBy(() -> this.ctxSource.getContext("user", "ignored")); + .isThrownBy(() -> this.ctxSource.getContext("user", "ignored")); } } diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java index 9bb5593703..b9d2ffa45e 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java @@ -43,7 +43,7 @@ public class LdapUserDetailsServiceTests { @Test public void rejectsNullSearchObject() { assertThatIllegalArgumentException() - .isThrownBy(() -> new LdapUserDetailsService(null, new NullLdapAuthoritiesPopulator())); + .isThrownBy(() -> new LdapUserDetailsService(null, new NullLdapAuthoritiesPopulator())); } @Test diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java index 6e2cbbb7c1..6887342ed2 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java +++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java @@ -74,7 +74,7 @@ class MessageExpressionConfigAttribute implements ConfigAttribute, EvaluationCon public EvaluationContext postProcess(EvaluationContext ctx, Message message) { if (this.matcher instanceof SimpDestinationMessageMatcher) { Map variables = ((SimpDestinationMessageMatcher) this.matcher) - .extractPathVariables(message); + .extractPathVariables(message); for (Map.Entry entry : variables.entrySet()) { ctx.setVariable(entry.getKey(), entry.getValue()); } diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java b/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java index 09cbddfefc..8cd93d095d 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java +++ b/messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java @@ -88,7 +88,7 @@ import org.springframework.util.StringUtils; public final class AuthenticationPrincipalArgumentResolver implements HandlerMethodArgumentResolver { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private ExpressionParser parser = new SpelExpressionParser(); diff --git a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java index 908014f869..ebe3e318c1 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java +++ b/messaging/src/main/java/org/springframework/security/messaging/context/SecurityContextChannelInterceptor.java @@ -47,7 +47,7 @@ public final class SecurityContextChannelInterceptor extends ChannelInterceptorA private static final ThreadLocal> originalContext = new ThreadLocal<>(); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private SecurityContext empty = this.securityContextHolderStrategy.createEmptyContext(); diff --git a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java index 059b34bddb..194238495b 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java +++ b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptor.java @@ -53,7 +53,7 @@ public final class CsrfChannelInterceptor extends ChannelInterceptorAdapter { throw new MissingCsrfTokenException(null); } String actualTokenValue = SimpMessageHeaderAccessor.wrap(message) - .getFirstNativeHeader(expectedToken.getHeaderName()); + .getFirstNativeHeader(expectedToken.getHeaderName()); boolean csrfCheckPassed = expectedToken.getToken().equals(actualTokenValue); if (!csrfCheckPassed) { throw new InvalidCsrfTokenException(expectedToken, actualTokenValue); diff --git a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/XorCsrfChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/XorCsrfChannelInterceptor.java index 2d7b3d1c8c..d41444d8af 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/web/csrf/XorCsrfChannelInterceptor.java +++ b/messaging/src/main/java/org/springframework/security/messaging/web/csrf/XorCsrfChannelInterceptor.java @@ -55,7 +55,7 @@ public final class XorCsrfChannelInterceptor implements ChannelInterceptor { throw new MissingCsrfTokenException(null); } String actualToken = SimpMessageHeaderAccessor.wrap(message) - .getFirstNativeHeader(expectedToken.getHeaderName()); + .getFirstNativeHeader(expectedToken.getHeaderName()); String actualTokenValue = XorCsrfTokenUtils.getTokenValue(actualToken, expectedToken.getToken()); boolean csrfCheckPassed = equalsConstantTime(expectedToken.getToken(), actualTokenValue); if (!csrfCheckPassed) { diff --git a/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java index 1c917d82ee..d6c653997f 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java +++ b/messaging/src/main/java/org/springframework/security/messaging/web/socket/server/CsrfTokenHandshakeInterceptor.java @@ -45,7 +45,7 @@ public final class CsrfTokenHandshakeInterceptor implements HandshakeInterceptor Map attributes) { HttpServletRequest httpRequest = ((ServletServerHttpRequest) request).getServletRequest(); DeferredCsrfToken deferredCsrfToken = (DeferredCsrfToken) httpRequest - .getAttribute(DeferredCsrfToken.class.getName()); + .getAttribute(DeferredCsrfToken.class.getName()); if (deferredCsrfToken == null) { return true; } diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java index 9e62e6a15d..bd198b8bbf 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java @@ -119,8 +119,9 @@ public class DefaultMessageSecurityExpressionHandlerTests { EvaluationContext context = this.handler.createEvaluationContext(mockAuthenticationSupplier, this.message); verifyNoInteractions(mockAuthenticationSupplier); assertThat(context.getRootObject()).extracting(TypedValue::getValue) - .asInstanceOf(InstanceOfAssertFactories.type(MessageSecurityExpressionRoot.class)) - .extracting(SecurityExpressionRoot::getAuthentication).isEqualTo(this.authentication); + .asInstanceOf(InstanceOfAssertFactories.type(MessageSecurityExpressionRoot.class)) + .extracting(SecurityExpressionRoot::getAuthentication) + .isEqualTo(this.authentication); verify(mockAuthenticationSupplier).get(); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java index 977d2f3606..0232b47893 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java @@ -67,7 +67,7 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests { this.matcherToExpression.put(this.matcher1, this.expression1); this.matcherToExpression.put(this.matcher2, this.expression2); this.source = ExpressionBasedMessageSecurityMetadataSourceFactory - .createExpressionMessageMetadataSource(this.matcherToExpression); + .createExpressionMessageMetadataSource(this.matcherToExpression); this.rootObject = new MessageSecurityExpressionRoot(this.authentication, this.message); } @@ -85,7 +85,7 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests { ConfigAttribute attr = attrs.iterator().next(); assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class); assertThat(((MessageExpressionConfigAttribute) attr).getAuthorizeExpression().getValue(this.rootObject)) - .isEqualTo(true); + .isEqualTo(true); } @Test @@ -96,7 +96,7 @@ public class ExpressionBasedMessageSecurityMetadataSourceFactoryTests { ConfigAttribute attr = attrs.iterator().next(); assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class); assertThat(((MessageExpressionConfigAttribute) attr).getAuthorizeExpression().getValue(this.rootObject)) - .isEqualTo(false); + .isEqualTo(false); } } diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java index 9934ad044f..3e97ae597c 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java @@ -60,7 +60,7 @@ public class MessageExpressionConfigAttributeTests { @Test public void constructorNullMatcher() { assertThatIllegalArgumentException() - .isThrownBy(() -> new MessageExpressionConfigAttribute(this.expression, null)); + .isThrownBy(() -> new MessageExpressionConfigAttribute(this.expression, null)); } @Test diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java index f7c7ea14ea..9e563e8254 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java @@ -71,7 +71,7 @@ public class MessageExpressionVoterTests { @BeforeEach public void setup() { this.attributes = Arrays - .asList(new MessageExpressionConfigAttribute(this.expression, this.matcher)); + .asList(new MessageExpressionConfigAttribute(this.expression, this.matcher)); this.voter = new MessageExpressionVoter(); } @@ -79,21 +79,21 @@ public class MessageExpressionVoterTests { public void voteGranted() { given(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).willReturn(true); assertThat(this.voter.vote(this.authentication, this.message, this.attributes)) - .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); + .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); } @Test public void voteDenied() { given(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).willReturn(false); assertThat(this.voter.vote(this.authentication, this.message, this.attributes)) - .isEqualTo(AccessDecisionVoter.ACCESS_DENIED); + .isEqualTo(AccessDecisionVoter.ACCESS_DENIED); } @Test public void voteAbstain() { this.attributes = Arrays.asList(new SecurityConfig("ROLE_USER")); assertThat(this.voter.vote(this.authentication, this.message, this.attributes)) - .isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN); + .isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN); } @Test @@ -125,10 +125,10 @@ public class MessageExpressionVoterTests { public void customExpressionHandler() { this.voter.setExpressionHandler(this.expressionHandler); given(this.expressionHandler.createEvaluationContext(this.authentication, this.message)) - .willReturn(this.evaluationContext); + .willReturn(this.evaluationContext); given(this.expression.getValue(this.evaluationContext, Boolean.class)).willReturn(true); assertThat(this.voter.vote(this.authentication, this.message, this.attributes)) - .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); + .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); verify(this.expressionHandler).createEvaluationContext(this.authentication, this.message); } @@ -137,13 +137,13 @@ public class MessageExpressionVoterTests { final MessageExpressionConfigAttribute configAttribute = mock(MessageExpressionConfigAttribute.class); this.voter.setExpressionHandler(this.expressionHandler); given(this.expressionHandler.createEvaluationContext(this.authentication, this.message)) - .willReturn(this.evaluationContext); + .willReturn(this.evaluationContext); given(configAttribute.getAuthorizeExpression()).willReturn(this.expression); this.attributes = Arrays.asList(configAttribute); given(configAttribute.postProcess(this.evaluationContext, this.message)).willReturn(this.evaluationContext); given(this.expression.getValue(any(EvaluationContext.class), eq(Boolean.class))).willReturn(true); assertThat(this.voter.vote(this.authentication, this.message, this.attributes)) - .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); + .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); verify(configAttribute).postProcess(this.evaluationContext, this.message); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptorTests.java index 60528995c9..fc354ed212 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptorTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptorTests.java @@ -89,13 +89,13 @@ public class AuthorizationChannelInterceptorTests { public void preSendWhenDenyThenException() { given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false)); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.interceptor.preSend(this.message, this.channel)); + .isThrownBy(() -> this.interceptor.preSend(this.message, this.channel)); } @Test public void setEventPublisherWhenNullThenException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> this.interceptor.setAuthorizationEventPublisher(null)); + .isThrownBy(() -> this.interceptor.setAuthorizationEventPublisher(null)); } @Test diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java index 5d865cf696..0b80678e26 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java @@ -118,10 +118,10 @@ public class ChannelSecurityInterceptorTests { @Test public void preSendDeny() { given(this.source.getAttributes(this.message)).willReturn(this.attrs); - willThrow(new AccessDeniedException("")).given(this.accessDecisionManager).decide(any(Authentication.class), - eq(this.message), eq(this.attrs)); + willThrow(new AccessDeniedException("")).given(this.accessDecisionManager) + .decide(any(Authentication.class), eq(this.message), eq(this.attrs)); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> this.interceptor.preSend(this.message, this.channel)); + .isThrownBy(() -> this.interceptor.preSend(this.message, this.channel)); } @SuppressWarnings("unchecked") @@ -129,7 +129,7 @@ public class ChannelSecurityInterceptorTests { public void preSendPostSendRunAs() { given(this.source.getAttributes(this.message)).willReturn(this.attrs); given(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class))) - .willReturn(this.runAs); + .willReturn(this.runAs); Message preSend = this.interceptor.preSend(this.message, this.channel); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.runAs); this.interceptor.postSend(preSend, this.channel, true); @@ -146,7 +146,7 @@ public class ChannelSecurityInterceptorTests { public void preSendFinallySendRunAs() { given(this.source.getAttributes(this.message)).willReturn(this.attrs); given(this.runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class))) - .willReturn(this.runAs); + .willReturn(this.runAs); Message preSend = this.interceptor.preSend(this.message, this.channel); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.runAs); this.interceptor.afterSendCompletion(preSend, this.channel, true, new RuntimeException()); diff --git a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java index 2824a6b981..acd41aba8e 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java @@ -100,14 +100,14 @@ public class AuthenticationPrincipalArgumentResolverTests { public void resolveArgumentUserDetails() throws Exception { setAuthenticationPrincipal(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"))); assertThat(this.resolver.resolveArgument(showUserAnnotationUserDetails(), null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } @Test public void resolveArgumentCustomUserPrincipal() throws Exception { setAuthenticationPrincipal(new CustomUserPrincipal()); assertThat(this.resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } @Test @@ -151,14 +151,14 @@ public class AuthenticationPrincipalArgumentResolverTests { public void resolveArgumentErrorOnInvalidType() throws Exception { setAuthenticationPrincipal(new CustomUserPrincipal()); assertThatExceptionOfType(ClassCastException.class) - .isThrownBy(() -> this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null)); + .isThrownBy(() -> this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null)); } @Test public void resolveArgumentCustomserErrorOnInvalidType() throws Exception { setAuthenticationPrincipal(new CustomUserPrincipal()); - assertThatExceptionOfType(ClassCastException.class).isThrownBy( - () -> this.resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null)); + assertThatExceptionOfType(ClassCastException.class) + .isThrownBy(() -> this.resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null)); } @Test @@ -219,7 +219,7 @@ public class AuthenticationPrincipalArgumentResolverTests { private void setAuthenticationPrincipal(Object principal) { this.expectedPrincipal = principal; SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER")); } @Target({ ElementType.PARAMETER }) diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java index f7e259aeed..dbeaf95a62 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java +++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/ResolvableMethod.java @@ -214,8 +214,9 @@ public final class ResolvableMethod { } private String formatMethod() { - return (method().getName() + Arrays.stream(this.method.getParameters()).map(this::formatParameter) - .collect(Collectors.joining(",\n\t", "(\n\t", "\n)"))); + return (method().getName() + Arrays.stream(this.method.getParameters()) + .map(this::formatParameter) + .collect(Collectors.joining(",\n\t", "(\n\t", "\n)"))); } private String formatParameter(Parameter param) { @@ -350,7 +351,7 @@ public final class ResolvableMethod { public final Builder annotPresent(Class... annotationTypes) { String message = "annotationPresent=" + Arrays.toString(annotationTypes); addFilter(message, (candidate) -> Arrays.stream(annotationTypes) - .allMatch((annotType) -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null)); + .allMatch((annotType) -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null)); return this; } @@ -362,8 +363,9 @@ public final class ResolvableMethod { String message = "annotationNotPresent=" + Arrays.toString(annotationTypes); addFilter(message, (candidate) -> { if (annotationTypes.length != 0) { - return Arrays.stream(annotationTypes).noneMatch( - (annotType) -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null); + return Arrays.stream(annotationTypes) + .noneMatch(( + annotType) -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null); } else { return candidate.getAnnotations().length == 0; @@ -422,8 +424,9 @@ public final class ResolvableMethod { } private String formatMethods(Set methods) { - return "\nMatched:\n" + methods.stream().map(Method::toGenericString) - .collect(Collectors.joining(",\n\t", "[\n\t", "\n]")); + return "\nMatched:\n" + methods.stream() + .map(Method::toGenericString) + .collect(Collectors.joining(",\n\t", "[\n\t", "\n]")); } public ResolvableMethod mockCall(Consumer invoker) { @@ -497,8 +500,9 @@ public final class ResolvableMethod { } private String formatFilters() { - return this.filters.stream().map(Object::toString) - .collect(Collectors.joining(",\n\t\t", "[\n\t\t", "\n\t]")); + return this.filters.stream() + .map(Object::toString) + .collect(Collectors.joining(",\n\t\t", "[\n\t\t", "\n\t]")); } } diff --git a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolverTests.java b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolverTests.java index fdcfb2e2ac..193232e801 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolverTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/handler/invocation/reactive/CurrentSecurityContextArgumentResolverTests.java @@ -49,7 +49,7 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void resolveArgumentWhenAuthenticationPrincipalAndEmptyContextThenNull() { Object result = this.resolver.resolveArgument(arg0("currentSecurityContextOnMonoSecurityContext"), null) - .block(); + .block(); assertThat(result).isNull(); } @@ -57,8 +57,9 @@ public class CurrentSecurityContextArgumentResolverTests { public void resolveArgumentWhenAuthenticationPrincipalThenFound() { Authentication authentication = TestAuthentication.authenticatedUser(); Mono result = (Mono) this.resolver - .resolveArgument(arg0("currentSecurityContextOnMonoSecurityContext"), null) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block(); + .resolveArgument(arg0("currentSecurityContextOnMonoSecurityContext"), null) + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) + .block(); assertThat(result.block().getAuthentication()).isEqualTo(authentication); } @@ -75,8 +76,9 @@ public class CurrentSecurityContextArgumentResolverTests { public void resolveArgumentWhenMonoAndAuthenticationPrincipalThenFound() { Authentication authentication = TestAuthentication.authenticatedUser(); Mono result = (Mono) this.resolver - .resolveArgument(arg0("currentUserOnMonoUserDetails"), null) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block(); + .resolveArgument(arg0("currentUserOnMonoUserDetails"), null) + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) + .block(); assertThat(result.block()).isEqualTo(authentication.getPrincipal()); } @@ -88,8 +90,9 @@ public class CurrentSecurityContextArgumentResolverTests { public void resolveArgumentWhenExpressionThenFound() { Authentication authentication = TestAuthentication.authenticatedUser(); Mono result = (Mono) this.resolver - .resolveArgument(arg0("authenticationPrincipalExpression"), null) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)).block(); + .resolveArgument(arg0("authenticationPrincipalExpression"), null) + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) + .block(); assertThat(result.block()).isEqualTo(authentication.getName()); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java index 5d93374087..43cbf2a60e 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTests.java @@ -65,13 +65,13 @@ public class AndMessageMatcherTests { @Test public void constructorNullList() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AndMessageMatcher<>((List>) null)); + .isThrownBy(() -> new AndMessageMatcher<>((List>) null)); } @Test public void constructorListContainsNull() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AndMessageMatcher<>(Arrays.asList((MessageMatcher) null))); + .isThrownBy(() -> new AndMessageMatcher<>(Arrays.asList((MessageMatcher) null))); } @Test diff --git a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java index 7ee7f0227d..230da8bb97 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTests.java @@ -65,13 +65,13 @@ public class OrMessageMatcherTests { @Test public void constructorNullList() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OrMessageMatcher<>((List>) null)); + .isThrownBy(() -> new OrMessageMatcher<>((List>) null)); } @Test public void constructorListContainsNull() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OrMessageMatcher<>(Arrays.asList((MessageMatcher) null))); + .isThrownBy(() -> new OrMessageMatcher<>(Arrays.asList((MessageMatcher) null))); } @Test diff --git a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java index fd0bb6baf5..2ff014dc9b 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/web/csrf/CsrfChannelInterceptorTests.java @@ -116,28 +116,28 @@ public class CsrfChannelInterceptorTests { public void preSendNoToken() { this.messageHeaders.removeNativeHeader(this.token.getHeaderName()); assertThatExceptionOfType(InvalidCsrfTokenException.class) - .isThrownBy(() -> this.interceptor.preSend(message(), this.channel)); + .isThrownBy(() -> this.interceptor.preSend(message(), this.channel)); } @Test public void preSendInvalidToken() { this.messageHeaders.setNativeHeader(this.token.getHeaderName(), this.token.getToken() + "invalid"); assertThatExceptionOfType(InvalidCsrfTokenException.class) - .isThrownBy(() -> this.interceptor.preSend(message(), this.channel)); + .isThrownBy(() -> this.interceptor.preSend(message(), this.channel)); } @Test public void preSendMissingToken() { this.messageHeaders.getSessionAttributes().clear(); assertThatExceptionOfType(MissingCsrfTokenException.class) - .isThrownBy(() -> this.interceptor.preSend(message(), this.channel)); + .isThrownBy(() -> this.interceptor.preSend(message(), this.channel)); } @Test public void preSendMissingTokenNullSessionAttributes() { this.messageHeaders.setSessionAttributes(null); assertThatExceptionOfType(MissingCsrfTokenException.class) - .isThrownBy(() -> this.interceptor.preSend(message(), this.channel)); + .isThrownBy(() -> this.interceptor.preSend(message(), this.channel)); } private Message message() { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java index 4c55ac444d..8d730142c7 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManager.java @@ -75,7 +75,9 @@ import org.springframework.util.StringUtils; public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implements OAuth2AuthorizedClientManager { private static final OAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER = OAuth2AuthorizedClientProviderBuilder - .builder().clientCredentials().build(); + .builder() + .clientCredentials() + .build(); private final ClientRegistrationRepository clientRegistrationRepository; @@ -105,10 +107,10 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen this.authorizedClientProvider = DEFAULT_AUTHORIZED_CLIENT_PROVIDER; this.contextAttributesMapper = new DefaultContextAttributesMapper(); this.authorizationSuccessHandler = (authorizedClient, principal, attributes) -> authorizedClientService - .saveAuthorizedClient(authorizedClient, principal); + .saveAuthorizedClient(authorizedClient, principal); this.authorizationFailureHandler = new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler( (clientRegistrationId, principal, attributes) -> authorizedClientService - .removeAuthorizedClient(clientRegistrationId, principal.getName())); + .removeAuthorizedClient(clientRegistrationId, principal.getName())); } @Nullable @@ -124,7 +126,7 @@ public final class AuthorizedClientServiceOAuth2AuthorizedClientManager implemen } else { ClientRegistration clientRegistration = this.clientRegistrationRepository - .findByRegistrationId(clientRegistrationId); + .findByRegistrationId(clientRegistrationId); Assert.notNull(clientRegistration, "Could not find ClientRegistration with id '" + clientRegistrationId + "'"); authorizedClient = this.authorizedClientService.loadAuthorizedClient(clientRegistrationId, diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java index 2724d5b5e7..1c6f49beb0 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java @@ -83,7 +83,9 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager implements ReactiveOAuth2AuthorizedClientManager { private static final ReactiveOAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER = ReactiveOAuth2AuthorizedClientProviderBuilder - .builder().clientCredentials().build(); + .builder() + .clientCredentials() + .build(); private final ReactiveClientRegistrationRepository clientRegistrationRepository; @@ -111,41 +113,41 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager this.clientRegistrationRepository = clientRegistrationRepository; this.authorizedClientService = authorizedClientService; this.authorizationSuccessHandler = (authorizedClient, principal, attributes) -> authorizedClientService - .saveAuthorizedClient(authorizedClient, principal); + .saveAuthorizedClient(authorizedClient, principal); this.authorizationFailureHandler = new RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler( (clientRegistrationId, principal, attributes) -> this.authorizedClientService - .removeAuthorizedClient(clientRegistrationId, principal.getName())); + .removeAuthorizedClient(clientRegistrationId, principal.getName())); } @Override public Mono authorize(OAuth2AuthorizeRequest authorizeRequest) { Assert.notNull(authorizeRequest, "authorizeRequest cannot be null"); return createAuthorizationContext(authorizeRequest) - .flatMap((authorizationContext) -> authorize(authorizationContext, authorizeRequest.getPrincipal())); + .flatMap((authorizationContext) -> authorize(authorizationContext, authorizeRequest.getPrincipal())); } private Mono createAuthorizationContext(OAuth2AuthorizeRequest authorizeRequest) { String clientRegistrationId = authorizeRequest.getClientRegistrationId(); Authentication principal = authorizeRequest.getPrincipal(); return Mono.justOrEmpty(authorizeRequest.getAuthorizedClient()) - .map(OAuth2AuthorizationContext::withAuthorizedClient) - .switchIfEmpty(Mono.defer(() -> this.clientRegistrationRepository - .findByRegistrationId(clientRegistrationId) - .flatMap((clientRegistration) -> this.authorizedClientService - .loadAuthorizedClient(clientRegistrationId, principal.getName()) - .map(OAuth2AuthorizationContext::withAuthorizedClient) - .switchIfEmpty(Mono.fromSupplier( - () -> OAuth2AuthorizationContext.withClientRegistration(clientRegistration)))) - .switchIfEmpty(Mono.error(() -> new IllegalArgumentException( - "Could not find ClientRegistration with id '" + clientRegistrationId + "'"))))) - .flatMap((contextBuilder) -> this.contextAttributesMapper.apply(authorizeRequest) - .defaultIfEmpty(Collections.emptyMap()).map((contextAttributes) -> { - OAuth2AuthorizationContext.Builder builder = contextBuilder.principal(principal); - if (!contextAttributes.isEmpty()) { - builder = builder.attributes((attributes) -> attributes.putAll(contextAttributes)); - } - return builder.build(); - })); + .map(OAuth2AuthorizationContext::withAuthorizedClient) + .switchIfEmpty(Mono.defer(() -> this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId) + .flatMap((clientRegistration) -> this.authorizedClientService + .loadAuthorizedClient(clientRegistrationId, principal.getName()) + .map(OAuth2AuthorizationContext::withAuthorizedClient) + .switchIfEmpty(Mono + .fromSupplier(() -> OAuth2AuthorizationContext.withClientRegistration(clientRegistration)))) + .switchIfEmpty(Mono.error(() -> new IllegalArgumentException( + "Could not find ClientRegistration with id '" + clientRegistrationId + "'"))))) + .flatMap((contextBuilder) -> this.contextAttributesMapper.apply(authorizeRequest) + .defaultIfEmpty(Collections.emptyMap()) + .map((contextAttributes) -> { + OAuth2AuthorizationContext.Builder builder = contextBuilder.principal(principal); + if (!contextAttributes.isEmpty()) { + builder = builder.attributes((attributes) -> attributes.putAll(contextAttributes)); + } + return builder.build(); + })); } /** @@ -162,17 +164,17 @@ public final class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager private Mono authorize(OAuth2AuthorizationContext authorizationContext, Authentication principal) { return this.authorizedClientProvider.authorize(authorizationContext) - // Delegate to the authorizationSuccessHandler of the successful - // authorization - .flatMap((authorizedClient) -> this.authorizationSuccessHandler - .onAuthorizationSuccess(authorizedClient, principal, Collections.emptyMap()) - .thenReturn(authorizedClient)) - // Delegate to the authorizationFailureHandler of the failed authorization - .onErrorResume(OAuth2AuthorizationException.class, - (authorizationException) -> this.authorizationFailureHandler - .onAuthorizationFailure(authorizationException, principal, Collections.emptyMap()) - .then(Mono.error(authorizationException))) - .switchIfEmpty(Mono.defer(() -> Mono.justOrEmpty(authorizationContext.getAuthorizedClient()))); + // Delegate to the authorizationSuccessHandler of the successful + // authorization + .flatMap((authorizedClient) -> this.authorizationSuccessHandler + .onAuthorizationSuccess(authorizedClient, principal, Collections.emptyMap()) + .thenReturn(authorizedClient)) + // Delegate to the authorizationFailureHandler of the failed authorization + .onErrorResume(OAuth2AuthorizationException.class, + (authorizationException) -> this.authorizationFailureHandler + .onAuthorizationFailure(authorizationException, principal, Collections.emptyMap()) + .then(Mono.error(authorizationException))) + .switchIfEmpty(Mono.defer(() -> Mono.justOrEmpty(authorizationContext.getAuthorizedClient()))); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java index 4646dc1370..8a9de7def9 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProvider.java @@ -81,12 +81,11 @@ public final class ClientCredentialsReactiveOAuth2AuthorizedClientProvider // Therefore, renewing an expired access token (re-authorization) // is the same as acquiring a new access token (authorization). return Mono.just(new OAuth2ClientCredentialsGrantRequest(clientRegistration)) - .flatMap(this.accessTokenResponseClient::getTokenResponse) - .onErrorMap(OAuth2AuthorizationException.class, - (ex) -> new ClientAuthorizationException(ex.getError(), clientRegistration.getRegistrationId(), - ex)) - .map((tokenResponse) -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(), - tokenResponse.getAccessToken())); + .flatMap(this.accessTokenResponseClient::getTokenResponse) + .onErrorMap(OAuth2AuthorizationException.class, + (ex) -> new ClientAuthorizationException(ex.getError(), clientRegistration.getRegistrationId(), ex)) + .map((tokenResponse) -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(), + tokenResponse.getAccessToken())); } private boolean hasTokenExpired(OAuth2Token token) { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java index af24c53289..38db964819 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProvider.java @@ -73,7 +73,8 @@ public final class DelegatingReactiveOAuth2AuthorizedClientProvider implements R public Mono authorize(OAuth2AuthorizationContext context) { Assert.notNull(context, "context cannot be null"); return Flux.fromIterable(this.authorizedClientProviders) - .concatMap((authorizedClientProvider) -> authorizedClientProvider.authorize(context)).next(); + .concatMap((authorizedClientProvider) -> authorizedClientProvider.authorize(context)) + .next(); } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java index c4058489b9..3cf977d477 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientService.java @@ -62,8 +62,8 @@ public final class InMemoryReactiveOAuth2AuthorizedClientService implements Reac Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty"); Assert.hasText(principalName, "principalName cannot be empty"); return (Mono) this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId) - .map((clientRegistration) -> new OAuth2AuthorizedClientId(clientRegistrationId, principalName)) - .flatMap((identifier) -> Mono.justOrEmpty(this.authorizedClients.get(identifier))); + .map((clientRegistration) -> new OAuth2AuthorizedClientId(clientRegistrationId, principalName)) + .flatMap((identifier) -> Mono.justOrEmpty(this.authorizedClients.get(identifier))); } @Override diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java index 09413839b8..f5847c1ad2 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.java @@ -166,8 +166,8 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient public void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) { Assert.notNull(authorizedClient, "authorizedClient cannot be null"); Assert.notNull(principal, "principal cannot be null"); - boolean existsAuthorizedClient = null != this.loadAuthorizedClient( - authorizedClient.getClientRegistration().getRegistrationId(), principal.getName()); + boolean existsAuthorizedClient = null != this + .loadAuthorizedClient(authorizedClient.getClientRegistration().getRegistrationId(), principal.getName()); if (existsAuthorizedClient) { updateAuthorizedClient(authorizedClient, principal); } @@ -183,7 +183,7 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient private void updateAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) { List parameters = this.authorizedClientParametersMapper - .apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal)); + .apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal)); SqlParameterValue clientRegistrationIdParameter = parameters.remove(0); SqlParameterValue principalNameParameter = parameters.remove(0); parameters.add(clientRegistrationIdParameter); @@ -197,7 +197,7 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient private void insertAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) { List parameters = this.authorizedClientParametersMapper - .apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal)); + .apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal)); try (LobCreator lobCreator = this.lobHandler.getLobCreator()) { PreparedStatementSetter pss = new LobCreatorArgumentPreparedStatementSetter(lobCreator, parameters.toArray()); @@ -265,7 +265,7 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient public OAuth2AuthorizedClient mapRow(ResultSet rs, int rowNum) throws SQLException { String clientRegistrationId = rs.getString("client_registration_id"); ClientRegistration clientRegistration = this.clientRegistrationRepository - .findByRegistrationId(clientRegistrationId); + .findByRegistrationId(clientRegistrationId); if (clientRegistration == null) { throw new DataRetrievalFailureException( "The ClientRegistration with id '" + clientRegistrationId + "' exists in the data source, " @@ -320,8 +320,8 @@ public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClient parameters.add(new SqlParameterValue(Types.VARCHAR, clientRegistration.getRegistrationId())); parameters.add(new SqlParameterValue(Types.VARCHAR, principal.getName())); parameters.add(new SqlParameterValue(Types.VARCHAR, accessToken.getTokenType().getValue())); - parameters.add( - new SqlParameterValue(Types.BLOB, accessToken.getTokenValue().getBytes(StandardCharsets.UTF_8))); + parameters + .add(new SqlParameterValue(Types.BLOB, accessToken.getTokenValue().getBytes(StandardCharsets.UTF_8))); parameters.add(new SqlParameterValue(Types.TIMESTAMP, Timestamp.from(accessToken.getIssuedAt()))); parameters.add(new SqlParameterValue(Types.TIMESTAMP, Timestamp.from(accessToken.getExpiresAt()))); String accessTokenScopes = null; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java index a74a319d69..35a670f995 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContext.java @@ -46,7 +46,7 @@ public final class OAuth2AuthorizationContext { * client}. */ public static final String REQUEST_SCOPE_ATTRIBUTE_NAME = OAuth2AuthorizationContext.class.getName() - .concat(".REQUEST_SCOPE"); + .concat(".REQUEST_SCOPE"); /** * The name of the {@link #getAttribute(String) attribute} in the context associated diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java index 58a4ad3531..e53af19c38 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequest.java @@ -220,7 +220,7 @@ public final class OAuth2AuthorizeRequest { OAuth2AuthorizeRequest authorizeRequest = new OAuth2AuthorizeRequest(); if (this.authorizedClient != null) { authorizeRequest.clientRegistrationId = this.authorizedClient.getClientRegistration() - .getRegistrationId(); + .getRegistrationId(); authorizeRequest.authorizedClient = this.authorizedClient; } else { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java index ff504b311d..c0c8bee93e 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java @@ -104,8 +104,8 @@ public final class OAuth2AuthorizedClientProviderBuilder { * @return the {@link OAuth2AuthorizedClientProviderBuilder} */ public OAuth2AuthorizedClientProviderBuilder refreshToken(Consumer builderConsumer) { - RefreshTokenGrantBuilder builder = (RefreshTokenGrantBuilder) this.builders.computeIfAbsent( - RefreshTokenOAuth2AuthorizedClientProvider.class, (k) -> new RefreshTokenGrantBuilder()); + RefreshTokenGrantBuilder builder = (RefreshTokenGrantBuilder) this.builders + .computeIfAbsent(RefreshTokenOAuth2AuthorizedClientProvider.class, (k) -> new RefreshTokenGrantBuilder()); builderConsumer.accept(builder); return OAuth2AuthorizedClientProviderBuilder.this; } @@ -163,7 +163,7 @@ public final class OAuth2AuthorizedClientProviderBuilder { @Deprecated public OAuth2AuthorizedClientProviderBuilder password(Consumer builderConsumer) { PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders - .computeIfAbsent(PasswordOAuth2AuthorizedClientProvider.class, (k) -> new PasswordGrantBuilder()); + .computeIfAbsent(PasswordOAuth2AuthorizedClientProvider.class, (k) -> new PasswordGrantBuilder()); builderConsumer.accept(builder); return OAuth2AuthorizedClientProviderBuilder.this; } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java index 20941a6b17..f83b9b338d 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProvider.java @@ -107,12 +107,12 @@ public final class PasswordReactiveOAuth2AuthorizedClientProvider implements Rea } OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, username, password); - return Mono.just(passwordGrantRequest).flatMap(this.accessTokenResponseClient::getTokenResponse) - .onErrorMap(OAuth2AuthorizationException.class, - (e) -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(), - e)) - .map((tokenResponse) -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(), - tokenResponse.getAccessToken(), tokenResponse.getRefreshToken())); + return Mono.just(passwordGrantRequest) + .flatMap(this.accessTokenResponseClient::getTokenResponse) + .onErrorMap(OAuth2AuthorizationException.class, + (e) -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(), e)) + .map((tokenResponse) -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(), + tokenResponse.getAccessToken(), tokenResponse.getRefreshToken())); } private boolean hasTokenExpired(OAuth2Token token) { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/R2dbcReactiveOAuth2AuthorizedClientService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/R2dbcReactiveOAuth2AuthorizedClientService.java index a4b3f8bbeb..344dcc7bd6 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/R2dbcReactiveOAuth2AuthorizedClientService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/R2dbcReactiveOAuth2AuthorizedClientService.java @@ -140,17 +140,19 @@ public class R2dbcReactiveOAuth2AuthorizedClientService implements ReactiveOAuth Assert.hasText(principalName, "principalName cannot be empty"); return (Mono) this.databaseClient.sql(LOAD_AUTHORIZED_CLIENT_SQL) - .bind("clientRegistrationId", clientRegistrationId).bind("principalName", principalName) - .map(this.authorizedClientRowMapper).first().flatMap(this::getAuthorizedClient); + .bind("clientRegistrationId", clientRegistrationId) + .bind("principalName", principalName) + .map(this.authorizedClientRowMapper) + .first() + .flatMap(this::getAuthorizedClient); } private Mono getAuthorizedClient(OAuth2AuthorizedClientHolder authorizedClientHolder) { return this.clientRegistrationRepository.findByRegistrationId(authorizedClientHolder.getClientRegistrationId()) - .switchIfEmpty( - Mono.error(dataRetrievalFailureException(authorizedClientHolder.getClientRegistrationId()))) - .map((clientRegistration) -> new OAuth2AuthorizedClient(clientRegistration, - authorizedClientHolder.getPrincipalName(), authorizedClientHolder.getAccessToken(), - authorizedClientHolder.getRefreshToken())); + .switchIfEmpty(Mono.error(dataRetrievalFailureException(authorizedClientHolder.getClientRegistrationId()))) + .map((clientRegistration) -> new OAuth2AuthorizedClient(clientRegistration, + authorizedClientHolder.getPrincipalName(), authorizedClientHolder.getAccessToken(), + authorizedClientHolder.getRefreshToken())); } private static Throwable dataRetrievalFailureException(String clientRegistrationId) { @@ -163,15 +165,17 @@ public class R2dbcReactiveOAuth2AuthorizedClientService implements ReactiveOAuth Assert.notNull(authorizedClient, "authorizedClient cannot be null"); Assert.notNull(principal, "principal cannot be null"); return this - .loadAuthorizedClient(authorizedClient.getClientRegistration().getRegistrationId(), principal.getName()) - .flatMap((dbAuthorizedClient) -> updateAuthorizedClient(authorizedClient, principal)) - .switchIfEmpty(Mono.defer(() -> insertAuthorizedClient(authorizedClient, principal))).then(); + .loadAuthorizedClient(authorizedClient.getClientRegistration().getRegistrationId(), principal.getName()) + .flatMap((dbAuthorizedClient) -> updateAuthorizedClient(authorizedClient, principal)) + .switchIfEmpty(Mono.defer(() -> insertAuthorizedClient(authorizedClient, principal))) + .then(); } private Mono updateAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) { GenericExecuteSpec executeSpec = this.databaseClient.sql(UPDATE_AUTHORIZED_CLIENT_SQL); for (Entry entry : this.authorizedClientParametersMapper - .apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal)).entrySet()) { + .apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal)) + .entrySet()) { executeSpec = executeSpec.bind(entry.getKey(), entry.getValue()); } return executeSpec.fetch().rowsUpdated(); @@ -180,7 +184,8 @@ public class R2dbcReactiveOAuth2AuthorizedClientService implements ReactiveOAuth private Mono insertAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) { GenericExecuteSpec executeSpec = this.databaseClient.sql(SAVE_AUTHORIZED_CLIENT_SQL); for (Entry entry : this.authorizedClientParametersMapper - .apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal)).entrySet()) { + .apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal)) + .entrySet()) { executeSpec = executeSpec.bind(entry.getKey(), entry.getValue()); } return executeSpec.fetch().rowsUpdated(); @@ -190,8 +195,10 @@ public class R2dbcReactiveOAuth2AuthorizedClientService implements ReactiveOAuth public Mono removeAuthorizedClient(String clientRegistrationId, String principalName) { Assert.hasText(clientRegistrationId, "clientRegistrationId cannot be empty"); Assert.hasText(principalName, "principalName cannot be empty"); - return this.databaseClient.sql(REMOVE_AUTHORIZED_CLIENT_SQL).bind("clientRegistrationId", clientRegistrationId) - .bind("principalName", principalName).then(); + return this.databaseClient.sql(REMOVE_AUTHORIZED_CLIENT_SQL) + .bind("clientRegistrationId", clientRegistrationId) + .bind("principalName", principalName) + .then(); } /** @@ -310,10 +317,10 @@ public class R2dbcReactiveOAuth2AuthorizedClientService implements ReactiveOAuth Parameter.fromOrEmpty(accessToken.getTokenType().getValue(), String.class)); parameters.put("accessTokenValue", Parameter.fromOrEmpty( ByteBuffer.wrap(accessToken.getTokenValue().getBytes(StandardCharsets.UTF_8)), ByteBuffer.class)); - parameters.put("accessTokenIssuedAt", Parameter.fromOrEmpty( - LocalDateTime.ofInstant(accessToken.getIssuedAt(), ZoneOffset.UTC), LocalDateTime.class)); - parameters.put("accessTokenExpiresAt", Parameter.fromOrEmpty( - LocalDateTime.ofInstant(accessToken.getExpiresAt(), ZoneOffset.UTC), LocalDateTime.class)); + parameters.put("accessTokenIssuedAt", Parameter + .fromOrEmpty(LocalDateTime.ofInstant(accessToken.getIssuedAt(), ZoneOffset.UTC), LocalDateTime.class)); + parameters.put("accessTokenExpiresAt", Parameter + .fromOrEmpty(LocalDateTime.ofInstant(accessToken.getExpiresAt(), ZoneOffset.UTC), LocalDateTime.class)); String accessTokenScopes = null; if (!CollectionUtils.isEmpty(accessToken.getScopes())) { accessTokenScopes = StringUtils.collectionToDelimitedString(accessToken.getScopes(), ","); @@ -350,7 +357,7 @@ public class R2dbcReactiveOAuth2AuthorizedClientService implements ReactiveOAuth String dbClientRegistrationId = row.get("client_registration_id", String.class); OAuth2AccessToken.TokenType tokenType = null; if (OAuth2AccessToken.TokenType.BEARER.getValue() - .equalsIgnoreCase(row.get("access_token_type", String.class))) { + .equalsIgnoreCase(row.get("access_token_type", String.class))) { tokenType = OAuth2AccessToken.TokenType.BEARER; } String tokenValue = new String(row.get("access_token_value", ByteBuffer.class).array(), diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java index 0e8214bcf1..3ad1d8bba9 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java @@ -165,8 +165,8 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder { */ @Deprecated public ReactiveOAuth2AuthorizedClientProviderBuilder password(Consumer builderConsumer) { - PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders.computeIfAbsent( - PasswordReactiveOAuth2AuthorizedClientProvider.class, (k) -> new PasswordGrantBuilder()); + PasswordGrantBuilder builder = (PasswordGrantBuilder) this.builders + .computeIfAbsent(PasswordReactiveOAuth2AuthorizedClientProvider.class, (k) -> new PasswordGrantBuilder()); builderConsumer.accept(builder); return ReactiveOAuth2AuthorizedClientProviderBuilder.this; } @@ -177,8 +177,10 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder { * @return the {@link DelegatingReactiveOAuth2AuthorizedClientProvider} */ public ReactiveOAuth2AuthorizedClientProvider build() { - List authorizedClientProviders = this.builders.values().stream() - .map(Builder::build).collect(Collectors.toList()); + List authorizedClientProviders = this.builders.values() + .stream() + .map(Builder::build) + .collect(Collectors.toList()); return new DelegatingReactiveOAuth2AuthorizedClientProvider(authorizedClientProviders); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java index 1e9587de35..523fe303bb 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java @@ -92,12 +92,12 @@ public final class RefreshTokenReactiveOAuth2AuthorizedClientProvider ClientRegistration clientRegistration = context.getClientRegistration(); OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration, authorizedClient.getAccessToken(), authorizedClient.getRefreshToken(), scopes); - return Mono.just(refreshTokenGrantRequest).flatMap(this.accessTokenResponseClient::getTokenResponse) - .onErrorMap(OAuth2AuthorizationException.class, - (e) -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(), - e)) - .map((tokenResponse) -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(), - tokenResponse.getAccessToken(), tokenResponse.getRefreshToken())); + return Mono.just(refreshTokenGrantRequest) + .flatMap(this.accessTokenResponseClient::getTokenResponse) + .onErrorMap(OAuth2AuthorizationException.class, + (e) -> new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(), e)) + .map((tokenResponse) -> new OAuth2AuthorizedClient(clientRegistration, context.getPrincipal().getName(), + tokenResponse.getAccessToken(), tokenResponse.getRefreshToken())); } private boolean hasTokenExpired(OAuth2Token token) { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java index 3701e8457c..ab0b1d9edb 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.java @@ -103,7 +103,7 @@ public class RemoveAuthorizedClientOAuth2AuthorizationFailureHandler implements Assert.notNull(authorizedClientRemover, "authorizedClientRemover cannot be null"); Assert.notNull(removeAuthorizedClientErrorCodes, "removeAuthorizedClientErrorCodes cannot be null"); this.removeAuthorizedClientErrorCodes = Collections - .unmodifiableSet(new HashSet<>(removeAuthorizedClientErrorCodes)); + .unmodifiableSet(new HashSet<>(removeAuthorizedClientErrorCodes)); this.delegate = authorizedClientRemover; } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java index 0e7edd67d7..0fd36f7f01 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.java @@ -105,7 +105,7 @@ public class RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler Assert.notNull(authorizedClientRemover, "authorizedClientRemover cannot be null"); Assert.notNull(removeAuthorizedClientErrorCodes, "removeAuthorizedClientErrorCodes cannot be null"); this.removeAuthorizedClientErrorCodes = Collections - .unmodifiableSet(new HashSet<>(removeAuthorizedClientErrorCodes)); + .unmodifiableSet(new HashSet<>(removeAuthorizedClientErrorCodes)); this.delegate = authorizedClientRemover; } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java index efcf42a19a..f1b444c819 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java @@ -72,12 +72,12 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica public Authentication authenticate(Authentication authentication) throws AuthenticationException { OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = (OAuth2AuthorizationCodeAuthenticationToken) authentication; OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication.getAuthorizationExchange() - .getAuthorizationResponse(); + .getAuthorizationResponse(); if (authorizationResponse.statusError()) { throw new OAuth2AuthorizationException(authorizationResponse.getError()); } OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationExchange() - .getAuthorizationRequest(); + .getAuthorizationRequest(); if (!authorizationResponse.getState().equals(authorizationRequest.getState())) { OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE); throw new OAuth2AuthorizationException(oauth2Error); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java index a2497f5978..2c64560d79 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.java @@ -85,12 +85,12 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManager implements Rea return Mono.defer(() -> { OAuth2AuthorizationCodeAuthenticationToken token = (OAuth2AuthorizationCodeAuthenticationToken) authentication; OAuth2AuthorizationResponse authorizationResponse = token.getAuthorizationExchange() - .getAuthorizationResponse(); + .getAuthorizationResponse(); if (authorizationResponse.statusError()) { return Mono.error(new OAuth2AuthorizationException(authorizationResponse.getError())); } OAuth2AuthorizationRequest authorizationRequest = token.getAuthorizationExchange() - .getAuthorizationRequest(); + .getAuthorizationRequest(); if (!authorizationResponse.getState().equals(authorizationRequest.getState())) { OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE); return Mono.error(new OAuth2AuthorizationException(oauth2Error)); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java index 5aea261f9d..e9ed4cb7ba 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java @@ -95,8 +95,10 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider // Section 3.1.2.1 Authentication Request - // https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest scope // REQUIRED. OpenID Connect requests MUST contain the "openid" scope value. - if (loginAuthenticationToken.getAuthorizationExchange().getAuthorizationRequest().getScopes() - .contains("openid")) { + if (loginAuthenticationToken.getAuthorizationExchange() + .getAuthorizationRequest() + .getScopes() + .contains("openid")) { // This is an OpenID Connect Authentication Request so return null // and let OidcAuthorizationCodeAuthenticationProvider handle it instead return null; @@ -104,9 +106,9 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken; try { authorizationCodeAuthenticationToken = (OAuth2AuthorizationCodeAuthenticationToken) this.authorizationCodeAuthenticationProvider - .authenticate(new OAuth2AuthorizationCodeAuthenticationToken( - loginAuthenticationToken.getClientRegistration(), - loginAuthenticationToken.getAuthorizationExchange())); + .authenticate( + new OAuth2AuthorizationCodeAuthenticationToken(loginAuthenticationToken.getClientRegistration(), + loginAuthenticationToken.getAuthorizationExchange())); } catch (OAuth2AuthorizationException ex) { OAuth2Error oauth2Error = ex.getError(); @@ -117,7 +119,7 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider OAuth2User oauth2User = this.userService.loadUser(new OAuth2UserRequest( loginAuthenticationToken.getClientRegistration(), accessToken, additionalParameters)); Collection mappedAuthorities = this.authoritiesMapper - .mapAuthorities(oauth2User.getAuthorities()); + .mapAuthorities(oauth2User.getAuthorities()); OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken( loginAuthenticationToken.getClientRegistration(), loginAuthenticationToken.getAuthorizationExchange(), oauth2User, mappedAuthorities, accessToken, authorizationCodeAuthenticationToken.getRefreshToken()); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java index fc91427d5a..e8cb9a1723 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.java @@ -98,9 +98,10 @@ public class OAuth2LoginReactiveAuthenticationManager implements ReactiveAuthent return Mono.empty(); } return this.authorizationCodeManager.authenticate(token) - .onErrorMap(OAuth2AuthorizationException.class, - (e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString(), e)) - .cast(OAuth2AuthorizationCodeAuthenticationToken.class).flatMap(this::onSuccess); + .onErrorMap(OAuth2AuthorizationException.class, + (e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString(), e)) + .cast(OAuth2AuthorizationCodeAuthenticationToken.class) + .flatMap(this::onSuccess); }); } @@ -124,7 +125,7 @@ public class OAuth2LoginReactiveAuthenticationManager implements ReactiveAuthent additionalParameters); return this.userService.loadUser(userRequest).map((oauth2User) -> { Collection mappedAuthorities = this.authoritiesMapper - .mapAuthorities(oauth2User.getAuthorities()); + .mapAuthorities(oauth2User.getAuthorities()); OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken( authentication.getClientRegistration(), authentication.getAuthorizationExchange(), oauth2User, mappedAuthorities, accessToken, authentication.getRefreshToken()); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequestEntityConverter.java index 7da5d53044..1c853d6c3c 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequestEntityConverter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractOAuth2AuthorizationGrantRequestEntityConverter.java @@ -55,8 +55,9 @@ abstract class AbstractOAuth2AuthorizationGrantRequestEntityConverter parameters = getParametersConverter().convert(authorizationGrantRequest); URI uri = UriComponentsBuilder - .fromUriString(authorizationGrantRequest.getClientRegistration().getProviderDetails().getTokenUri()) - .build().toUri(); + .fromUriString(authorizationGrantRequest.getClientRegistration().getProviderDetails().getTokenUri()) + .build() + .toUri(); return new RequestEntity<>(parameters, headers, HttpMethod.POST, uri); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java index fa9120edaf..02e26958fd 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java @@ -75,7 +75,7 @@ public abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient> parametersConverter = this::populateTokenRequestParameters; private BodyExtractor, ReactiveHttpInputMessage> bodyExtractor = OAuth2BodyExtractors - .oauth2AccessTokenResponse(); + .oauth2AccessTokenResponse(); AbstractWebClientReactiveOAuth2AccessTokenResponseClient() { } @@ -225,7 +225,7 @@ public abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient readTokenResponse(T grantRequest, ClientResponse response) { return response.body(this.bodyExtractor) - .map((tokenResponse) -> populateTokenResponse(grantRequest, tokenResponse)); + .map((tokenResponse) -> populateTokenResponse(grantRequest, tokenResponse)); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java index 8550d077c0..26c6118da5 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClient.java @@ -75,7 +75,7 @@ public final class DefaultRefreshTokenTokenResponseClient if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes()) || tokenResponse.getRefreshToken() == null) { OAuth2AccessTokenResponse.Builder tokenResponseBuilder = OAuth2AccessTokenResponse - .withResponse(tokenResponse); + .withResponse(tokenResponse); if (CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) { // As per spec, in Section 5.1 Successful Access Token Response // https://tools.ietf.org/html/rfc6749#section-5.1 diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java index e4b711bde6..27e314e67e 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java @@ -92,7 +92,7 @@ public class NimbusAuthorizationCodeTokenResponseClient ClientID clientId = new ClientID(clientRegistration.getClientId()); Secret clientSecret = new Secret(clientRegistration.getClientSecret()); boolean isPost = ClientAuthenticationMethod.CLIENT_SECRET_POST - .equals(clientRegistration.getClientAuthenticationMethod()) + .equals(clientRegistration.getClientAuthenticationMethod()) || ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod()); ClientAuthentication clientAuthentication = isPost ? new ClientSecretPost(clientId, clientSecret) : new ClientSecretBasic(clientId, clientSecret); @@ -107,7 +107,7 @@ public class NimbusAuthorizationCodeTokenResponseClient String accessToken = accessTokenResponse.getTokens().getAccessToken().getValue(); OAuth2AccessToken.TokenType accessTokenType = null; if (OAuth2AccessToken.TokenType.BEARER.getValue() - .equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) { + .equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) { accessTokenType = OAuth2AccessToken.TokenType.BEARER; } long expiresIn = accessTokenResponse.getTokens().getAccessToken().getLifetime(); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusJwtClientAuthenticationParametersConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusJwtClientAuthenticationParametersConverter.java index 6520f24792..8b19a0a830 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusJwtClientAuthenticationParametersConverter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusJwtClientAuthenticationParametersConverter.java @@ -110,7 +110,7 @@ public final class NimbusJwtClientAuthenticationParametersConverter(scopes) : Collections.emptySet()); + .unmodifiableSet((scopes != null) ? new LinkedHashSet<>(scopes) : Collections.emptySet()); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java index 82d873619e..ba5ad0cf69 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java @@ -77,7 +77,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClient body.with(OAuth2ParameterNames.REDIRECT_URI, redirectUri); } String codeVerifier = authorizationExchange.getAuthorizationRequest() - .getAttribute(PkceParameterNames.CODE_VERIFIER); + .getAttribute(PkceParameterNames.CODE_VERIFIER); if (codeVerifier != null) { body.with(PkceParameterNames.CODE_VERIFIER, codeVerifier); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java index 07d4beef2b..e175b3b37c 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClient.java @@ -65,8 +65,8 @@ public final class WebClientReactivePasswordTokenResponseClient BodyInserters.FormInserter populateTokenRequestBody(OAuth2PasswordGrantRequest grantRequest, BodyInserters.FormInserter body) { return super.populateTokenRequestBody(grantRequest, body) - .with(OAuth2ParameterNames.USERNAME, grantRequest.getUsername()) - .with(OAuth2ParameterNames.PASSWORD, grantRequest.getPassword()); + .with(OAuth2ParameterNames.USERNAME, grantRequest.getUsername()) + .with(OAuth2ParameterNames.PASSWORD, grantRequest.getPassword()); } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java index ee09608f20..0c814a13e5 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.java @@ -73,7 +73,7 @@ public final class WebClientReactiveRefreshTokenTokenResponseClient return accessTokenResponse; } OAuth2AccessTokenResponse.Builder tokenResponseBuilder = OAuth2AccessTokenResponse - .withResponse(accessTokenResponse); + .withResponse(accessTokenResponse); if (CollectionUtils.isEmpty(accessTokenResponse.getAccessToken().getScopes())) { tokenResponseBuilder.scopes(defaultScopes(grantRequest)); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java index d8cfde2efc..77b1fdd121 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java @@ -53,27 +53,27 @@ final class ClientRegistrationDeserializer extends JsonDeserializer mappedAuthorities = this.authoritiesMapper - .mapAuthorities(oidcUser.getAuthorities()); + .mapAuthorities(oidcUser.getAuthorities()); OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken( authorizationCodeAuthentication.getClientRegistration(), authorizationCodeAuthentication.getAuthorizationExchange(), oidcUser, mappedAuthorities, diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java index 6dd88bd612..1b8ab68f9b 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java @@ -118,16 +118,19 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React // https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest // scope REQUIRED. OpenID Connect requests MUST contain the "openid" scope // value. - if (!authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest().getScopes() - .contains("openid")) { + if (!authorizationCodeAuthentication.getAuthorizationExchange() + .getAuthorizationRequest() + .getScopes() + .contains("openid")) { // This is an OpenID Connect Authentication Request so return empty // and let OAuth2LoginReactiveAuthenticationManager handle it instead return Mono.empty(); } OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationExchange() - .getAuthorizationRequest(); + .getAuthorizationRequest(); OAuth2AuthorizationResponse authorizationResponse = authorizationCodeAuthentication - .getAuthorizationExchange().getAuthorizationResponse(); + .getAuthorizationExchange() + .getAuthorizationResponse(); if (authorizationResponse.statusError()) { return Mono.error(new OAuth2AuthenticationException(authorizationResponse.getError(), authorizationResponse.getError().toString())); @@ -139,16 +142,16 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React OAuth2AuthorizationCodeGrantRequest authzRequest = new OAuth2AuthorizationCodeGrantRequest( authorizationCodeAuthentication.getClientRegistration(), authorizationCodeAuthentication.getAuthorizationExchange()); - return this.accessTokenResponseClient.getTokenResponse(authzRequest).flatMap( - (accessTokenResponse) -> authenticationResult(authorizationCodeAuthentication, accessTokenResponse)) - .onErrorMap(OAuth2AuthorizationException.class, - (e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString(), e)) - .onErrorMap(JwtException.class, (e) -> { - OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE, e.getMessage(), - null); - return new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString(), - e); - }); + return this.accessTokenResponseClient.getTokenResponse(authzRequest) + .flatMap((accessTokenResponse) -> authenticationResult(authorizationCodeAuthentication, + accessTokenResponse)) + .onErrorMap(OAuth2AuthorizationException.class, + (e) -> new OAuth2AuthenticationException(e.getError(), e.getError().toString(), e)) + .onErrorMap(JwtException.class, (e) -> { + OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE, e.getMessage(), + null); + return new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString(), e); + }); }); } @@ -220,8 +223,9 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements React private static Mono validateNonce( OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication, OidcIdToken idToken) { - String requestNonce = authorizationCodeAuthentication.getAuthorizationExchange().getAuthorizationRequest() - .getAttribute(OidcParameterNames.NONCE); + String requestNonce = authorizationCodeAuthentication.getAuthorizationExchange() + .getAuthorizationRequest() + .getAttribute(OidcParameterNames.NONCE); if (requestNonce != null) { String nonceHash = getNonceHash(requestNonce); String nonceHashClaim = idToken.getNonce(); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java index a349ddbe0e..d00490bf23 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java @@ -118,8 +118,8 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory getConverter(TypeDescriptor targetDescriptor) { TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class); - return (source) -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor, - targetDescriptor); + return (source) -> ClaimConversionService.getSharedInstance() + .convert(source, sourceDescriptor, targetDescriptor); } @Override @@ -129,7 +129,7 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory, Map> claimTypeConverter = this.claimTypeConverterFactory - .apply(clientRegistration); + .apply(clientRegistration); if (claimTypeConverter != null) { jwtDecoder.setClaimSetConverter(claimTypeConverter); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java index ec4b0bcbfa..84850bba6a 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java @@ -118,8 +118,8 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod private static Converter getConverter(TypeDescriptor targetDescriptor) { final TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class); - return (source) -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor, - targetDescriptor); + return (source) -> ClaimConversionService.getSharedInstance() + .convert(source, sourceDescriptor, targetDescriptor); } @Override @@ -129,7 +129,7 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod NimbusReactiveJwtDecoder jwtDecoder = buildDecoder(clientRegistration); jwtDecoder.setJwtValidator(this.jwtValidatorFactory.apply(clientRegistration)); Converter, Map> claimTypeConverter = this.claimTypeConverterFactory - .apply(clientRegistration); + .apply(clientRegistration); if (claimTypeConverter != null) { jwtDecoder.setClaimSetConverter(claimTypeConverter); } @@ -163,8 +163,9 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod null); throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); } - return NimbusReactiveJwtDecoder.withJwkSetUri(jwkSetUri).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm) - .build(); + return NimbusReactiveJwtDecoder.withJwkSetUri(jwkSetUri) + .jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm) + .build(); } if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) { // https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation @@ -189,8 +190,9 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod } SecretKeySpec secretKeySpec = new SecretKeySpec(clientSecret.getBytes(StandardCharsets.UTF_8), JCA_ALGORITHM_MAPPINGS.get(jwsAlgorithm)); - return NimbusReactiveJwtDecoder.withSecretKey(secretKeySpec).macAlgorithm((MacAlgorithm) jwsAlgorithm) - .build(); + return NimbusReactiveJwtDecoder.withSecretKey(secretKeySpec) + .macAlgorithm((MacAlgorithm) jwsAlgorithm) + .build(); } OAuth2Error oauth2Error = new OAuth2Error(MISSING_SIGNATURE_VERIFIER_ERROR_CODE, "Failed to find a Signature Verifier for Client Registration: '" diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java index 1845ff0d11..6a66651a44 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserService.java @@ -90,8 +90,8 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService< private static Converter getConverter(TypeDescriptor targetDescriptor) { final TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class); - return (source) -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor, - targetDescriptor); + return (source) -> ClaimConversionService.getSharedInstance() + .convert(source, sourceDescriptor, targetDescriptor); } @Override @@ -144,7 +144,7 @@ public class OidcReactiveOAuth2UserService implements ReactiveOAuth2UserService< private Map convertClaims(Map claims, ClientRegistration clientRegistration) { Converter, Map> claimTypeConverter = this.claimTypeConverterFactory - .apply(clientRegistration); + .apply(clientRegistration); return (claimTypeConverter != null) ? claimTypeConverter.convert(claims) : DEFAULT_CLAIM_TYPE_CONVERTER.convert(claims); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java index 0f543f69a7..abf3632964 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserService.java @@ -97,8 +97,8 @@ public class OidcUserService implements OAuth2UserService getConverter(TypeDescriptor targetDescriptor) { TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class); - return (source) -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor, - targetDescriptor); + return (source) -> ClaimConversionService.getSharedInstance() + .convert(source, sourceDescriptor, targetDescriptor); } @Override @@ -138,7 +138,7 @@ public class OidcUserService implements OAuth2UserService getClaims(OidcUserRequest userRequest, OAuth2User oauth2User) { Converter, Map> converter = this.claimTypeConverterFactory - .apply(userRequest.getClientRegistration()); + .apply(userRequest.getClientRegistration()); if (converter != null) { return converter.convert(oauth2User.getAttributes()); } @@ -170,7 +170,7 @@ public class OidcUserService implements OAuth2UserService withinTheRangeOf(c, 0x21, 0x21) - || withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E)); + return scope == null || scope.chars() + .allMatch((c) -> withinTheRangeOf(c, 0x21, 0x21) || withinTheRangeOf(c, 0x23, 0x5B) + || withinTheRangeOf(c, 0x5D, 0x7E)); } private static boolean withinTheRangeOf(int c, int min, int max) { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java index 6e25c7f783..7fb2b889f7 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java @@ -163,7 +163,7 @@ public final class ClientRegistrations { Map configuration = rest.exchange(request, typeReference).getBody(); OIDCProviderMetadata metadata = parse(configuration, OIDCProviderMetadata::parse); ClientRegistration.Builder builder = withProviderConfiguration(metadata, issuer.toASCIIString()) - .jwkSetUri(metadata.getJWKSetURI().toASCIIString()); + .jwkSetUri(metadata.getJWKSetURI().toASCIIString()); if (metadata.getUserInfoEndpointURI() != null) { builder.userInfoUri(metadata.getUserInfoEndpointURI().toASCIIString()); } @@ -266,7 +266,7 @@ public final class ClientRegistrations { private static ClientAuthenticationMethod getClientAuthenticationMethod( List metadataAuthMethods) { if (metadataAuthMethods == null || metadataAuthMethods - .contains(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod.CLIENT_SECRET_BASIC)) { + .contains(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod.CLIENT_SECRET_BASIC)) { // If null, the default includes client_secret_basic return ClientAuthenticationMethod.CLIENT_SECRET_BASIC; } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java index 78d797d38f..0851006de3 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java @@ -88,15 +88,17 @@ public class DefaultOAuth2UserService implements OAuth2UserService loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException { return Mono.defer(() -> { Assert.notNull(userRequest, "userRequest cannot be null"); - String userInfoUri = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint() - .getUri(); + String userInfoUri = userRequest.getClientRegistration() + .getProviderDetails() + .getUserInfoEndpoint() + .getUri(); if (!StringUtils.hasText(userInfoUri)) { OAuth2Error oauth2Error = new OAuth2Error(MISSING_USER_INFO_URI_ERROR_CODE, "Missing required UserInfo Uri in UserInfoEndpoint for Client Registration: " @@ -93,8 +95,10 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi null); throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); } - String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails() - .getUserInfoEndpoint().getUserNameAttributeName(); + String userNameAttributeName = userRequest.getClientRegistration() + .getProviderDetails() + .getUserInfoEndpoint() + .getUserNameAttributeName(); if (!StringUtils.hasText(userNameAttributeName)) { OAuth2Error oauth2Error = new OAuth2Error(MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE, "Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " @@ -102,8 +106,10 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi null); throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); } - AuthenticationMethod authenticationMethod = userRequest.getClientRegistration().getProviderDetails() - .getUserInfoEndpoint().getAuthenticationMethod(); + AuthenticationMethod authenticationMethod = userRequest.getClientRegistration() + .getProviderDetails() + .getUserInfoEndpoint() + .getAuthenticationMethod(); WebClient.RequestHeadersSpec requestHeadersSpec = getRequestHeaderSpec(userRequest, userInfoUri, authenticationMethod); // @formatter:off @@ -195,7 +201,7 @@ public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserServi } // Other error? return httpResponse.bodyToMono(STRING_STRING_MAP) - .map((body) -> new UserInfoErrorResponse(ErrorObject.parse(new JSONObject(body)))); + .map((body) -> new UserInfoErrorResponse(ErrorObject.parse(new JSONObject(body)))); } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java index 9a7a3c8dd8..c4c07c8f2a 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverter.java @@ -44,7 +44,7 @@ import org.springframework.web.util.UriComponentsBuilder; public class OAuth2UserRequestEntityConverter implements Converter> { private static final MediaType DEFAULT_CONTENT_TYPE = MediaType - .valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); + .valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); /** * Returns the {@link RequestEntity} used for the UserInfo Request. @@ -58,7 +58,9 @@ public class OAuth2UserRequestEntityConverter implements Converter request; if (HttpMethod.POST.equals(httpMethod)) { @@ -77,7 +79,7 @@ public class OAuth2UserRequestEntityConverter implements Converter DEFAULT_PKCE_APPLIER = OAuth2AuthorizationRequestCustomizers - .withPkce(); + .withPkce(); private final ClientRegistrationRepository clientRegistrationRepository; @@ -198,8 +198,9 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au private String resolveRegistrationId(HttpServletRequest request) { if (this.authorizationRequestMatcher.matches(request)) { - return this.authorizationRequestMatcher.matcher(request).getVariables() - .get(REGISTRATION_ID_URI_VARIABLE_NAME); + return this.authorizationRequestMatcher.matcher(request) + .getVariables() + .get(REGISTRATION_ID_URI_VARIABLE_NAME); } return null; } @@ -248,8 +249,9 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au uriVariables.put("basePath", (path != null) ? path : ""); uriVariables.put("baseUrl", uriComponents.toUriString()); uriVariables.put("action", (action != null) ? action : ""); - return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()).buildAndExpand(uriVariables) - .toUriString(); + return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()) + .buildAndExpand(uriVariables) + .toUriString(); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java index 02e41ab33f..e2bf76f0fa 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.java @@ -123,9 +123,9 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori this.authorizedClientProvider = DEFAULT_AUTHORIZED_CLIENT_PROVIDER; this.contextAttributesMapper = new DefaultContextAttributesMapper(); this.authorizationSuccessHandler = (authorizedClient, principal, attributes) -> authorizedClientRepository - .saveAuthorizedClient(authorizedClient, principal, - (HttpServletRequest) attributes.get(HttpServletRequest.class.getName()), - (HttpServletResponse) attributes.get(HttpServletResponse.class.getName())); + .saveAuthorizedClient(authorizedClient, principal, + (HttpServletRequest) attributes.get(HttpServletRequest.class.getName()), + (HttpServletResponse) attributes.get(HttpServletResponse.class.getName())); this.authorizationFailureHandler = new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler( (clientRegistrationId, principal, attributes) -> authorizedClientRepository.removeAuthorizedClient( clientRegistrationId, principal, @@ -156,7 +156,7 @@ public final class DefaultOAuth2AuthorizedClientManager implements OAuth2Authori } else { ClientRegistration clientRegistration = this.clientRegistrationRepository - .findByRegistrationId(clientRegistrationId); + .findByRegistrationId(clientRegistrationId); Assert.notNull(clientRegistration, "Could not find ClientRegistration with id '" + clientRegistrationId + "'"); contextBuilder = OAuth2AuthorizationContext.withClientRegistration(clientRegistration); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java index 82980c6544..4c025c38ae 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java @@ -134,8 +134,8 @@ public final class DefaultReactiveOAuth2AuthorizedClientManager implements React this.clientRegistrationRepository = clientRegistrationRepository; this.authorizedClientRepository = authorizedClientRepository; this.authorizationSuccessHandler = (authorizedClient, principal, attributes) -> authorizedClientRepository - .saveAuthorizedClient(authorizedClient, principal, - (ServerWebExchange) attributes.get(ServerWebExchange.class.getName())); + .saveAuthorizedClient(authorizedClient, principal, + (ServerWebExchange) attributes.get(ServerWebExchange.class.getName())); this.authorizationFailureHandler = new RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler( (clientRegistrationId, principal, attributes) -> authorizedClientRepository.removeAuthorizedClient( clientRegistrationId, principal, diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java index fd19d1c2cd..edad80136e 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java @@ -42,7 +42,7 @@ public final class HttpSessionOAuth2AuthorizationRequestRepository implements AuthorizationRequestRepository { private static final String DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME = HttpSessionOAuth2AuthorizationRequestRepository.class - .getName() + ".AUTHORIZATION_REQUEST"; + .getName() + ".AUTHORIZATION_REQUEST"; private final String sessionAttributeName = DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME; @@ -93,8 +93,8 @@ public final class HttpSessionOAuth2AuthorizationRequestRepository request.getSession().removeAttribute(this.sessionAttributeName); } else if (authorizationRequests.size() == 1) { - request.getSession().setAttribute(this.sessionAttributeName, - authorizationRequests.values().iterator().next()); + request.getSession() + .setAttribute(this.sessionAttributeName, authorizationRequests.values().iterator().next()); } else { request.getSession().setAttribute(this.sessionAttributeName, authorizationRequests); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java index e0b65a6398..68dff09890 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepository.java @@ -39,7 +39,7 @@ import org.springframework.util.Assert; public final class HttpSessionOAuth2AuthorizedClientRepository implements OAuth2AuthorizedClientRepository { private static final String DEFAULT_AUTHORIZED_CLIENTS_ATTR_NAME = HttpSessionOAuth2AuthorizedClientRepository.class - .getName() + ".AUTHORIZED_CLIENTS"; + .getName() + ".AUTHORIZED_CLIENTS"; private final String sessionAttributeName = DEFAULT_AUTHORIZED_CLIENTS_ATTR_NAME; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java index 6142c917bc..d31e86f57f 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilter.java @@ -105,7 +105,7 @@ import org.springframework.web.util.UriComponentsBuilder; public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private final ClientRegistrationRepository clientRegistrationRepository; @@ -189,7 +189,7 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter { return false; } OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); if (authorizationRequest == null) { return false; } @@ -219,7 +219,7 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter { private void processAuthorizationResponse(HttpServletRequest request, HttpServletResponse response) throws IOException { OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository - .removeAuthorizationRequest(request, response); + .removeAuthorizationRequest(request, response); String registrationId = authorizationRequest.getAttribute(OAuth2ParameterNames.REGISTRATION_ID); ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId); MultiValueMap params = OAuth2AuthorizationResponseUtils.toMultiMap(request.getParameterMap()); @@ -232,12 +232,12 @@ public class OAuth2AuthorizationCodeGrantFilter extends OncePerRequestFilter { OAuth2AuthorizationCodeAuthenticationToken authenticationResult; try { authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationManager - .authenticate(authenticationRequest); + .authenticate(authenticationRequest); } catch (OAuth2AuthorizationException ex) { OAuth2Error error = ex.getError(); UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString(authorizationRequest.getRedirectUri()) - .queryParam(OAuth2ParameterNames.ERROR, error.getErrorCode()); + .queryParam(OAuth2ParameterNames.ERROR, error.getErrorCode()); if (!StringUtils.isEmpty(error.getDescription())) { uriBuilder.queryParam(OAuth2ParameterNames.ERROR_DESCRIPTION, error.getDescription()); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java index 5341ccae37..234376dd97 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java @@ -193,7 +193,7 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt // Check to see if we need to handle ClientAuthorizationRequiredException Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(ex); ClientAuthorizationRequiredException authzEx = (ClientAuthorizationRequiredException) this.throwableAnalyzer - .getFirstThrowableOfType(ClientAuthorizationRequiredException.class, causeChain); + .getFirstThrowableOfType(ClientAuthorizationRequiredException.class, causeChain); if (authzEx != null) { try { OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestResolver.resolve(request, diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java index fa53214d49..a6abc92124 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java @@ -167,7 +167,7 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); } OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository - .removeAuthorizationRequest(request, response); + .removeAuthorizationRequest(request, response); if (authorizationRequest == null) { OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE); throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); @@ -192,9 +192,10 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse)); authenticationRequest.setDetails(authenticationDetails); OAuth2LoginAuthenticationToken authenticationResult = (OAuth2LoginAuthenticationToken) this - .getAuthenticationManager().authenticate(authenticationRequest); + .getAuthenticationManager() + .authenticate(authenticationRequest); OAuth2AuthenticationToken oauth2Authentication = this.authenticationResultConverter - .convert(authenticationResult); + .convert(authenticationResult); Assert.notNull(oauth2Authentication, "authentication result cannot be null"); oauth2Authentication.setDetails(authenticationDetails); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient( diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java index 971b40ef60..fdd37ec6f7 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java @@ -74,7 +74,7 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private OAuth2AuthorizedClientManager authorizedClientManager; @@ -111,7 +111,7 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth public boolean supportsParameter(MethodParameter parameter) { Class parameterType = parameter.getParameterType(); return (OAuth2AuthorizedClient.class.isAssignableFrom(parameterType) && (AnnotatedElementUtils - .findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class) != null)); + .findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class) != null)); } @NonNull @@ -143,7 +143,7 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth private String resolveClientRegistrationId(MethodParameter parameter) { RegisteredOAuth2AuthorizedClient authorizedClientAnnotation = AnnotatedElementUtils - .findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class); + .findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class); Authentication principal = this.securityContextHolderStrategy.getContext().getAuthentication(); if (!StringUtils.isEmpty(authorizedClientAnnotation.registrationId())) { return authorizedClientAnnotation.registrationId(); @@ -207,7 +207,7 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth .build(); // @formatter:on ((DefaultOAuth2AuthorizedClientManager) this.authorizedClientManager) - .setAuthorizedClientProvider(authorizedClientProvider); + .setAuthorizedClientProvider(authorizedClientProvider); } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java index b5a2be7ee4..b657293c95 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java @@ -117,7 +117,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements * {@link ClientRegistration#getRegistrationId()} */ private static final String CLIENT_REGISTRATION_ID_ATTR_NAME = OAuth2AuthorizedClient.class.getName() - .concat(".CLIENT_REGISTRATION_ID"); + .concat(".CLIENT_REGISTRATION_ID"); /** * The request attribute name used to locate the @@ -129,7 +129,8 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements "anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_USER")); private final Mono currentAuthenticationMono = ReactiveSecurityContextHolder.getContext() - .map(SecurityContext::getAuthentication).defaultIfEmpty(ANONYMOUS_USER_TOKEN); + .map(SecurityContext::getAuthentication) + .defaultIfEmpty(ANONYMOUS_USER_TOKEN); // @formatter:off private final Mono clientRegistrationIdMono = this.currentAuthenticationMono @@ -233,8 +234,12 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements (UnAuthenticatedServerOAuth2AuthorizedClientRepository) authorizedClientRepository, authorizationFailureHandler); unauthenticatedAuthorizedClientManager - .setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProviderBuilder.builder() - .authorizationCode().refreshToken().clientCredentials().password().build()); + .setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProviderBuilder.builder() + .authorizationCode() + .refreshToken() + .clientCredentials() + .password() + .build()); return unauthenticatedAuthorizedClientManager; } DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager( @@ -388,11 +393,11 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements // @formatter:on if (this.authorizedClientManager instanceof UnAuthenticatedReactiveOAuth2AuthorizedClientManager) { ((UnAuthenticatedReactiveOAuth2AuthorizedClientManager) this.authorizedClientManager) - .setAuthorizedClientProvider(authorizedClientProvider); + .setAuthorizedClientProvider(authorizedClientProvider); } else { ((DefaultReactiveOAuth2AuthorizedClientManager) this.authorizedClientManager) - .setAuthorizedClientProvider(authorizedClientProvider); + .setAuthorizedClientProvider(authorizedClientProvider); } } @@ -437,7 +442,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements private Mono exchangeAndHandleResponse(ClientRequest request, ExchangeFunction next) { return next.exchange(request) - .transform((responseMono) -> this.clientResponseHandler.handleResponse(request, responseMono)); + .transform((responseMono) -> this.clientResponseHandler.handleResponse(request, responseMono)); } private Mono authorizedClient(ClientRequest request) { @@ -578,7 +583,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements this.clientRegistrationRepository = clientRegistrationRepository; this.authorizedClientRepository = authorizedClientRepository; this.authorizationSuccessHandler = (authorizedClient, principal, attributes) -> authorizedClientRepository - .saveAuthorizedClient(authorizedClient, principal, null); + .saveAuthorizedClient(authorizedClient, principal, null); this.authorizationFailureHandler = authorizationFailureHandler; } @@ -604,13 +609,12 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements private Mono reauthorize(OAuth2AuthorizedClient authorizedClient, OAuth2AuthorizeRequest authorizeRequest, Authentication principal) { return Mono - .just(OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient).principal(principal) - .build()) - .flatMap((authorizationContext) -> authorize(authorizationContext, principal)) - // Default to the existing authorizedClient if the client was not - // re-authorized - .defaultIfEmpty((authorizeRequest.getAuthorizedClient() != null) - ? authorizeRequest.getAuthorizedClient() : authorizedClient); + .just(OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient).principal(principal).build()) + .flatMap((authorizationContext) -> authorize(authorizationContext, principal)) + // Default to the existing authorizedClient if the client was not + // re-authorized + .defaultIfEmpty((authorizeRequest.getAuthorizedClient() != null) + ? authorizeRequest.getAuthorizedClient() : authorizedClient); } private Mono findAndAuthorize(String clientRegistrationId, Authentication principal) { @@ -776,10 +780,10 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements Mono> serverWebExchange = effectiveServerWebExchange(request); Mono clientRegistrationId = effectiveClientRegistrationId(request); return Mono - .zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono, - serverWebExchange, clientRegistrationId) - .flatMap((zipped) -> handleAuthorizationFailure(zipped.getT1(), zipped.getT2(), - new ClientAuthorizationException(oauth2Error, zipped.getT3(), exception))); + .zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono, + serverWebExchange, clientRegistrationId) + .flatMap((zipped) -> handleAuthorizationFailure(zipped.getT1(), zipped.getT2(), + new ClientAuthorizationException(oauth2Error, zipped.getT3(), exception))); }); } @@ -794,9 +798,9 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements private Mono handleAuthorizationException(ClientRequest request, OAuth2AuthorizationException exception) { Mono> serverWebExchange = effectiveServerWebExchange(request); return Mono - .zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono, - serverWebExchange) - .flatMap((zipped) -> handleAuthorizationFailure(zipped.getT1(), zipped.getT2(), exception)); + .zip(ServerOAuth2AuthorizedClientExchangeFilterFunction.this.currentAuthenticationMono, + serverWebExchange) + .flatMap((zipped) -> handleAuthorizationFailure(zipped.getT1(), zipped.getT2(), exception)); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java index 353b2defa6..7eeef11a52 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java @@ -141,7 +141,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement private static final String OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME = OAuth2AuthorizedClient.class.getName(); private static final String CLIENT_REGISTRATION_ID_ATTR_NAME = OAuth2AuthorizedClient.class.getName() - .concat(".CLIENT_REGISTRATION_ID"); + .concat(".CLIENT_REGISTRATION_ID"); private static final String AUTHENTICATION_ATTR_NAME = Authentication.class.getName(); @@ -153,7 +153,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); @Deprecated private Duration accessTokenExpiresSkew = Duration.ofMinutes(1); @@ -275,7 +275,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement .build(); // @formatter:on ((DefaultOAuth2AuthorizedClientManager) this.authorizedClientManager) - .setAuthorizedClientProvider(authorizedClientProvider); + .setAuthorizedClientProvider(authorizedClientProvider); } private void updateClientCredentialsProvider( @@ -473,7 +473,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement private Mono exchangeAndHandleResponse(ClientRequest request, ExchangeFunction next) { return next.exchange(request) - .transform((responseMono) -> this.clientResponseHandler.handleResponse(request, responseMono)); + .transform((responseMono) -> this.clientResponseHandler.handleResponse(request, responseMono)); } private Mono mergeRequestAttributesIfNecessary(ClientRequest request) { @@ -488,8 +488,8 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement private Mono mergeRequestAttributesFromContext(ClientRequest request) { ClientRequest.Builder builder = ClientRequest.from(request); return Mono.subscriberContext() - .map((ctx) -> builder.attributes((attrs) -> populateRequestAttributes(attrs, ctx))) - .map(ClientRequest.Builder::build); + .map((ctx) -> builder.attributes((attrs) -> populateRequestAttributes(attrs, ctx))) + .map(ClientRequest.Builder::build); } private void populateRequestAttributes(Map attrs, Context ctx) { @@ -558,14 +558,14 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement HttpServletRequest servletRequest = getRequest(attrs); HttpServletResponse servletResponse = getResponse(attrs); OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId) - .principal(authentication); + .principal(authentication); builder.attributes((attributes) -> addToAttributes(attributes, servletRequest, servletResponse)); OAuth2AuthorizeRequest authorizeRequest = builder.build(); // NOTE: 'authorizedClientManager.authorize()' needs to be executed on a dedicated // thread via subscribeOn(Schedulers.boundedElastic()) since it performs a // blocking I/O operation using RestTemplate internally return Mono.fromSupplier(() -> this.authorizedClientManager.authorize(authorizeRequest)) - .subscribeOn(Schedulers.boundedElastic()); + .subscribeOn(Schedulers.boundedElastic()); } private Mono reauthorizeClient(OAuth2AuthorizedClient authorizedClient, @@ -581,14 +581,14 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement HttpServletRequest servletRequest = getRequest(attrs); HttpServletResponse servletResponse = getResponse(attrs); OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withAuthorizedClient(authorizedClient) - .principal(authentication); + .principal(authentication); builder.attributes((attributes) -> addToAttributes(attributes, servletRequest, servletResponse)); OAuth2AuthorizeRequest reauthorizeRequest = builder.build(); // NOTE: 'authorizedClientManager.authorize()' needs to be executed on a dedicated // thread via subscribeOn(Schedulers.boundedElastic()) since it performs a // blocking I/O operation using RestTemplate internally return Mono.fromSupplier(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) - .subscribeOn(Schedulers.boundedElastic()); + .subscribeOn(Schedulers.boundedElastic()); } private void addToAttributes(Map attributes, HttpServletRequest servletRequest, @@ -685,10 +685,10 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement @Override public Mono handleResponse(ClientRequest request, Mono responseMono) { return responseMono.flatMap((response) -> handleResponse(request, response).thenReturn(response)) - .onErrorResume(WebClientResponseException.class, - (e) -> handleWebClientResponseException(request, e).then(Mono.error(e))) - .onErrorResume(OAuth2AuthorizationException.class, - (e) -> handleAuthorizationException(request, e).then(Mono.error(e))); + .onErrorResume(WebClientResponseException.class, + (e) -> handleWebClientResponseException(request, e).then(Mono.error(e))) + .onErrorResume(OAuth2AuthorizationException.class, + (e) -> handleAuthorizationException(request, e).then(Mono.error(e))); } private Mono handleResponse(ClientRequest request, ClientResponse response) { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java index f828c82360..6c334dc610 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java @@ -104,7 +104,7 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth ServerWebExchange exchange) { return Mono.defer(() -> { RegisteredOAuth2AuthorizedClient authorizedClientAnnotation = AnnotatedElementUtils - .findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class); + .findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class); String clientRegistrationId = StringUtils.hasLength(authorizedClientAnnotation.registrationId()) ? authorizedClientAnnotation.registrationId() : null; return authorizeRequest(clientRegistrationId, exchange).flatMap(this.authorizedClientManager::authorize); @@ -114,15 +114,16 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth private Mono authorizeRequest(String registrationId, ServerWebExchange exchange) { Mono defaultedAuthentication = currentAuthentication(); Mono defaultedRegistrationId = Mono.justOrEmpty(registrationId) - .switchIfEmpty(clientRegistrationId(defaultedAuthentication)) - .switchIfEmpty(Mono.error(() -> new IllegalArgumentException( - "The clientRegistrationId could not be resolved. Please provide one"))); + .switchIfEmpty(clientRegistrationId(defaultedAuthentication)) + .switchIfEmpty(Mono.error(() -> new IllegalArgumentException( + "The clientRegistrationId could not be resolved. Please provide one"))); Mono defaultedExchange = Mono.justOrEmpty(exchange) - .switchIfEmpty(currentServerWebExchange()); + .switchIfEmpty(currentServerWebExchange()); return Mono.zip(defaultedRegistrationId, defaultedAuthentication, defaultedExchange) - .map((zipped) -> OAuth2AuthorizeRequest.withClientRegistrationId(zipped.getT1()) - .principal(zipped.getT2()).attribute(ServerWebExchange.class.getName(), zipped.getT3()) - .build()); + .map((zipped) -> OAuth2AuthorizeRequest.withClientRegistrationId(zipped.getT1()) + .principal(zipped.getT2()) + .attribute(ServerWebExchange.class.getName(), zipped.getT3()) + .build()); } private Mono currentAuthentication() { @@ -135,8 +136,8 @@ public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMeth private Mono clientRegistrationId(Mono authentication) { return authentication.filter((t) -> t instanceof OAuth2AuthenticationToken) - .cast(OAuth2AuthenticationToken.class) - .map(OAuth2AuthenticationToken::getAuthorizedClientRegistrationId); + .cast(OAuth2AuthenticationToken.class) + .map(OAuth2AuthenticationToken::getAuthorizedClientRegistrationId); } private Mono currentServerWebExchange() { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java index b5f557bffe..c99c5fc108 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java @@ -86,7 +86,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA Base64.getUrlEncoder().withoutPadding(), 96); private static final Consumer DEFAULT_PKCE_APPLIER = OAuth2AuthorizationRequestCustomizers - .withPkce(); + .withPkce(); private final ServerWebExchangeMatcher authorizationRequestMatcher; @@ -139,7 +139,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA @Override public Mono resolve(ServerWebExchange exchange, String clientRegistrationId) { return findByRegistrationId(exchange, clientRegistrationId) - .map((clientRegistration) -> authorizationRequest(exchange, clientRegistration)); + .map((clientRegistration) -> authorizationRequest(exchange, clientRegistration)); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java index a9659b1bde..d40ef53969 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilter.java @@ -177,7 +177,7 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter { private void updateDefaultAuthenticationConverter() { if (this.defaultAuthenticationConverter) { ((ServerOAuth2AuthorizationCodeAuthenticationTokenConverter) this.authenticationConverter) - .setAuthorizationRequestRepository(this.authorizationRequestRepository); + .setAuthorizationRequestRepository(this.authorizationRequestRepository); } } @@ -197,7 +197,7 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter { private void updateDefaultAuthenticationSuccessHandler() { ((RedirectServerAuthenticationSuccessHandler) this.authenticationSuccessHandler) - .setRequestCache(this.requestCache); + .setRequestCache(this.requestCache); } @Override @@ -221,13 +221,13 @@ public class OAuth2AuthorizationCodeGrantWebFilter implements WebFilter { private Mono authenticate(ServerWebExchange exchange, WebFilterChain chain, Authentication token) { WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain); return this.authenticationManager.authenticate(token) - .onErrorMap(OAuth2AuthorizationException.class, - (ex) -> new OAuth2AuthenticationException(ex.getError(), ex.getError().toString())) - .switchIfEmpty(Mono.defer( - () -> Mono.error(new IllegalStateException("No provider found for " + token.getClass())))) - .flatMap((authentication) -> onAuthenticationSuccess(authentication, webFilterExchange)) - .onErrorResume(AuthenticationException.class, - (e) -> this.authenticationFailureHandler.onAuthenticationFailure(webFilterExchange, e)); + .onErrorMap(OAuth2AuthorizationException.class, + (ex) -> new OAuth2AuthenticationException(ex.getError(), ex.getError().toString())) + .switchIfEmpty(Mono + .defer(() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass())))) + .flatMap((authentication) -> onAuthenticationSuccess(authentication, webFilterExchange)) + .onErrorResume(AuthenticationException.class, + (e) -> this.authenticationFailureHandler.onAuthenticationFailure(webFilterExchange, e)); } private Mono onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange) { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java index f667c918ed..dee3ed637e 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilter.java @@ -153,7 +153,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilter implements WebFilter { Mono saveAuthorizationRequest = Mono.empty(); if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationRequest.getGrantType())) { saveAuthorizationRequest = this.authorizationRequestRepository - .saveAuthorizationRequest(authorizationRequest, exchange); + .saveAuthorizationRequest(authorizationRequest, exchange); } // @formatter:off URI redirectUri = UriComponentsBuilder.fromUriString(authorizationRequest.getAuthorizationRequestUri()) @@ -161,7 +161,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilter implements WebFilter { .toUri(); // @formatter:on return saveAuthorizationRequest - .then(this.authorizationRedirectStrategy.sendRedirect(exchange, redirectUri)); + .then(this.authorizationRedirectStrategy.sendRedirect(exchange, redirectUri)); }); } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java index 47eee77365..8806736e71 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepository.java @@ -43,7 +43,7 @@ public final class WebSessionOAuth2ServerAuthorizationRequestRepository implements ServerAuthorizationRequestRepository { private static final String DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME = WebSessionOAuth2ServerAuthorizationRequestRepository.class - .getName() + ".AUTHORIZATION_REQUEST"; + .getName() + ".AUTHORIZATION_REQUEST"; private final String sessionAttributeName = DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME; @@ -140,7 +140,7 @@ public final class WebSessionOAuth2ServerAuthorizationRequestRepository else if (sessionAttributeValue instanceof Map) { @SuppressWarnings("unchecked") Map authorizationRequests = (Map) sessionAttrs - .get(this.sessionAttributeName); + .get(this.sessionAttributeName); return authorizationRequests; } else { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java index e8eb93f04c..e3b462ebac 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepository.java @@ -40,7 +40,7 @@ import org.springframework.web.server.WebSession; public final class WebSessionServerOAuth2AuthorizedClientRepository implements ServerOAuth2AuthorizedClientRepository { private static final String DEFAULT_AUTHORIZED_CLIENTS_ATTR_NAME = WebSessionServerOAuth2AuthorizedClientRepository.class - .getName() + ".AUTHORIZED_CLIENTS"; + .getName() + ".AUTHORIZED_CLIENTS"; private final String sessionAttributeName = DEFAULT_AUTHORIZED_CLIENTS_ATTR_NAME; diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java index 6f276c235e..afe7105ba3 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeOAuth2AuthorizedClientProviderTests.java @@ -87,7 +87,7 @@ public class AuthorizationCodeOAuth2AuthorizedClientProviderTests { .build(); // @formatter:on assertThatExceptionOfType(ClientAuthorizationRequiredException.class) - .isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext)); + .isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext)); } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java index 2456e4b8e1..bdd3d8417e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests.java @@ -90,7 +90,7 @@ public class AuthorizationCodeReactiveOAuth2AuthorizedClientProviderTests { .build(); // @formatter:on assertThatExceptionOfType(ClientAuthorizationRequiredException.class) - .isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block()); + .isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block()); } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java index fe8b393d68..90d0245950 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.java @@ -87,12 +87,12 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { public void onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, Authentication principal, Map attributes) { AuthorizedClientServiceOAuth2AuthorizedClientManagerTests.this.authorizedClientService - .saveAuthorizedClient(authorizedClient, principal); + .saveAuthorizedClient(authorizedClient, principal); } }); this.authorizationFailureHandler = spy(new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler( (clientRegistrationId, principal, attributes) -> this.authorizedClientService - .removeAuthorizedClient(clientRegistrationId, principal.getName()))); + .removeAuthorizedClient(clientRegistrationId, principal.getName()))); this.authorizedClientManager = new AuthorizedClientServiceOAuth2AuthorizedClientManager( this.clientRegistrationRepository, this.authorizedClientService); this.authorizedClientManager.setAuthorizedClientProvider(this.authorizedClientProvider); @@ -186,10 +186,11 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(this.clientRegistration); + .willReturn(this.clientRegistration); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); @@ -206,9 +207,9 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(this.clientRegistration); + .willReturn(this.clientRegistration); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(this.authorizedClient); + .willReturn(this.authorizedClient); // @formatter:off OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()) @@ -232,13 +233,14 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(this.clientRegistration); + .willReturn(this.clientRegistration); given(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), - eq(this.principal.getName()))).willReturn(this.authorizedClient); + eq(this.principal.getName()))) + .willReturn(this.authorizedClient); OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(reauthorizedClient); + .willReturn(reauthorizedClient); // @formatter:off OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()) @@ -262,7 +264,8 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { @Test public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() { OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) - .principal(this.principal).build(); + .principal(this.principal) + .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); @@ -281,9 +284,10 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(reauthorizedClient); + .willReturn(reauthorizedClient); OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) - .principal(this.principal).build(); + .principal(this.principal) + .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); @@ -303,12 +307,14 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(reauthorizedClient); + .willReturn(reauthorizedClient); // Override the mock with the default this.authorizedClientManager.setContextAttributesMapper( new AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper()); OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) - .principal(this.principal).attribute(OAuth2ParameterNames.SCOPE, "read write").build(); + .principal(this.principal) + .attribute(OAuth2ParameterNames.SCOPE, "read write") + .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -316,9 +322,9 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); assertThat(authorizationContext.getAttributes()) - .containsKey(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); + .containsKey(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); String[] requestScopeAttribute = authorizationContext - .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); + .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); assertThat(requestScopeAttribute).contains("read", "write"); assertThat(authorizedClient).isSameAs(reauthorizedClient); verify(this.authorizationSuccessHandler).onAuthorizationSuccess(eq(reauthorizedClient), eq(this.principal), @@ -332,12 +338,13 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willThrow(authorizationException); + .willThrow(authorizationException); OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) - .principal(this.principal).build(); + .principal(this.principal) + .build(); assertThatExceptionOfType(ClientAuthorizationException.class) - .isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) - .isEqualTo(authorizationException); + .isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) + .isEqualTo(authorizationException); verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any()); verify(this.authorizedClientService).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), @@ -349,7 +356,7 @@ public class AuthorizedClientServiceOAuth2AuthorizedClientManagerTests { ClientAuthorizationException authorizationException = new ClientAuthorizationException( new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willThrow(authorizationException); + .willThrow(authorizationException); // @formatter:off OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest .withAuthorizedClient(this.authorizedClient) diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java index 17d397eccc..1e5b0f9593 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests.java @@ -85,10 +85,10 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { this.authorizedClientService = mock(ReactiveOAuth2AuthorizedClientService.class); this.saveAuthorizedClientProbe = PublisherProbe.empty(); given(this.authorizedClientService.saveAuthorizedClient(any(), any())) - .willReturn(this.saveAuthorizedClientProbe.mono()); + .willReturn(this.saveAuthorizedClientProbe.mono()); this.removeAuthorizedClientProbe = PublisherProbe.empty(); given(this.authorizedClientService.removeAuthorizedClient(any(), any())) - .willReturn(this.removeAuthorizedClientProbe.mono()); + .willReturn(this.removeAuthorizedClientProbe.mono()); this.authorizedClientProvider = mock(ReactiveOAuth2AuthorizedClientProvider.class); this.contextAttributesMapper = mock(Function.class); given(this.contextAttributesMapper.apply(any())).willReturn(Mono.empty()); @@ -106,68 +106,69 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { @Test public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(null, - this.authorizedClientService)) - .withMessage("clientRegistrationRepository cannot be null"); + .isThrownBy(() -> new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(null, + this.authorizedClientService)) + .withMessage("clientRegistrationRepository cannot be null"); } @Test public void constructorWhenOAuth2AuthorizedClientServiceIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager( - this.clientRegistrationRepository, null)) - .withMessage("authorizedClientService cannot be null"); + .isThrownBy(() -> new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager( + this.clientRegistrationRepository, null)) + .withMessage("authorizedClientService cannot be null"); } @Test public void setAuthorizedClientProviderWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null)) - .withMessage("authorizedClientProvider cannot be null"); + .isThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null)) + .withMessage("authorizedClientProvider cannot be null"); } @Test public void setContextAttributesMapperWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null)) - .withMessage("contextAttributesMapper cannot be null"); + .isThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null)) + .withMessage("contextAttributesMapper cannot be null"); } @Test public void setAuthorizationSuccessHandlerWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null)) - .withMessage("authorizationSuccessHandler cannot be null"); + .isThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null)) + .withMessage("authorizationSuccessHandler cannot be null"); } @Test public void setAuthorizationFailureHandlerWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null)) - .withMessage("authorizationFailureHandler cannot be null"); + .isThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null)) + .withMessage("authorizationFailureHandler cannot be null"); } @Test public void authorizeWhenRequestIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(null)) - .withMessage("authorizeRequest cannot be null"); + .withMessage("authorizeRequest cannot be null"); } @Test public void authorizeWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() { String clientRegistrationId = "invalid-registration-id"; OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId) - .principal(this.principal).build(); + .principal(this.principal) + .build(); given(this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).willReturn(Mono.empty()); StepVerifier.create(this.authorizedClientManager.authorize(authorizeRequest)) - .verifyError(IllegalArgumentException.class); + .verifyError(IllegalArgumentException.class); } @SuppressWarnings("unchecked") @Test public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); given(this.authorizedClientProvider.authorize(any())).willReturn(Mono.empty()); // @formatter:off @@ -192,13 +193,14 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.just(this.authorizedClient)); + .willReturn(Mono.just(this.authorizedClient)); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); Mono authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); @@ -216,10 +218,10 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenNotAuthorizedAndSupportedProviderAndCustomSuccessHandlerThenInvokeCustomSuccessHandler() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.just(this.authorizedClient)); + .willReturn(Mono.just(this.authorizedClient)); // @formatter:off OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()) @@ -227,8 +229,8 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { .build(); // @formatter:on PublisherProbe authorizationSuccessHandlerProbe = PublisherProbe.empty(); - this.authorizedClientManager.setAuthorizationSuccessHandler( - (client, principal, attributes) -> authorizationSuccessHandlerProbe.mono()); + this.authorizedClientManager + .setAuthorizationSuccessHandler((client, principal, attributes) -> authorizationSuccessHandlerProbe.mono()); Mono authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); StepVerifier.create(authorizedClient).expectNext(this.authorizedClient).verifyComplete(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); @@ -245,7 +247,7 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenInvalidTokenThenRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); // @formatter:off OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest @@ -257,10 +259,10 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null), this.clientRegistration.getRegistrationId()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.error(exception)); + .willReturn(Mono.error(exception)); assertThatExceptionOfType(ClientAuthorizationException.class) - .isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block()) - .isEqualTo(exception); + .isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block()) + .isEqualTo(exception); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -276,7 +278,7 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenInvalidGrantThenRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); // @formatter:off OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest @@ -288,10 +290,10 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.error(exception)); + .willReturn(Mono.error(exception)); assertThatExceptionOfType(ClientAuthorizationException.class) - .isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block()) - .isEqualTo(exception); + .isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block()) + .isEqualTo(exception); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -307,7 +309,7 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenServerErrorThenDoNotRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); // @formatter:off OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest @@ -319,10 +321,10 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null), this.clientRegistration.getRegistrationId()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.error(exception)); + .willReturn(Mono.error(exception)); assertThatExceptionOfType(ClientAuthorizationException.class) - .isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block()) - .isEqualTo(exception); + .isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block()) + .isEqualTo(exception); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -336,7 +338,7 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenOAuth2AuthorizationExceptionThenDoNotRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); // @formatter:off OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest @@ -347,10 +349,10 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null)); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.error(exception)); + .willReturn(Mono.error(exception)); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block()) - .isEqualTo(exception); + .isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block()) + .isEqualTo(exception); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -364,7 +366,7 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenOAuth2AuthorizationExceptionAndCustomFailureHandlerThenInvokeCustomFailureHandler() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); // @formatter:off OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest @@ -375,13 +377,13 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null)); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.error(exception)); + .willReturn(Mono.error(exception)); PublisherProbe authorizationFailureHandlerProbe = PublisherProbe.empty(); - this.authorizedClientManager.setAuthorizationFailureHandler( - (client, principal, attributes) -> authorizationFailureHandlerProbe.mono()); + this.authorizedClientManager + .setAuthorizationFailureHandler((client, principal, attributes) -> authorizationFailureHandlerProbe.mono()); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block()) - .isEqualTo(exception); + .isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block()) + .isEqualTo(exception); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -397,16 +399,18 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientService.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), - eq(this.principal.getName()))).willReturn(Mono.just(this.authorizedClient)); + eq(this.principal.getName()))) + .willReturn(Mono.just(this.authorizedClient)); OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.just(reauthorizedClient)); + .willReturn(Mono.just(reauthorizedClient)); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); Mono authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); // @formatter:off StepVerifier.create(authorizedClient) @@ -451,7 +455,7 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.just(reauthorizedClient)); + .willReturn(Mono.just(reauthorizedClient)); // @formatter:off OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal) @@ -476,9 +480,11 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.just(reauthorizedClient)); + .willReturn(Mono.just(reauthorizedClient)); OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) - .principal(this.principal).attribute(OAuth2ParameterNames.SCOPE, "read write").build(); + .principal(this.principal) + .attribute(OAuth2ParameterNames.SCOPE, "read write") + .build(); this.authorizedClientManager.setContextAttributesMapper( new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper()); Mono authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest); @@ -496,9 +502,9 @@ public class AuthorizedClientServiceReactiveOAuth2AuthorizedClientManagerTests { assertThat(authorizationContext.getAuthorizedClient()).isSameAs(this.authorizedClient); assertThat(authorizationContext.getPrincipal()).isEqualTo(this.principal); assertThat(authorizationContext.getAttributes()) - .containsKey(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); + .containsKey(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); String[] requestScopeAttribute = authorizationContext - .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); + .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); assertThat(requestScopeAttribute).contains("read", "write"); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java index b68928ba2b..84bb9f5a43 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests.java @@ -194,7 +194,7 @@ public class ClientCredentialsReactiveOAuth2AuthorizedClientProviderTests { .build(); // @formatter:on OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext) - .block(); + .block(); assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java index 829c5f3966..aa55e90d30 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingOAuth2AuthorizedClientProviderTests.java @@ -42,9 +42,9 @@ public class DelegatingOAuth2AuthorizedClientProviderTests { @Test public void constructorWhenProvidersIsEmptyThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingOAuth2AuthorizedClientProvider(new OAuth2AuthorizedClientProvider[0])); + .isThrownBy(() -> new DelegatingOAuth2AuthorizedClientProvider(new OAuth2AuthorizedClientProvider[0])); assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingOAuth2AuthorizedClientProvider(Collections.emptyList())); + .isThrownBy(() -> new DelegatingOAuth2AuthorizedClientProvider(Collections.emptyList())); } @Test @@ -52,7 +52,7 @@ public class DelegatingOAuth2AuthorizedClientProviderTests { DelegatingOAuth2AuthorizedClientProvider delegate = new DelegatingOAuth2AuthorizedClientProvider( mock(OAuth2AuthorizedClientProvider.class)); assertThatIllegalArgumentException().isThrownBy(() -> delegate.authorize(null)) - .withMessage("context cannot be null"); + .withMessage("context cannot be null"); } @Test @@ -67,7 +67,8 @@ public class DelegatingOAuth2AuthorizedClientProviderTests { mock(OAuth2AuthorizedClientProvider.class), mock(OAuth2AuthorizedClientProvider.class), authorizedClientProvider); OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration) - .principal(principal).build(); + .principal(principal) + .build(); OAuth2AuthorizedClient reauthorizedClient = delegate.authorize(context); assertThat(reauthorizedClient).isSameAs(authorizedClient); } @@ -76,7 +77,8 @@ public class DelegatingOAuth2AuthorizedClientProviderTests { public void authorizeWhenProviderCantAuthorizeThenReturnNull() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration) - .principal(new TestingAuthenticationToken("principal", "password")).build(); + .principal(new TestingAuthenticationToken("principal", "password")) + .build(); DelegatingOAuth2AuthorizedClientProvider delegate = new DelegatingOAuth2AuthorizedClientProvider( mock(OAuth2AuthorizedClientProvider.class), mock(OAuth2AuthorizedClientProvider.class)); assertThat(delegate.authorize(context)).isNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java index a3228db9a0..6cf49cce5d 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/DelegatingReactiveOAuth2AuthorizedClientProviderTests.java @@ -45,7 +45,7 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests { assertThatIllegalArgumentException().isThrownBy(() -> new DelegatingReactiveOAuth2AuthorizedClientProvider( new ReactiveOAuth2AuthorizedClientProvider[0])); assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingReactiveOAuth2AuthorizedClientProvider(Collections.emptyList())); + .isThrownBy(() -> new DelegatingReactiveOAuth2AuthorizedClientProvider(Collections.emptyList())); } @Test @@ -53,7 +53,7 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests { DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider( mock(ReactiveOAuth2AuthorizedClientProvider.class)); assertThatIllegalArgumentException().isThrownBy(() -> delegate.authorize(null).block()) - .withMessage("context cannot be null"); + .withMessage("context cannot be null"); } @Test @@ -74,7 +74,8 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests { DelegatingReactiveOAuth2AuthorizedClientProvider delegate = new DelegatingReactiveOAuth2AuthorizedClientProvider( authorizedClientProvider1, authorizedClientProvider2, authorizedClientProvider3); OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration) - .principal(principal).build(); + .principal(principal) + .build(); OAuth2AuthorizedClient reauthorizedClient = delegate.authorize(context).block(); assertThat(reauthorizedClient).isSameAs(authorizedClient); } @@ -83,7 +84,8 @@ public class DelegatingReactiveOAuth2AuthorizedClientProviderTests { public void authorizeWhenProviderCantAuthorizeThenReturnNull() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); OAuth2AuthorizationContext context = OAuth2AuthorizationContext.withClientRegistration(clientRegistration) - .principal(new TestingAuthenticationToken("principal", "password")).build(); + .principal(new TestingAuthenticationToken("principal", "password")) + .build(); ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider1 = mock( ReactiveOAuth2AuthorizedClientProvider.class); given(authorizedClientProvider1.authorize(any())).willReturn(Mono.empty()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java index d7bee3126b..efa546b5d0 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryOAuth2AuthorizedClientServiceTests.java @@ -51,8 +51,10 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { private ClientRegistration registration2 = TestClientRegistrations.clientRegistration2().build(); - private ClientRegistration registration3 = TestClientRegistrations.clientRegistration().clientId("client-3") - .registrationId("registration-3").build(); + private ClientRegistration registration3 = TestClientRegistrations.clientRegistration() + .clientId("client-3") + .registrationId("registration-3") + .build(); private ClientRegistrationRepository clientRegistrationRepository = new InMemoryClientRegistrationRepository( this.registration1, this.registration2, this.registration3); @@ -90,7 +92,7 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { @Test public void loadAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(null, this.principalName1)); + .isThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(null, this.principalName1)); } @Test @@ -102,14 +104,14 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { @Test public void loadAuthorizedClientWhenClientRegistrationNotFoundThenReturnNull() { OAuth2AuthorizedClient authorizedClient = this.authorizedClientService - .loadAuthorizedClient("registration-not-found", this.principalName1); + .loadAuthorizedClient("registration-not-found", this.principalName1); assertThat(authorizedClient).isNull(); } @Test public void loadAuthorizedClientWhenClientRegistrationFoundButNotAssociatedToPrincipalThenReturnNull() { OAuth2AuthorizedClient authorizedClient = this.authorizedClientService - .loadAuthorizedClient(this.registration1.getRegistrationId(), "principal-not-found"); + .loadAuthorizedClient(this.registration1.getRegistrationId(), "principal-not-found"); assertThat(authorizedClient).isNull(); } @@ -121,14 +123,14 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { mock(OAuth2AccessToken.class)); this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication); OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService - .loadAuthorizedClient(this.registration1.getRegistrationId(), this.principalName1); + .loadAuthorizedClient(this.registration1.getRegistrationId(), this.principalName1); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); } @Test public void saveAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(null, mock(Authentication.class))); + .isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(null, mock(Authentication.class))); } @Test @@ -145,20 +147,20 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { mock(OAuth2AccessToken.class)); this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication); OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService - .loadAuthorizedClient(this.registration3.getRegistrationId(), this.principalName2); + .loadAuthorizedClient(this.registration3.getRegistrationId(), this.principalName2); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); } @Test public void removeAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(null, this.principalName2)); + .isThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(null, this.principalName2)); } @Test public void removeAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientService - .removeAuthorizedClient(this.registration3.getRegistrationId(), null)); + .removeAuthorizedClient(this.registration3.getRegistrationId(), null)); } @Test @@ -169,12 +171,12 @@ public class InMemoryOAuth2AuthorizedClientServiceTests { mock(OAuth2AccessToken.class)); this.authorizedClientService.saveAuthorizedClient(authorizedClient, authentication); OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientService - .loadAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2); + .loadAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2); assertThat(loadedAuthorizedClient).isNotNull(); this.authorizedClientService.removeAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2); loadedAuthorizedClient = this.authorizedClientService - .loadAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2); + .loadAuthorizedClient(this.registration2.getRegistrationId(), this.principalName2); assertThat(loadedAuthorizedClient).isNull(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java index d2223450f1..71a359b5ab 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java @@ -85,7 +85,7 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests { public void constructorNullClientRegistrationRepositoryThenThrowsIllegalArgumentException() { this.clientRegistrationRepository = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new InMemoryReactiveOAuth2AuthorizedClientService(this.clientRegistrationRepository)); + .isThrownBy(() -> new InMemoryReactiveOAuth2AuthorizedClientService(this.clientRegistrationRepository)); } @Test @@ -127,25 +127,25 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests { @Test public void loadAuthorizedClientWhenClientRegistrationIdNotFoundThenEmpty() { given(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId)) - .willReturn(Mono.empty()); - StepVerifier.create( - this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName)) - .verifyComplete(); + .willReturn(Mono.empty()); + StepVerifier + .create(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName)) + .verifyComplete(); } @Test public void loadAuthorizedClientWhenClientRegistrationFoundAndNotAuthorizedClientThenEmpty() { given(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId)) - .willReturn(Mono.just(this.clientRegistration)); - StepVerifier.create( - this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName)) - .verifyComplete(); + .willReturn(Mono.just(this.clientRegistration)); + StepVerifier + .create(this.authorizedClientService.loadAuthorizedClient(this.clientRegistrationId, this.principalName)) + .verifyComplete(); } @Test public void loadAuthorizedClientWhenClientRegistrationFoundThenFound() { given(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId)) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, this.accessToken); // @formatter:off @@ -217,7 +217,7 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests { @Test public void removeAuthorizedClientWhenClientIdThenNoException() { given(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId)) - .willReturn(Mono.empty()); + .willReturn(Mono.empty()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, this.accessToken); // @formatter:off @@ -233,7 +233,7 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests { @Test public void removeAuthorizedClientWhenClientRegistrationFoundRemovedThenNotFound() { given(this.clientRegistrationRepository.findByRegistrationId(this.clientRegistrationId)) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, this.accessToken); // @formatter:off diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java index eeac7eeaa8..20deeb03c8 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientServiceTests.java @@ -114,8 +114,8 @@ public class JdbcOAuth2AuthorizedClientServiceTests { @Test public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new JdbcOAuth2AuthorizedClientService(this.jdbcOperations, null)) - .withMessage("clientRegistrationRepository cannot be null"); + .isThrownBy(() -> new JdbcOAuth2AuthorizedClientService(this.jdbcOperations, null)) + .withMessage("clientRegistrationRepository cannot be null"); } @Test @@ -158,7 +158,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests { @Test public void loadAuthorizedClientWhenDoesNotExistThenReturnNull() { OAuth2AuthorizedClient authorizedClient = this.authorizedClientService - .loadAuthorizedClient("registration-not-found", "principalName"); + .loadAuthorizedClient("registration-not-found", "principalName"); assertThat(authorizedClient).isNull(); } @@ -168,21 +168,21 @@ public class JdbcOAuth2AuthorizedClientServiceTests { OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration); this.authorizedClientService.saveAuthorizedClient(expected, principal); OAuth2AuthorizedClient authorizedClient = this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration()); assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName()); assertThat(authorizedClient.getAccessToken().getTokenType()) - .isEqualTo(expected.getAccessToken().getTokenType()); + .isEqualTo(expected.getAccessToken().getTokenType()); assertThat(authorizedClient.getAccessToken().getTokenValue()) - .isEqualTo(expected.getAccessToken().getTokenValue()); + .isEqualTo(expected.getAccessToken().getTokenValue()); assertThat(authorizedClient.getAccessToken().getIssuedAt()).isCloseTo(expected.getAccessToken().getIssuedAt(), within(1, ChronoUnit.MILLIS)); assertThat(authorizedClient.getAccessToken().getExpiresAt()).isCloseTo(expected.getAccessToken().getExpiresAt(), within(1, ChronoUnit.MILLIS)); assertThat(authorizedClient.getAccessToken().getScopes()).isEqualTo(expected.getAccessToken().getScopes()); assertThat(authorizedClient.getRefreshToken().getTokenValue()) - .isEqualTo(expected.getRefreshToken().getTokenValue()); + .isEqualTo(expected.getRefreshToken().getTokenValue()); assertThat(authorizedClient.getRefreshToken().getIssuedAt()).isCloseTo(expected.getRefreshToken().getIssuedAt(), within(1, ChronoUnit.MILLIS)); } @@ -194,18 +194,18 @@ public class JdbcOAuth2AuthorizedClientServiceTests { OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration); this.authorizedClientService.saveAuthorizedClient(expected, principal); assertThatExceptionOfType(DataRetrievalFailureException.class) - .isThrownBy(() -> this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName())) - .withMessage("The ClientRegistration with id '" + this.clientRegistration.getRegistrationId() - + "' exists in the data source, however, it was not found in the ClientRegistrationRepository."); + .isThrownBy(() -> this.authorizedClientService + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName())) + .withMessage("The ClientRegistration with id '" + this.clientRegistration.getRegistrationId() + + "' exists in the data source, however, it was not found in the ClientRegistrationRepository."); } @Test public void saveAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() { Authentication principal = createPrincipal(); assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(null, principal)) - .withMessage("authorizedClient cannot be null"); + .isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(null, principal)) + .withMessage("authorizedClient cannot be null"); } @Test @@ -213,8 +213,8 @@ public class JdbcOAuth2AuthorizedClientServiceTests { Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, null)) - .withMessage("principal cannot be null"); + .isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, null)) + .withMessage("principal cannot be null"); } @Test @@ -223,21 +223,21 @@ public class JdbcOAuth2AuthorizedClientServiceTests { OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration); this.authorizedClientService.saveAuthorizedClient(expected, principal); OAuth2AuthorizedClient authorizedClient = this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration()); assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName()); assertThat(authorizedClient.getAccessToken().getTokenType()) - .isEqualTo(expected.getAccessToken().getTokenType()); + .isEqualTo(expected.getAccessToken().getTokenType()); assertThat(authorizedClient.getAccessToken().getTokenValue()) - .isEqualTo(expected.getAccessToken().getTokenValue()); + .isEqualTo(expected.getAccessToken().getTokenValue()); assertThat(authorizedClient.getAccessToken().getIssuedAt()).isCloseTo(expected.getAccessToken().getIssuedAt(), within(1, ChronoUnit.MILLIS)); assertThat(authorizedClient.getAccessToken().getExpiresAt()).isCloseTo(expected.getAccessToken().getExpiresAt(), within(1, ChronoUnit.MILLIS)); assertThat(authorizedClient.getAccessToken().getScopes()).isEqualTo(expected.getAccessToken().getScopes()); assertThat(authorizedClient.getRefreshToken().getTokenValue()) - .isEqualTo(expected.getRefreshToken().getTokenValue()); + .isEqualTo(expected.getRefreshToken().getTokenValue()); assertThat(authorizedClient.getRefreshToken().getIssuedAt()).isCloseTo(expected.getRefreshToken().getIssuedAt(), within(1, ChronoUnit.MILLIS)); // Test save/load of NOT NULL attributes only @@ -245,14 +245,14 @@ public class JdbcOAuth2AuthorizedClientServiceTests { expected = createAuthorizedClient(principal, this.clientRegistration, true); this.authorizedClientService.saveAuthorizedClient(expected, principal); authorizedClient = this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration()); assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName()); assertThat(authorizedClient.getAccessToken().getTokenType()) - .isEqualTo(expected.getAccessToken().getTokenType()); + .isEqualTo(expected.getAccessToken().getTokenType()); assertThat(authorizedClient.getAccessToken().getTokenValue()) - .isEqualTo(expected.getAccessToken().getTokenValue()); + .isEqualTo(expected.getAccessToken().getTokenValue()); assertThat(authorizedClient.getAccessToken().getIssuedAt()).isCloseTo(expected.getAccessToken().getIssuedAt(), within(1, ChronoUnit.MILLIS)); assertThat(authorizedClient.getAccessToken().getExpiresAt()).isCloseTo(expected.getAccessToken().getExpiresAt(), @@ -272,21 +272,21 @@ public class JdbcOAuth2AuthorizedClientServiceTests { this.authorizedClientService.saveAuthorizedClient(updatedClient, principal); // Then the saved client is updated OAuth2AuthorizedClient savedClient = this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(savedClient).isNotNull(); assertThat(savedClient.getClientRegistration()).isEqualTo(updatedClient.getClientRegistration()); assertThat(savedClient.getPrincipalName()).isEqualTo(updatedClient.getPrincipalName()); assertThat(savedClient.getAccessToken().getTokenType()) - .isEqualTo(updatedClient.getAccessToken().getTokenType()); + .isEqualTo(updatedClient.getAccessToken().getTokenType()); assertThat(savedClient.getAccessToken().getTokenValue()) - .isEqualTo(updatedClient.getAccessToken().getTokenValue()); + .isEqualTo(updatedClient.getAccessToken().getTokenValue()); assertThat(savedClient.getAccessToken().getIssuedAt()).isCloseTo(updatedClient.getAccessToken().getIssuedAt(), within(1, ChronoUnit.MILLIS)); assertThat(savedClient.getAccessToken().getExpiresAt()).isCloseTo(updatedClient.getAccessToken().getExpiresAt(), within(1, ChronoUnit.MILLIS)); assertThat(savedClient.getAccessToken().getScopes()).isEqualTo(updatedClient.getAccessToken().getScopes()); assertThat(savedClient.getRefreshToken().getTokenValue()) - .isEqualTo(updatedClient.getRefreshToken().getTokenValue()); + .isEqualTo(updatedClient.getRefreshToken().getTokenValue()); assertThat(savedClient.getRefreshToken().getIssuedAt()).isCloseTo(updatedClient.getRefreshToken().getIssuedAt(), within(1, ChronoUnit.MILLIS)); } @@ -312,16 +312,16 @@ public class JdbcOAuth2AuthorizedClientServiceTests { @Test public void removeAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(null, "principalName")) - .withMessage("clientRegistrationId cannot be empty"); + .isThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(null, "principalName")) + .withMessage("clientRegistrationId cannot be empty"); } @Test public void removeAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientService - .removeAuthorizedClient(this.clientRegistration.getRegistrationId(), null)) - .withMessage("principalName cannot be empty"); + .isThrownBy(() -> this.authorizedClientService + .removeAuthorizedClient(this.clientRegistration.getRegistrationId(), null)) + .withMessage("principalName cannot be empty"); } @Test @@ -330,12 +330,12 @@ public class JdbcOAuth2AuthorizedClientServiceTests { OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal); authorizedClient = this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNotNull(); this.authorizedClientService.removeAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); authorizedClient = this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNull(); } @@ -347,12 +347,12 @@ public class JdbcOAuth2AuthorizedClientServiceTests { OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); customAuthorizedClientService.saveAuthorizedClient(authorizedClient, principal); authorizedClient = customAuthorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNotNull(); customAuthorizedClientService.removeAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); authorizedClient = customAuthorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()); assertThat(authorizedClient).isNull(); } @@ -437,7 +437,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests { @Override public void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) { List parameters = this.authorizedClientParametersMapper - .apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal)); + .apply(new OAuth2AuthorizedClientHolder(authorizedClient, principal)); PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters.toArray()); this.jdbcOperations.update(SAVE_AUTHORIZED_CLIENT_SQL, pss); } @@ -464,7 +464,7 @@ public class JdbcOAuth2AuthorizedClientServiceTests { public OAuth2AuthorizedClient mapRow(ResultSet rs, int rowNum) throws SQLException { String clientRegistrationId = rs.getString("clientRegistrationId"); ClientRegistration clientRegistration = this.clientRegistrationRepository - .findByRegistrationId(clientRegistrationId); + .findByRegistrationId(clientRegistrationId); if (clientRegistration == null) { throw new DataRetrievalFailureException( "The ClientRegistration with id '" + clientRegistrationId + "' exists in the data source, " diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JwtBearerOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JwtBearerOAuth2AuthorizedClientProviderTests.java index 49d8dc416e..825494b9a4 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JwtBearerOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JwtBearerOAuth2AuthorizedClientProviderTests.java @@ -85,15 +85,15 @@ public class JwtBearerOAuth2AuthorizedClientProviderTests { @Test public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null)) - .withMessage("accessTokenResponseClient cannot be null"); + .isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null)) + .withMessage("accessTokenResponseClient cannot be null"); } @Test public void setJwtAssertionResolverWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientProvider.setJwtAssertionResolver(null)) - .withMessage("jwtAssertionResolver cannot be null"); + .isThrownBy(() -> this.authorizedClientProvider.setJwtAssertionResolver(null)) + .withMessage("jwtAssertionResolver cannot be null"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JwtBearerReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JwtBearerReactiveOAuth2AuthorizedClientProviderTests.java index 2ec6e2f4a0..fa745ecaf1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JwtBearerReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/JwtBearerReactiveOAuth2AuthorizedClientProviderTests.java @@ -90,15 +90,15 @@ public class JwtBearerReactiveOAuth2AuthorizedClientProviderTests { @Test public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null)) - .withMessage("accessTokenResponseClient cannot be null"); + .isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null)) + .withMessage("accessTokenResponseClient cannot be null"); } @Test public void setJwtAssertionResolverWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientProvider.setJwtAssertionResolver(null)) - .withMessage("jwtAssertionResolver cannot be null"); + .isThrownBy(() -> this.authorizedClientProvider.setJwtAssertionResolver(null)) + .withMessage("jwtAssertionResolver cannot be null"); } @Test @@ -223,7 +223,7 @@ public class JwtBearerReactiveOAuth2AuthorizedClientProviderTests { .build(); // @formatter:on OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext) - .block(); + .block(); assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java index 301d20d326..285bd05523 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizationContextTests.java @@ -53,22 +53,22 @@ public class OAuth2AuthorizationContextTests { @Test public void withClientRegistrationWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> OAuth2AuthorizationContext.withClientRegistration(null).build()) - .withMessage("clientRegistration cannot be null"); + .isThrownBy(() -> OAuth2AuthorizationContext.withClientRegistration(null).build()) + .withMessage("clientRegistration cannot be null"); } @Test public void withAuthorizedClientWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> OAuth2AuthorizationContext.withAuthorizedClient(null).build()) - .withMessage("authorizedClient cannot be null"); + .isThrownBy(() -> OAuth2AuthorizationContext.withAuthorizedClient(null).build()) + .withMessage("authorizedClient cannot be null"); } @Test public void withClientRegistrationWhenPrincipalIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration).build()) - .withMessage("principal cannot be null"); + .isThrownBy(() -> OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration).build()) + .withMessage("principal cannot be null"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java index 19e47b2e02..dbdaf2c86b 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizeRequestTests.java @@ -47,38 +47,44 @@ public class OAuth2AuthorizeRequestTests { @Test public void withClientRegistrationIdWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> OAuth2AuthorizeRequest.withClientRegistrationId(null)) - .withMessage("clientRegistrationId cannot be empty"); + .withMessage("clientRegistrationId cannot be empty"); } @Test public void withAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> OAuth2AuthorizeRequest.withAuthorizedClient(null)) - .withMessage("authorizedClient cannot be null"); + .withMessage("authorizedClient cannot be null"); } @Test public void withClientRegistrationIdWhenPrincipalIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).build()) - .withMessage("principal cannot be null"); + .isThrownBy( + () -> OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .build()) + .withMessage("principal cannot be null"); } @Test public void withClientRegistrationIdWhenPrincipalNameIsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy(() -> OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal((String) null).build()) - .withMessage("principalName cannot be empty"); + assertThatIllegalArgumentException() + .isThrownBy( + () -> OAuth2AuthorizeRequest.withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal((String) null) + .build()) + .withMessage("principalName cannot be empty"); } @Test public void withClientRegistrationIdWhenAllValuesProvidedThenAllValuesAreSet() { OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .attributes((attrs) -> { - attrs.put("name1", "value1"); - attrs.put("name2", "value2"); - }).build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .attributes((attrs) -> { + attrs.put("name1", "value1"); + attrs.put("name2", "value2"); + }) + .build(); assertThat(authorizeRequest.getClientRegistrationId()).isEqualTo(this.clientRegistration.getRegistrationId()); assertThat(authorizeRequest.getAuthorizedClient()).isNull(); assertThat(authorizeRequest.getPrincipal()).isEqualTo(this.principal); @@ -88,12 +94,14 @@ public class OAuth2AuthorizeRequestTests { @Test public void withAuthorizedClientWhenAllValuesProvidedThenAllValuesAreSet() { OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) - .principal(this.principal).attributes((attrs) -> { - attrs.put("name1", "value1"); - attrs.put("name2", "value2"); - }).build(); + .principal(this.principal) + .attributes((attrs) -> { + attrs.put("name1", "value1"); + attrs.put("name2", "value2"); + }) + .build(); assertThat(authorizeRequest.getClientRegistrationId()) - .isEqualTo(this.authorizedClient.getClientRegistration().getRegistrationId()); + .isEqualTo(this.authorizedClient.getClientRegistration().getRegistrationId()); assertThat(authorizeRequest.getAuthorizedClient()).isEqualTo(this.authorizedClient); assertThat(authorizeRequest.getPrincipal()).isEqualTo(this.principal); assertThat(authorizeRequest.getAttributes()).contains(entry("name1", "value1"), entry("name2", "value2")); @@ -102,8 +110,9 @@ public class OAuth2AuthorizeRequestTests { @Test public void withClientRegistrationIdWhenPrincipalNameProvidedThenPrincipalCreated() { OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal("principalName") - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal("principalName") + .build(); assertThat(authorizeRequest.getClientRegistrationId()).isEqualTo(this.clientRegistration.getRegistrationId()); assertThat(authorizeRequest.getAuthorizedClient()).isNull(); assertThat(authorizeRequest.getPrincipal().getName()).isEqualTo("principalName"); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java index 3966e4a2f8..b5683f7b3a 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientIdTests.java @@ -31,13 +31,13 @@ public class OAuth2AuthorizedClientIdTests { @Test public void constructorWhenRegistrationIdNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2AuthorizedClientId(null, "test-principal")) - .withMessage("clientRegistrationId cannot be empty"); + .withMessage("clientRegistrationId cannot be empty"); } @Test public void constructorWhenPrincipalNameNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2AuthorizedClientId("test-client", null)) - .withMessage("principalName cannot be empty"); + .withMessage("principalName cannot be empty"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java index 3f03d6b3d9..4253b3c3d3 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilderTests.java @@ -71,7 +71,7 @@ public class OAuth2AuthorizedClientProviderBuilderTests { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build(); this.accessTokenClient = mock(RestOperations.class); given(this.accessTokenClient.exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class))) - .willReturn(new ResponseEntity(accessTokenResponse, HttpStatus.OK)); + .willReturn(new ResponseEntity(accessTokenResponse, HttpStatus.OK)); this.refreshTokenTokenResponseClient = new DefaultRefreshTokenTokenResponseClient(); this.refreshTokenTokenResponseClient.setRestOperations(this.accessTokenClient); this.clientCredentialsTokenResponseClient = new DefaultClientCredentialsTokenResponseClient(); @@ -84,7 +84,7 @@ public class OAuth2AuthorizedClientProviderBuilderTests { @Test public void providerWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> OAuth2AuthorizedClientProviderBuilder.builder().provider(null)); + .isThrownBy(() -> OAuth2AuthorizedClientProviderBuilder.builder().provider(null)); } @Test @@ -99,15 +99,14 @@ public class OAuth2AuthorizedClientProviderBuilderTests { .build(); // @formatter:on assertThatExceptionOfType(ClientAuthorizationRequiredException.class) - .isThrownBy(() -> authorizedClientProvider.authorize(authorizationContext)); + .isThrownBy(() -> authorizedClientProvider.authorize(authorizationContext)); } @Test public void buildWhenRefreshTokenProviderThenProviderReauthorizes() { OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder() - .refreshToken( - (configurer) -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient)) - .build(); + .refreshToken((configurer) -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient)) + .build(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient( TestClientRegistrations.clientRegistration().build(), this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken()); @@ -125,9 +124,9 @@ public class OAuth2AuthorizedClientProviderBuilderTests { @Test public void buildWhenClientCredentialsProviderThenProviderAuthorizes() { OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder() - .clientCredentials( - (configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient)) - .build(); + .clientCredentials( + (configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient)) + .build(); // @formatter:off OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration(TestClientRegistrations.clientCredentials().build()) @@ -160,13 +159,12 @@ public class OAuth2AuthorizedClientProviderBuilderTests { @Test public void buildWhenAllProvidersThenProvidersAuthorize() { OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder() - .authorizationCode() - .refreshToken( - (configurer) -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient)) - .clientCredentials( - (configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient)) - .password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)) - .build(); + .authorizationCode() + .refreshToken((configurer) -> configurer.accessTokenResponseClient(this.refreshTokenTokenResponseClient)) + .clientCredentials( + (configurer) -> configurer.accessTokenResponseClient(this.clientCredentialsTokenResponseClient)) + .password((configurer) -> configurer.accessTokenResponseClient(this.passwordTokenResponseClient)) + .build(); ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build(); // authorization_code // @formatter:off @@ -176,12 +174,14 @@ public class OAuth2AuthorizedClientProviderBuilderTests { .build(); // @formatter:on assertThatExceptionOfType(ClientAuthorizationRequiredException.class) - .isThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext)); + .isThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext)); // refresh_token OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken()); OAuth2AuthorizationContext refreshTokenContext = OAuth2AuthorizationContext - .withAuthorizedClient(authorizedClient).principal(this.principal).build(); + .withAuthorizedClient(authorizedClient) + .principal(this.principal) + .build(); OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(refreshTokenContext); assertThat(reauthorizedClient).isNotNull(); verify(this.accessTokenClient, times(1)).exchange(any(RequestEntity.class), diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java index 4111972d2a..371d21f929 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientTests.java @@ -50,19 +50,19 @@ public class OAuth2AuthorizedClientTests { @Test public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizedClient(null, this.principalName, this.accessToken)); + .isThrownBy(() -> new OAuth2AuthorizedClient(null, this.principalName, this.accessToken)); } @Test public void constructorWhenPrincipalNameIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizedClient(this.clientRegistration, null, this.accessToken)); + .isThrownBy(() -> new OAuth2AuthorizedClient(this.clientRegistration, null, this.accessToken)); } @Test public void constructorWhenAccessTokenIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, null)); + .isThrownBy(() -> new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, null)); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java index 665c7acfef..835bed7965 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProviderTests.java @@ -66,8 +66,8 @@ public class PasswordOAuth2AuthorizedClientProviderTests { @Test public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null)) - .withMessage("accessTokenResponseClient cannot be null"); + .isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null)) + .withMessage("accessTokenResponseClient cannot be null"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java index 1f9e69c272..acc1c004ef 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/PasswordReactiveOAuth2AuthorizedClientProviderTests.java @@ -67,8 +67,8 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests { @Test public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null)) - .withMessage("accessTokenResponseClient cannot be null"); + .isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null)) + .withMessage("accessTokenResponseClient cannot be null"); } @Test @@ -233,7 +233,7 @@ public class PasswordReactiveOAuth2AuthorizedClientProviderTests { .build(); // @formatter:on OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext) - .block(); + .block(); assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/R2dbcReactiveOAuth2AuthorizedClientServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/R2dbcReactiveOAuth2AuthorizedClientServiceTests.java index c865f302ef..89b40b32f4 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/R2dbcReactiveOAuth2AuthorizedClientServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/R2dbcReactiveOAuth2AuthorizedClientServiceTests.java @@ -77,7 +77,7 @@ public class R2dbcReactiveOAuth2AuthorizedClientServiceTests { this.clientRegistration = TestClientRegistrations.clientRegistration().build(); this.clientRegistrationRepository = mock(ReactiveClientRegistrationRepository.class); given(this.clientRegistrationRepository.findByRegistrationId(anyString())) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); this.databaseClient = DatabaseClient.create(connectionFactory); this.authorizedClientService = new R2dbcReactiveOAuth2AuthorizedClientService(this.databaseClient, this.clientRegistrationRepository); @@ -86,67 +86,71 @@ public class R2dbcReactiveOAuth2AuthorizedClientServiceTests { @Test public void constructorWhenDatabaseClientIsNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy( - () -> new R2dbcReactiveOAuth2AuthorizedClientService(null, this.clientRegistrationRepository)) - .withMessageContaining("databaseClient cannot be null"); + .isThrownBy(() -> new R2dbcReactiveOAuth2AuthorizedClientService(null, this.clientRegistrationRepository)) + .withMessageContaining("databaseClient cannot be null"); } @Test public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> new R2dbcReactiveOAuth2AuthorizedClientService(this.databaseClient, null)) - .withMessageContaining("clientRegistrationRepository cannot be null"); + .isThrownBy(() -> new R2dbcReactiveOAuth2AuthorizedClientService(this.databaseClient, null)) + .withMessageContaining("clientRegistrationRepository cannot be null"); } @Test public void loadAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(null, "principalName")) - .withMessageContaining("clientRegistrationId cannot be empty"); + .isThrownBy(() -> this.authorizedClientService.loadAuthorizedClient(null, "principalName")) + .withMessageContaining("clientRegistrationId cannot be empty"); } @Test public void loadAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), null)) - .withMessageContaining("principalName cannot be empty"); + .isThrownBy(() -> this.authorizedClientService + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), null)) + .withMessageContaining("principalName cannot be empty"); } @Test public void loadAuthorizedClientWhenDoesNotExistThenReturnNull() { this.authorizedClientService.loadAuthorizedClient("registration-not-found", "principalName") - .as(StepVerifier::create).expectNextCount(0).verifyComplete(); + .as(StepVerifier::create) + .expectNextCount(0) + .verifyComplete(); } @Test public void loadAuthorizedClientWhenExistsThenReturnAuthorizedClient() { Authentication principal = createPrincipal(); OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(expected, principal).as(StepVerifier::create) - .verifyComplete(); + this.authorizedClientService.saveAuthorizedClient(expected, principal) + .as(StepVerifier::create) + .verifyComplete(); this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) - .as(StepVerifier::create).assertNext((authorizedClient) -> { - assertThat(authorizedClient).isNotNull(); - assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration()); - assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName()); - assertThat(authorizedClient.getAccessToken().getTokenType()) - .isEqualTo(expected.getAccessToken().getTokenType()); - assertThat(authorizedClient.getAccessToken().getTokenValue()) - .isEqualTo(expected.getAccessToken().getTokenValue()); - assertThat(authorizedClient.getAccessToken().getIssuedAt()) - .isEqualTo(expected.getAccessToken().getIssuedAt()); - assertThat(authorizedClient.getAccessToken().getExpiresAt()) - .isEqualTo(expected.getAccessToken().getExpiresAt()); - assertThat(authorizedClient.getAccessToken().getScopes()) - .isEqualTo(expected.getAccessToken().getScopes()); - assertThat(authorizedClient.getRefreshToken().getTokenValue()) - .isEqualTo(expected.getRefreshToken().getTokenValue()); - assertThat(authorizedClient.getRefreshToken().getIssuedAt()) - .isEqualTo(expected.getRefreshToken().getIssuedAt()); - }).verifyComplete(); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) + .as(StepVerifier::create) + .assertNext((authorizedClient) -> { + assertThat(authorizedClient).isNotNull(); + assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration()); + assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName()); + assertThat(authorizedClient.getAccessToken().getTokenType()) + .isEqualTo(expected.getAccessToken().getTokenType()); + assertThat(authorizedClient.getAccessToken().getTokenValue()) + .isEqualTo(expected.getAccessToken().getTokenValue()); + assertThat(authorizedClient.getAccessToken().getIssuedAt()) + .isEqualTo(expected.getAccessToken().getIssuedAt()); + assertThat(authorizedClient.getAccessToken().getExpiresAt()) + .isEqualTo(expected.getAccessToken().getExpiresAt()); + assertThat(authorizedClient.getAccessToken().getScopes()) + .isEqualTo(expected.getAccessToken().getScopes()); + assertThat(authorizedClient.getRefreshToken().getTokenValue()) + .isEqualTo(expected.getRefreshToken().getTokenValue()); + assertThat(authorizedClient.getRefreshToken().getIssuedAt()) + .isEqualTo(expected.getRefreshToken().getIssuedAt()); + }) + .verifyComplete(); } @Test @@ -155,16 +159,16 @@ public class R2dbcReactiveOAuth2AuthorizedClientServiceTests { Authentication principal = createPrincipal(); OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(expected, principal).as(StepVerifier::create) - .verifyComplete(); + this.authorizedClientService.saveAuthorizedClient(expected, principal) + .as(StepVerifier::create) + .verifyComplete(); this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) - .as(StepVerifier::create) - .verifyErrorSatisfies((exception) -> assertThat(exception) - .isInstanceOf(DataRetrievalFailureException.class) - .hasMessage("The ClientRegistration with id '" + this.clientRegistration.getRegistrationId() - + "' exists in the data source, however, it was not found in the ReactiveClientRegistrationRepository.")); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) + .as(StepVerifier::create) + .verifyErrorSatisfies((exception) -> assertThat(exception).isInstanceOf(DataRetrievalFailureException.class) + .hasMessage("The ClientRegistration with id '" + this.clientRegistration.getRegistrationId() + + "' exists in the data source, however, it was not found in the ReactiveClientRegistrationRepository.")); } @Test @@ -172,8 +176,8 @@ public class R2dbcReactiveOAuth2AuthorizedClientServiceTests { Authentication principal = createPrincipal(); assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(null, principal)) - .withMessageContaining("authorizedClient cannot be null"); + .isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(null, principal)) + .withMessageContaining("authorizedClient cannot be null"); } @Test @@ -181,8 +185,8 @@ public class R2dbcReactiveOAuth2AuthorizedClientServiceTests { Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, null)) - .withMessageContaining("principal cannot be null"); + .isThrownBy(() -> this.authorizedClientService.saveAuthorizedClient(authorizedClient, null)) + .withMessageContaining("principal cannot be null"); } @Test @@ -190,57 +194,62 @@ public class R2dbcReactiveOAuth2AuthorizedClientServiceTests { Authentication principal = createPrincipal(); final OAuth2AuthorizedClient expected = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(expected, principal).as(StepVerifier::create) - .verifyComplete(); + this.authorizedClientService.saveAuthorizedClient(expected, principal) + .as(StepVerifier::create) + .verifyComplete(); this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) - .as(StepVerifier::create).assertNext((authorizedClient) -> { - assertThat(authorizedClient).isNotNull(); - assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration()); - assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName()); - assertThat(authorizedClient.getAccessToken().getTokenType()) - .isEqualTo(expected.getAccessToken().getTokenType()); - assertThat(authorizedClient.getAccessToken().getTokenValue()) - .isEqualTo(expected.getAccessToken().getTokenValue()); - assertThat(authorizedClient.getAccessToken().getIssuedAt()) - .isEqualTo(expected.getAccessToken().getIssuedAt()); - assertThat(authorizedClient.getAccessToken().getExpiresAt()) - .isEqualTo(expected.getAccessToken().getExpiresAt()); - assertThat(authorizedClient.getAccessToken().getScopes()) - .isEqualTo(expected.getAccessToken().getScopes()); - assertThat(authorizedClient.getRefreshToken().getTokenValue()) - .isEqualTo(expected.getRefreshToken().getTokenValue()); - assertThat(authorizedClient.getRefreshToken().getIssuedAt()) - .isEqualTo(expected.getRefreshToken().getIssuedAt()); - }).verifyComplete(); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) + .as(StepVerifier::create) + .assertNext((authorizedClient) -> { + assertThat(authorizedClient).isNotNull(); + assertThat(authorizedClient.getClientRegistration()).isEqualTo(expected.getClientRegistration()); + assertThat(authorizedClient.getPrincipalName()).isEqualTo(expected.getPrincipalName()); + assertThat(authorizedClient.getAccessToken().getTokenType()) + .isEqualTo(expected.getAccessToken().getTokenType()); + assertThat(authorizedClient.getAccessToken().getTokenValue()) + .isEqualTo(expected.getAccessToken().getTokenValue()); + assertThat(authorizedClient.getAccessToken().getIssuedAt()) + .isEqualTo(expected.getAccessToken().getIssuedAt()); + assertThat(authorizedClient.getAccessToken().getExpiresAt()) + .isEqualTo(expected.getAccessToken().getExpiresAt()); + assertThat(authorizedClient.getAccessToken().getScopes()) + .isEqualTo(expected.getAccessToken().getScopes()); + assertThat(authorizedClient.getRefreshToken().getTokenValue()) + .isEqualTo(expected.getRefreshToken().getTokenValue()); + assertThat(authorizedClient.getRefreshToken().getIssuedAt()) + .isEqualTo(expected.getRefreshToken().getIssuedAt()); + }) + .verifyComplete(); // Test save/load of NOT NULL attributes only principal = createPrincipal(); OAuth2AuthorizedClient updatedExpectedPrincipal = createAuthorizedClient(principal, this.clientRegistration, true); - this.authorizedClientService.saveAuthorizedClient(updatedExpectedPrincipal, principal).as(StepVerifier::create) - .verifyComplete(); + this.authorizedClientService.saveAuthorizedClient(updatedExpectedPrincipal, principal) + .as(StepVerifier::create) + .verifyComplete(); this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) - .as(StepVerifier::create).assertNext((authorizedClient) -> { - assertThat(authorizedClient).isNotNull(); - assertThat(authorizedClient.getClientRegistration()) - .isEqualTo(updatedExpectedPrincipal.getClientRegistration()); - assertThat(authorizedClient.getPrincipalName()) - .isEqualTo(updatedExpectedPrincipal.getPrincipalName()); - assertThat(authorizedClient.getAccessToken().getTokenType()) - .isEqualTo(updatedExpectedPrincipal.getAccessToken().getTokenType()); - assertThat(authorizedClient.getAccessToken().getTokenValue()) - .isEqualTo(updatedExpectedPrincipal.getAccessToken().getTokenValue()); - assertThat(authorizedClient.getAccessToken().getIssuedAt()) - .isEqualTo(updatedExpectedPrincipal.getAccessToken().getIssuedAt()); - assertThat(authorizedClient.getAccessToken().getExpiresAt()) - .isEqualTo(updatedExpectedPrincipal.getAccessToken().getExpiresAt()); - assertThat(authorizedClient.getAccessToken().getScopes()).isEmpty(); - assertThat(authorizedClient.getRefreshToken()).isNull(); - }).verifyComplete(); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) + .as(StepVerifier::create) + .assertNext((authorizedClient) -> { + assertThat(authorizedClient).isNotNull(); + assertThat(authorizedClient.getClientRegistration()) + .isEqualTo(updatedExpectedPrincipal.getClientRegistration()); + assertThat(authorizedClient.getPrincipalName()).isEqualTo(updatedExpectedPrincipal.getPrincipalName()); + assertThat(authorizedClient.getAccessToken().getTokenType()) + .isEqualTo(updatedExpectedPrincipal.getAccessToken().getTokenType()); + assertThat(authorizedClient.getAccessToken().getTokenValue()) + .isEqualTo(updatedExpectedPrincipal.getAccessToken().getTokenValue()); + assertThat(authorizedClient.getAccessToken().getIssuedAt()) + .isEqualTo(updatedExpectedPrincipal.getAccessToken().getIssuedAt()); + assertThat(authorizedClient.getAccessToken().getExpiresAt()) + .isEqualTo(updatedExpectedPrincipal.getAccessToken().getExpiresAt()); + assertThat(authorizedClient.getAccessToken().getScopes()).isEmpty(); + assertThat(authorizedClient.getRefreshToken()).isNull(); + }) + .verifyComplete(); } @Test @@ -248,52 +257,55 @@ public class R2dbcReactiveOAuth2AuthorizedClientServiceTests { // Given a saved authorized client Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal).as(StepVerifier::create) - .verifyComplete(); + this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal) + .as(StepVerifier::create) + .verifyComplete(); // When a client with the same principal and registration id is saved OAuth2AuthorizedClient updatedAuthorizedClient = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(updatedAuthorizedClient, principal).as(StepVerifier::create) - .verifyComplete(); + this.authorizedClientService.saveAuthorizedClient(updatedAuthorizedClient, principal) + .as(StepVerifier::create) + .verifyComplete(); // Then the saved client is updated this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) - .as(StepVerifier::create).assertNext((savedClient) -> { - assertThat(savedClient).isNotNull(); - assertThat(savedClient.getClientRegistration()) - .isEqualTo(updatedAuthorizedClient.getClientRegistration()); - assertThat(savedClient.getPrincipalName()).isEqualTo(updatedAuthorizedClient.getPrincipalName()); - assertThat(savedClient.getAccessToken().getTokenType()) - .isEqualTo(updatedAuthorizedClient.getAccessToken().getTokenType()); - assertThat(savedClient.getAccessToken().getTokenValue()) - .isEqualTo(updatedAuthorizedClient.getAccessToken().getTokenValue()); - assertThat(savedClient.getAccessToken().getIssuedAt()) - .isEqualTo(updatedAuthorizedClient.getAccessToken().getIssuedAt()); - assertThat(savedClient.getAccessToken().getExpiresAt()) - .isEqualTo(updatedAuthorizedClient.getAccessToken().getExpiresAt()); - assertThat(savedClient.getAccessToken().getScopes()) - .isEqualTo(updatedAuthorizedClient.getAccessToken().getScopes()); - assertThat(savedClient.getRefreshToken().getTokenValue()) - .isEqualTo(updatedAuthorizedClient.getRefreshToken().getTokenValue()); - assertThat(savedClient.getRefreshToken().getIssuedAt()) - .isEqualTo(updatedAuthorizedClient.getRefreshToken().getIssuedAt()); - }); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) + .as(StepVerifier::create) + .assertNext((savedClient) -> { + assertThat(savedClient).isNotNull(); + assertThat(savedClient.getClientRegistration()) + .isEqualTo(updatedAuthorizedClient.getClientRegistration()); + assertThat(savedClient.getPrincipalName()).isEqualTo(updatedAuthorizedClient.getPrincipalName()); + assertThat(savedClient.getAccessToken().getTokenType()) + .isEqualTo(updatedAuthorizedClient.getAccessToken().getTokenType()); + assertThat(savedClient.getAccessToken().getTokenValue()) + .isEqualTo(updatedAuthorizedClient.getAccessToken().getTokenValue()); + assertThat(savedClient.getAccessToken().getIssuedAt()) + .isEqualTo(updatedAuthorizedClient.getAccessToken().getIssuedAt()); + assertThat(savedClient.getAccessToken().getExpiresAt()) + .isEqualTo(updatedAuthorizedClient.getAccessToken().getExpiresAt()); + assertThat(savedClient.getAccessToken().getScopes()) + .isEqualTo(updatedAuthorizedClient.getAccessToken().getScopes()); + assertThat(savedClient.getRefreshToken().getTokenValue()) + .isEqualTo(updatedAuthorizedClient.getRefreshToken().getTokenValue()); + assertThat(savedClient.getRefreshToken().getIssuedAt()) + .isEqualTo(updatedAuthorizedClient.getRefreshToken().getIssuedAt()); + }); } @Test public void removeAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(null, "principalName")) - .withMessageContaining("clientRegistrationId cannot be empty"); + .isThrownBy(() -> this.authorizedClientService.removeAuthorizedClient(null, "principalName")) + .withMessageContaining("clientRegistrationId cannot be empty"); } @Test public void removeAuthorizedClientWhenPrincipalNameIsNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> this.authorizedClientService - .removeAuthorizedClient(this.clientRegistration.getRegistrationId(), null)) - .withMessageContaining("principalName cannot be empty"); + .isThrownBy(() -> this.authorizedClientService + .removeAuthorizedClient(this.clientRegistration.getRegistrationId(), null)) + .withMessageContaining("principalName cannot be empty"); } @Test @@ -301,46 +313,53 @@ public class R2dbcReactiveOAuth2AuthorizedClientServiceTests { Authentication principal = createPrincipal(); OAuth2AuthorizedClient authorizedClient = createAuthorizedClient(principal, this.clientRegistration); - this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal).as(StepVerifier::create) - .verifyComplete(); + this.authorizedClientService.saveAuthorizedClient(authorizedClient, principal) + .as(StepVerifier::create) + .verifyComplete(); this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) - .as(StepVerifier::create).assertNext((dbAuthorizedClient) -> assertThat(dbAuthorizedClient).isNotNull()) - .verifyComplete(); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) + .as(StepVerifier::create) + .assertNext((dbAuthorizedClient) -> assertThat(dbAuthorizedClient).isNotNull()) + .verifyComplete(); this.authorizedClientService - .removeAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) - .as(StepVerifier::create).verifyComplete(); + .removeAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) + .as(StepVerifier::create) + .verifyComplete(); this.authorizedClientService - .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) - .as(StepVerifier::create).expectNextCount(0).verifyComplete(); + .loadAuthorizedClient(this.clientRegistration.getRegistrationId(), principal.getName()) + .as(StepVerifier::create) + .expectNextCount(0) + .verifyComplete(); } @Test public void setAuthorizedClientRowMapperWhenNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> this.authorizedClientService.setAuthorizedClientRowMapper(null)) - .withMessageContaining("authorizedClientRowMapper cannot be nul"); + .isThrownBy(() -> this.authorizedClientService.setAuthorizedClientRowMapper(null)) + .withMessageContaining("authorizedClientRowMapper cannot be nul"); } @Test public void setAuthorizedClientParametersMapperWhenNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> this.authorizedClientService.setAuthorizedClientParametersMapper(null)) - .withMessageContaining("authorizedClientParametersMapper cannot be nul"); + .isThrownBy(() -> this.authorizedClientService.setAuthorizedClientParametersMapper(null)) + .withMessageContaining("authorizedClientParametersMapper cannot be nul"); } private static ConnectionFactory createDb() { ConnectionFactory connectionFactory = H2ConnectionFactory.inMemory("oauth-test"); Mono.from(connectionFactory.create()) - .flatMapMany((connection) -> Flux - .from(connection.createStatement("drop table oauth2_authorized_client").execute()) - .flatMap(Result::getRowsUpdated).onErrorResume((e) -> Mono.empty()) - .thenMany(connection.close())) - .as(StepVerifier::create).verifyComplete(); + .flatMapMany((connection) -> Flux + .from(connection.createStatement("drop table oauth2_authorized_client").execute()) + .flatMap(Result::getRowsUpdated) + .onErrorResume((e) -> Mono.empty()) + .thenMany(connection.close())) + .as(StepVerifier::create) + .verifyComplete(); ConnectionFactoryInitializer createDb = createDb(OAUTH2_CLIENT_SCHEMA_SQL_RESOURCE); createDb.setConnectionFactory(connectionFactory); createDb.afterPropertiesSet(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java index d6f771c5a6..33d0d58a73 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilderTests.java @@ -75,7 +75,7 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { @Test public void providerWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> ReactiveOAuth2AuthorizedClientProviderBuilder.builder().provider(null)); + .isThrownBy(() -> ReactiveOAuth2AuthorizedClientProviderBuilder.builder().provider(null)); } @Test @@ -91,7 +91,7 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { .build(); // @formatter:on assertThatExceptionOfType(ClientAuthorizationRequiredException.class) - .isThrownBy(() -> authorizedClientProvider.authorize(authorizationContext).block()); + .isThrownBy(() -> authorizedClientProvider.authorize(authorizationContext).block()); } @Test @@ -151,7 +151,9 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder - .builder().password().build(); + .builder() + .password() + .build(); // @formatter:off OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext .withClientRegistration( @@ -178,7 +180,12 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder - .builder().authorizationCode().refreshToken().clientCredentials().password().build(); + .builder() + .authorizationCode() + .refreshToken() + .clientCredentials() + .password() + .build(); // authorization_code // @formatter:off OAuth2AuthorizationContext authorizationCodeContext = OAuth2AuthorizationContext @@ -187,12 +194,14 @@ public class ReactiveOAuth2AuthorizedClientProviderBuilderTests { .build(); // @formatter:on assertThatExceptionOfType(ClientAuthorizationRequiredException.class) - .isThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext).block()); + .isThrownBy(() -> authorizedClientProvider.authorize(authorizationCodeContext).block()); // refresh_token OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistrationBuilder.build(), this.principal.getName(), expiredAccessToken(), TestOAuth2RefreshTokens.refreshToken()); OAuth2AuthorizationContext refreshTokenContext = OAuth2AuthorizationContext - .withAuthorizedClient(authorizedClient).principal(this.principal).build(); + .withAuthorizedClient(authorizedClient) + .principal(this.principal) + .build(); OAuth2AuthorizedClient reauthorizedClient = authorizedClientProvider.authorize(refreshTokenContext).block(); assertThat(reauthorizedClient).isNotNull(); assertThat(this.server.getRequestCount()).isEqualTo(1); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java index 0d143b99be..86ae003eff 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProviderTests.java @@ -162,7 +162,8 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenAuthorizedAndAccessTokenNotExpiredButClockSkewForcesExpiryThenReauthorize() { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() - .refreshToken("new-refresh-token").build(); + .refreshToken("new-refresh-token") + .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); Instant now = Instant.now(); Instant issuedAt = now.minus(Duration.ofMinutes(60)); @@ -228,10 +229,10 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { // @formatter:on this.authorizedClientProvider.authorize(authorizationContext); ArgumentCaptor refreshTokenGrantRequestArgCaptor = ArgumentCaptor - .forClass(OAuth2RefreshTokenGrantRequest.class); + .forClass(OAuth2RefreshTokenGrantRequest.class); verify(this.accessTokenResponseClient).getTokenResponse(refreshTokenGrantRequestArgCaptor.capture()); assertThat(refreshTokenGrantRequestArgCaptor.getValue().getScopes()) - .isEqualTo(new HashSet<>(Arrays.asList(requestScope))); + .isEqualTo(new HashSet<>(Arrays.asList(requestScope))); } @Test @@ -245,9 +246,9 @@ public class RefreshTokenOAuth2AuthorizedClientProviderTests { .build(); // @formatter:on assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext)) - .withMessageStartingWith("The context attribute must be of type String[] '" - + OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'"); + .isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext)) + .withMessageStartingWith("The context attribute must be of type String[] '" + + OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'"); } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java index 3ba49177ea..3e438c60bb 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProviderTests.java @@ -80,8 +80,8 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { @Test public void setAccessTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null)) - .withMessage("accessTokenResponseClient cannot be null"); + .isThrownBy(() -> this.authorizedClientProvider.setAccessTokenResponseClient(null)) + .withMessage("accessTokenResponseClient cannot be null"); } @Test @@ -161,7 +161,8 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenAuthorizedAndAccessTokenNotExpiredButClockSkewForcesExpiryThenReauthorize() { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() - .refreshToken("new-refresh-token").build(); + .refreshToken("new-refresh-token") + .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); Instant now = Instant.now(); Instant issuedAt = now.minus(Duration.ofMinutes(60)); @@ -174,9 +175,11 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { // force it to expire on the client this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90)); OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext - .withAuthorizedClient(authorizedClient).principal(this.principal).build(); + .withAuthorizedClient(authorizedClient) + .principal(this.principal) + .build(); OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext) - .block(); + .block(); assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -186,12 +189,15 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenAuthorizedAndAccessTokenExpiredThenReauthorize() { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() - .refreshToken("new-refresh-token").build(); + .refreshToken("new-refresh-token") + .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext - .withAuthorizedClient(this.authorizedClient).principal(this.principal).build(); + .withAuthorizedClient(this.authorizedClient) + .principal(this.principal) + .build(); OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext) - .block(); + .block(); assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration); assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName()); assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); @@ -201,7 +207,8 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { @Test public void authorizeWhenAuthorizedAndRequestScopeProvidedThenScopeRequested() { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() - .refreshToken("new-refresh-token").build(); + .refreshToken("new-refresh-token") + .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); String[] requestScope = new String[] { "read", "write" }; // @formatter:off @@ -213,10 +220,10 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { // @formatter:on this.authorizedClientProvider.authorize(authorizationContext).block(); ArgumentCaptor refreshTokenGrantRequestArgCaptor = ArgumentCaptor - .forClass(OAuth2RefreshTokenGrantRequest.class); + .forClass(OAuth2RefreshTokenGrantRequest.class); verify(this.accessTokenResponseClient).getTokenResponse(refreshTokenGrantRequestArgCaptor.capture()); assertThat(refreshTokenGrantRequestArgCaptor.getValue().getScopes()) - .isEqualTo(new HashSet<>(Arrays.asList(requestScope))); + .isEqualTo(new HashSet<>(Arrays.asList(requestScope))); } @Test @@ -230,9 +237,9 @@ public class RefreshTokenReactiveOAuth2AuthorizedClientProviderTests { .build(); // @formatter:on assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block()) - .withMessageStartingWith("The context attribute must be of type String[] '" - + OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'"); + .isThrownBy(() -> this.authorizedClientProvider.authorize(authorizationContext).block()) + .withMessageStartingWith("The context attribute must be of type String[] '" + + OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME + "'"); } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java index 55408ec955..2b742697cc 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationTokenTests.java @@ -68,7 +68,7 @@ public class OAuth2AuthenticationTokenTests { @Test public void constructorWhenAuthorizedClientRegistrationIdIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthenticationToken(this.principal, this.authorities, null)); + .isThrownBy(() -> new OAuth2AuthenticationToken(this.principal, this.authorities, null)); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java index 495a054659..aa20935f13 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java @@ -81,41 +81,44 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { @Test public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthorizationException() { OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error() - .errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build(); + .errorCode(OAuth2ErrorCodes.INVALID_REQUEST) + .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.authenticationProvider.authenticate( - new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))) - .withMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST); + .isThrownBy(() -> this.authenticationProvider.authenticate( + new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))) + .withMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST); } @Test public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthorizationException() { - OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("67890") - .build(); + OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success() + .state("67890") + .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.authenticationProvider.authenticate( - new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))) - .withMessageContaining("invalid_state_parameter"); + .isThrownBy(() -> this.authenticationProvider.authenticate( + new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange))) + .withMessageContaining("invalid_state_parameter"); } @Test public void authenticateWhenAuthorizationSuccessResponseThenExchangedForAccessToken() { OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() - .refreshToken("refresh").build(); + .refreshToken("refresh") + .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, TestOAuth2AuthorizationResponses.success().build()); OAuth2AuthorizationCodeAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider - .authenticate( - new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)); + .authenticate( + new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)); assertThat(authenticationResult.isAuthenticated()).isTrue(); assertThat(authenticationResult.getPrincipal()).isEqualTo(this.clientRegistration.getClientId()); assertThat(authenticationResult.getCredentials()) - .isEqualTo(accessTokenResponse.getAccessToken().getTokenValue()); + .isEqualTo(accessTokenResponse.getAccessToken().getTokenValue()); assertThat(authenticationResult.getAuthorities()).isEqualTo(Collections.emptyList()); assertThat(authenticationResult.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authenticationResult.getAuthorizationExchange()).isEqualTo(authorizationExchange); @@ -130,15 +133,16 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests { additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse() - .additionalParameters(additionalParameters).build(); + .additionalParameters(additionalParameters) + .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, TestOAuth2AuthorizationResponses.success().build()); OAuth2AuthorizationCodeAuthenticationToken authentication = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider - .authenticate( - new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)); + .authenticate( + new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)); assertThat(authentication.getAdditionalParameters()) - .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); + .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java index 95c18d4ee2..8869e8b037 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationTokenTests.java @@ -56,13 +56,13 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests { @Test public void constructorAuthorizationRequestResponseWhenClientRegistrationIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(null, this.authorizationExchange)); + .isThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(null, this.authorizationExchange)); } @Test public void constructorAuthorizationRequestResponseWhenAuthorizationExchangeIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, null)); + .isThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, null)); } @Test @@ -71,7 +71,7 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests { this.clientRegistration, this.authorizationExchange); assertThat(authentication.getPrincipal()).isEqualTo(this.clientRegistration.getClientId()); assertThat(authentication.getCredentials()) - .isEqualTo(this.authorizationExchange.getAuthorizationResponse().getCode()); + .isEqualTo(this.authorizationExchange.getAuthorizationResponse().getCode()); assertThat(authentication.getAuthorities()).isEqualTo(Collections.emptyList()); assertThat(authentication.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authentication.getAuthorizationExchange()).isEqualTo(this.authorizationExchange); @@ -94,8 +94,8 @@ public class OAuth2AuthorizationCodeAuthenticationTokenTests { @Test public void constructorTokenRequestResponseWhenAccessTokenIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, - this.authorizationExchange, null)); + .isThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, + this.authorizationExchange, null)); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java index b2bd659b5b..af856a2396 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManagerTests.java @@ -96,7 +96,7 @@ public class OAuth2AuthorizationCodeReactiveAuthenticationManagerTests { @Test public void authenticateWhenOAuth2AuthorizationExceptionThenOAuth2AuthorizationException() { given(this.accessTokenResponseClient.getTokenResponse(any())) - .willReturn(Mono.error(() -> new OAuth2AuthorizationException(new OAuth2Error("error")))); + .willReturn(Mono.error(() -> new OAuth2AuthorizationException(new OAuth2Error("error")))); assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> authenticate()); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java index 701b40ac88..a3952924cd 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java @@ -95,13 +95,13 @@ public class OAuth2LoginAuthenticationProviderTests { @Test public void constructorWhenAccessTokenResponseClientIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2LoginAuthenticationProvider(null, this.userService)); + .isThrownBy(() -> new OAuth2LoginAuthenticationProvider(null, this.userService)); } @Test public void constructorWhenUserServiceIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2LoginAuthenticationProvider(this.accessTokenResponseClient, null)); + .isThrownBy(() -> new OAuth2LoginAuthenticationProvider(this.accessTokenResponseClient, null)); } @Test @@ -116,37 +116,40 @@ public class OAuth2LoginAuthenticationProviderTests { @Test public void authenticateWhenAuthorizationRequestContainsOpenidScopeThenReturnNull() { - OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().scope("openid") - .build(); + OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() + .scope("openid") + .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider - .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); assertThat(authentication).isNull(); } @Test public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthenticationException() { OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.error() - .errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build(); + .errorCode(OAuth2ErrorCodes.INVALID_REQUEST) + .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.authenticationProvider.authenticate( - new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange))) - .withMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST); + .isThrownBy(() -> this.authenticationProvider + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange))) + .withMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST); } @Test public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthenticationException() { - OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().state("67890") - .build(); + OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success() + .state("67890") + .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.authenticationProvider.authenticate( - new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange))) - .withMessageContaining("invalid_state_parameter"); + .isThrownBy(() -> this.authenticationProvider + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange))) + .withMessageContaining("invalid_state_parameter"); } @Test @@ -158,7 +161,7 @@ public class OAuth2LoginAuthenticationProviderTests { given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); given(this.userService.loadUser(any())).willReturn(principal); OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider - .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); assertThat(authentication.isAuthenticated()).isTrue(); assertThat(authentication.getPrincipal()).isEqualTo(principal); assertThat(authentication.getCredentials()).isEqualTo(""); @@ -180,10 +183,10 @@ public class OAuth2LoginAuthenticationProviderTests { List mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OAUTH2_USER"); GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class); given(authoritiesMapper.mapAuthorities(anyCollection())) - .willAnswer((Answer>) (invocation) -> mappedAuthorities); + .willAnswer((Answer>) (invocation) -> mappedAuthorities); this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper); OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider - .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); assertThat(authentication.getAuthorities()).isEqualTo(mappedAuthorities); } @@ -198,9 +201,9 @@ public class OAuth2LoginAuthenticationProviderTests { ArgumentCaptor userRequestArgCaptor = ArgumentCaptor.forClass(OAuth2UserRequest.class); given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(principal); this.authenticationProvider - .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()) - .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); + .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); } private OAuth2AccessTokenResponse accessTokenSuccessResponse() { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java index df4e948551..4d19d293a7 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationTokenTests.java @@ -66,13 +66,13 @@ public class OAuth2LoginAuthenticationTokenTests { @Test public void constructorAuthorizationRequestResponseWhenClientRegistrationIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2LoginAuthenticationToken(null, this.authorizationExchange)); + .isThrownBy(() -> new OAuth2LoginAuthenticationToken(null, this.authorizationExchange)); } @Test public void constructorAuthorizationRequestResponseWhenAuthorizationExchangeIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2LoginAuthenticationToken(this.clientRegistration, null)); + .isThrownBy(() -> new OAuth2LoginAuthenticationToken(this.clientRegistration, null)); } @Test @@ -97,15 +97,15 @@ public class OAuth2LoginAuthenticationTokenTests { @Test public void constructorTokenRequestResponseWhenAuthorizationExchangeIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2LoginAuthenticationToken(this.clientRegistration, null, this.principal, - this.authorities, this.accessToken)); + .isThrownBy(() -> new OAuth2LoginAuthenticationToken(this.clientRegistration, null, this.principal, + this.authorities, this.accessToken)); } @Test public void constructorTokenRequestResponseWhenPrincipalIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2LoginAuthenticationToken(this.clientRegistration, - this.authorizationExchange, null, this.authorities, this.accessToken)); + .isThrownBy(() -> new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange, + null, this.authorities, this.accessToken)); } @Test @@ -123,8 +123,8 @@ public class OAuth2LoginAuthenticationTokenTests { @Test public void constructorTokenRequestResponseWhenAccessTokenIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2LoginAuthenticationToken(this.clientRegistration, - this.authorizationExchange, this.principal, this.authorities, null)); + .isThrownBy(() -> new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange, + this.principal, this.authorities, null)); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java index cd3854b09b..86075e83d2 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java @@ -78,7 +78,7 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration(); OAuth2AuthorizationResponse.Builder authorizationResponseBldr = OAuth2AuthorizationResponse.success("code") - .state("state"); + .state("state"); private OAuth2LoginReactiveAuthenticationManager manager; @@ -130,20 +130,21 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { .state("state"); // @formatter:on assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.manager.authenticate(loginToken()).block()); + .isThrownBy(() -> this.manager.authenticate(loginToken()).block()); } @Test public void authenticationWhenStateDoesNotMatchThenOAuth2AuthenticationException() { this.authorizationResponseBldr.state("notmatch"); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.manager.authenticate(loginToken()).block()); + .isThrownBy(() -> this.manager.authenticate(loginToken()).block()); } @Test public void authenticationWhenOAuth2UserNotFoundThenEmpty() { OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo") - .tokenType(OAuth2AccessToken.TokenType.BEARER).build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); given(this.userService.loadUser(any())).willReturn(Mono.empty()); assertThat(this.manager.authenticate(loginToken()).block()).isNull(); @@ -152,13 +153,14 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { @Test public void authenticationWhenOAuth2UserFoundThenSuccess() { OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo") - .tokenType(OAuth2AccessToken.TokenType.BEARER).build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user"); given(this.userService.loadUser(any())).willReturn(Mono.just(user)); OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken()) - .block(); + .block(); assertThat(result.getPrincipal()).isEqualTo(user); assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities()); assertThat(result.isAuthenticated()).isTrue(); @@ -171,7 +173,9 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo") - .tokenType(OAuth2AccessToken.TokenType.BEARER).additionalParameters(additionalParameters).build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .additionalParameters(additionalParameters) + .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user"); @@ -179,13 +183,14 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(Mono.just(user)); this.manager.authenticate(loginToken()).block(); assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()) - .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); + .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); } @Test public void authenticateWhenAuthoritiesMapperSetThenReturnMappedAuthorities() { OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo") - .tokenType(OAuth2AccessToken.TokenType.BEARER).build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .build(); given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user"); @@ -193,21 +198,25 @@ public class OAuth2LoginReactiveAuthenticationManagerTests { List mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OAUTH_USER"); GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class); given(authoritiesMapper.mapAuthorities(anyCollection())) - .willAnswer((Answer>) (invocation) -> mappedAuthorities); + .willAnswer((Answer>) (invocation) -> mappedAuthorities); this.manager.setAuthoritiesMapper(authoritiesMapper); OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken()) - .block(); + .block(); assertThat(result.getAuthorities()).isEqualTo(mappedAuthorities); } private OAuth2AuthorizationCodeAuthenticationToken loginToken() { ClientRegistration clientRegistration = this.registration.build(); - OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode().state("state") - .clientId(clientRegistration.getClientId()) - .authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()) - .redirectUri(clientRegistration.getRedirectUri()).scopes(clientRegistration.getScopes()).build(); + OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() + .state("state") + .clientId(clientRegistration.getClientId()) + .authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()) + .redirectUri(clientRegistration.getRedirectUri()) + .scopes(clientRegistration.getScopes()) + .build(); OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBldr - .redirectUri(clientRegistration.getRedirectUri()).build(); + .redirectUri(clientRegistration.getRedirectUri()) + .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse); return new OAuth2AuthorizationCodeAuthenticationToken(clientRegistration, authorizationExchange); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java index ef56e7fc38..40318b27f4 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java @@ -114,13 +114,13 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); Instant expiresAtBefore = Instant.now().plusSeconds(3600); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build())); + .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build())); Instant expiresAtAfter = Instant.now().plusSeconds(3600); RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) - .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); + .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=authorization_code"); assertThat(formParameters).contains("code=code-1234"); @@ -161,7 +161,8 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); ClientRegistration clientRegistration = this.clientRegistration - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST).build(); + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST) + .build(); this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest(clientRegistration)); RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); @@ -200,7 +201,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters) - .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); + .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); assertThat(formParameters).contains("client_assertion="); } @@ -231,7 +232,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters) - .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); + .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); assertThat(formParameters).contains("client_assertion="); } @@ -263,11 +264,11 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient - .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build()))) - .withMessageContaining( - "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response") - .withMessageContaining("tokenType cannot be null"); + .isThrownBy(() -> this.tokenResponseClient + .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build()))) + .withMessageContaining( + "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response") + .withMessageContaining("tokenType cannot be null"); } @Test @@ -279,11 +280,11 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient - .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build()))) - .withMessageContaining( - "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response") - .withMessageContaining("tokenType cannot be null"); + .isThrownBy(() -> this.tokenResponseClient + .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build()))) + .withMessageContaining( + "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response") + .withMessageContaining("tokenType cannot be null"); } @Test @@ -299,7 +300,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build())); + .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build())); assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -315,7 +316,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build())); + .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build())); assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty(); } @@ -323,10 +324,11 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenTokenUriInvalidThenThrowOAuth2AuthorizationException() { String invalidTokenUri = "https://invalid-provider.com/oauth2/token"; ClientRegistration clientRegistration = this.clientRegistration.tokenUri(invalidTokenUri).build(); - assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy( - () -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest(clientRegistration))) - .withMessageContaining( - "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); + assertThatExceptionOfType(OAuth2AuthorizationException.class) + .isThrownBy( + () -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest(clientRegistration))) + .withMessageContaining( + "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); } @Test @@ -344,10 +346,10 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient - .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build()))) - .withMessageContaining( - "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.tokenResponseClient + .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build()))) + .withMessageContaining( + "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); } @Test @@ -355,28 +357,33 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; this.server.enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(400)); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient - .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build()))) - .withMessageContaining("[unauthorized_client]"); + .isThrownBy(() -> this.tokenResponseClient + .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build()))) + .withMessageContaining("[unauthorized_client]"); } @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { this.server.enqueue(new MockResponse().setResponseCode(500)); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient - .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build()))) - .withMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve " - + "the OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.tokenResponseClient + .getTokenResponse(authorizationCodeGrantRequest(this.clientRegistration.build()))) + .withMessageContaining("[invalid_token_response] An error occurred while attempting to retrieve " + + "the OAuth 2.0 Access Token Response"); } private OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest(ClientRegistration clientRegistration) { OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() - .clientId(clientRegistration.getClientId()).state("state-1234") - .authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()) - .redirectUri(clientRegistration.getRedirectUri()).scopes(clientRegistration.getScopes()).build(); + .clientId(clientRegistration.getClientId()) + .state("state-1234") + .authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()) + .redirectUri(clientRegistration.getRedirectUri()) + .scopes(clientRegistration.getScopes()) + .build(); OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse.success("code-1234") - .state("state-1234").redirectUri(clientRegistration.getRedirectUri()).build(); + .state("state-1234") + .redirectUri(clientRegistration.getRedirectUri()) + .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse); return new OAuth2AuthorizationCodeGrantRequest(clientRegistration, authorizationExchange); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java index 38a2c62c61..f9b393320f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClientTests.java @@ -117,13 +117,13 @@ public class DefaultClientCredentialsTokenResponseClientTests { OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration.build()); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(clientCredentialsGrantRequest); + .getTokenResponse(clientCredentialsGrantRequest); Instant expiresAtAfter = Instant.now().plusSeconds(3600); RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) - .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); + .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=client_credentials"); assertThat(formParameters).contains("scope=read+write"); @@ -165,7 +165,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); ClientRegistration clientRegistration = this.clientRegistration - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST).build(); + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST) + .build(); OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( clientRegistration); this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest); @@ -208,7 +209,7 @@ public class DefaultClientCredentialsTokenResponseClientTests { assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters) - .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); + .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); assertThat(formParameters).contains("client_assertion="); } @@ -241,7 +242,7 @@ public class DefaultClientCredentialsTokenResponseClientTests { assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters) - .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); + .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); assertThat(formParameters).contains("client_assertion="); } @@ -266,10 +267,10 @@ public class DefaultClientCredentialsTokenResponseClientTests { OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration.build()); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) - .withMessageContaining( - "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response") - .withMessageContaining("tokenType cannot be null"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) + .withMessageContaining( + "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response") + .withMessageContaining("tokenType cannot be null"); } @Test @@ -279,10 +280,10 @@ public class DefaultClientCredentialsTokenResponseClientTests { OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration.build()); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) - .withMessageContaining( - "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response") - .withMessageContaining("tokenType cannot be null"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) + .withMessageContaining( + "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response") + .withMessageContaining("tokenType cannot be null"); } @Test @@ -299,7 +300,7 @@ public class DefaultClientCredentialsTokenResponseClientTests { OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration.build()); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(clientCredentialsGrantRequest); + .getTokenResponse(clientCredentialsGrantRequest); assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -316,7 +317,7 @@ public class DefaultClientCredentialsTokenResponseClientTests { OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration.build()); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(clientCredentialsGrantRequest); + .getTokenResponse(clientCredentialsGrantRequest); assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty(); } @@ -327,9 +328,9 @@ public class DefaultClientCredentialsTokenResponseClientTests { OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( clientRegistration); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) - .withMessageContaining( - "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) + .withMessageContaining( + "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); } @Test @@ -348,9 +349,9 @@ public class DefaultClientCredentialsTokenResponseClientTests { OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration.build()); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) - .withMessageContaining( - "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) + .withMessageContaining( + "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); } @Test @@ -364,8 +365,8 @@ public class DefaultClientCredentialsTokenResponseClientTests { OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration.build()); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) - .withMessageContaining("[unauthorized_client]"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) + .withMessageContaining("[unauthorized_client]"); } @Test @@ -374,9 +375,9 @@ public class DefaultClientCredentialsTokenResponseClientTests { OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration.build()); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) - .withMessageContaining( - "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(clientCredentialsGrantRequest)) + .withMessageContaining( + "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response"); } private MockResponse jsonResponse(String json) { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultJwtBearerTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultJwtBearerTokenResponseClientTests.java index 3c749a8c69..c1f04fe8a5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultJwtBearerTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultJwtBearerTokenResponseClientTests.java @@ -111,16 +111,16 @@ public class DefaultJwtBearerTokenResponseClientTests { ClientRegistration clientRegistration = this.clientRegistration.build(); JwtBearerGrantRequest jwtBearerGrantRequest = new JwtBearerGrantRequest(clientRegistration, this.jwtAssertion); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(jwtBearerGrantRequest); + .getTokenResponse(jwtBearerGrantRequest); Instant expiresAtAfter = Instant.now().plusSeconds(3600); RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) - .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); + .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters) - .contains("grant_type=" + URLEncoder.encode(AuthorizationGrantType.JWT_BEARER.getValue(), "UTF-8")); + .contains("grant_type=" + URLEncoder.encode(AuthorizationGrantType.JWT_BEARER.getValue(), "UTF-8")); assertThat(formParameters).contains("scope=read+write"); assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); @@ -157,7 +157,8 @@ public class DefaultJwtBearerTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); ClientRegistration clientRegistration = this.clientRegistration - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST).build(); + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST) + .build(); JwtBearerGrantRequest jwtBearerGrantRequest = new JwtBearerGrantRequest(clientRegistration, this.jwtAssertion); this.tokenResponseClient.getTokenResponse(jwtBearerGrantRequest); RecordedRequest recordedRequest = this.server.takeRequest(); @@ -180,10 +181,10 @@ public class DefaultJwtBearerTokenResponseClientTests { JwtBearerGrantRequest jwtBearerGrantRequest = new JwtBearerGrantRequest(this.clientRegistration.build(), this.jwtAssertion); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(jwtBearerGrantRequest)) - .withMessageContaining( - "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response") - .withMessageContaining("tokenType cannot be null"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(jwtBearerGrantRequest)) + .withMessageContaining( + "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response") + .withMessageContaining("tokenType cannot be null"); } @Test @@ -200,7 +201,7 @@ public class DefaultJwtBearerTokenResponseClientTests { JwtBearerGrantRequest jwtBearerGrantRequest = new JwtBearerGrantRequest(this.clientRegistration.build(), this.jwtAssertion); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(jwtBearerGrantRequest); + .getTokenResponse(jwtBearerGrantRequest); assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read"); } @@ -217,7 +218,7 @@ public class DefaultJwtBearerTokenResponseClientTests { JwtBearerGrantRequest jwtBearerGrantRequest = new JwtBearerGrantRequest(this.clientRegistration.build(), this.jwtAssertion); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(jwtBearerGrantRequest); + .getTokenResponse(jwtBearerGrantRequest); assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty(); } @@ -228,8 +229,8 @@ public class DefaultJwtBearerTokenResponseClientTests { JwtBearerGrantRequest jwtBearerGrantRequest = new JwtBearerGrantRequest(this.clientRegistration.build(), this.jwtAssertion); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(jwtBearerGrantRequest)) - .withMessageContaining("[invalid_grant]"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(jwtBearerGrantRequest)) + .withMessageContaining("[invalid_grant]"); } @Test @@ -238,9 +239,9 @@ public class DefaultJwtBearerTokenResponseClientTests { JwtBearerGrantRequest jwtBearerGrantRequest = new JwtBearerGrantRequest(this.clientRegistration.build(), this.jwtAssertion); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(jwtBearerGrantRequest)) - .withMessageContaining("[invalid_token_response] An error occurred while attempting to " - + "retrieve the OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(jwtBearerGrantRequest)) + .withMessageContaining("[invalid_token_response] An error occurred while attempting to " + + "retrieve the OAuth 2.0 Access Token Response"); } private MockResponse jsonResponse(String json) { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java index 23cb975342..84555d3381 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultPasswordTokenResponseClientTests.java @@ -117,7 +117,7 @@ public class DefaultPasswordTokenResponseClientTests { assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) - .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); + .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=password"); assertThat(formParameters).contains("username=user1"); @@ -127,7 +127,7 @@ public class DefaultPasswordTokenResponseClientTests { assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); assertThat(accessTokenResponse.getAccessToken().getScopes()) - .containsExactly(clientRegistration.getScopes().toArray(new String[0])); + .containsExactly(clientRegistration.getScopes().toArray(new String[0])); assertThat(accessTokenResponse.getRefreshToken()).isNull(); } @@ -143,7 +143,8 @@ public class DefaultPasswordTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); ClientRegistration clientRegistration = this.clientRegistration - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST).build(); + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST) + .build(); OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, this.username, this.password); this.tokenResponseClient.getTokenResponse(passwordGrantRequest); @@ -186,7 +187,7 @@ public class DefaultPasswordTokenResponseClientTests { assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters) - .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); + .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); assertThat(formParameters).contains("client_assertion="); } @@ -219,7 +220,7 @@ public class DefaultPasswordTokenResponseClientTests { assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters) - .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); + .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); assertThat(formParameters).contains("client_assertion="); } @@ -244,10 +245,10 @@ public class DefaultPasswordTokenResponseClientTests { OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistration.build(), this.username, this.password); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest)) - .withMessageContaining( - "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response") - .withMessageContaining("tokenType cannot be null"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest)) + .withMessageContaining( + "[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response") + .withMessageContaining("tokenType cannot be null"); } @Test @@ -293,8 +294,8 @@ public class DefaultPasswordTokenResponseClientTests { OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistration.build(), this.username, this.password); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest)) - .withMessageContaining("[unauthorized_client]"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest)) + .withMessageContaining("[unauthorized_client]"); } @Test @@ -303,9 +304,9 @@ public class DefaultPasswordTokenResponseClientTests { OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistration.build(), this.username, this.password); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest)) - .withMessageContaining("[invalid_token_response] An error occurred while attempting to " - + "retrieve the OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest)) + .withMessageContaining("[invalid_token_response] An error occurred while attempting to " + + "retrieve the OAuth 2.0 Access Token Response"); } private MockResponse jsonResponse(String json) { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java index cad2bbcf04..f252e65046 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultRefreshTokenTokenResponseClientTests.java @@ -113,13 +113,13 @@ public class DefaultRefreshTokenTokenResponseClientTests { OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistration.build(), this.accessToken, this.refreshToken); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(refreshTokenGrantRequest); + .getTokenResponse(refreshTokenGrantRequest); Instant expiresAtAfter = Instant.now().plusSeconds(3600); RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_UTF8_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) - .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); + .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=refresh_token"); @@ -128,7 +128,7 @@ public class DefaultRefreshTokenTokenResponseClientTests { assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); assertThat(accessTokenResponse.getAccessToken().getScopes()) - .containsExactly(this.accessToken.getScopes().toArray(new String[0])); + .containsExactly(this.accessToken.getScopes().toArray(new String[0])); assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo(this.refreshToken.getTokenValue()); } @@ -143,13 +143,14 @@ public class DefaultRefreshTokenTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); ClientRegistration clientRegistration = this.clientRegistration - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST).build(); + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST) + .build(); OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration, this.accessToken, this.refreshToken); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(refreshTokenGrantRequest); + .getTokenResponse(refreshTokenGrantRequest); assertThat(accessTokenResponse.getAccessToken().getScopes()) - .containsExactly(this.accessToken.getScopes().toArray(new String[0])); + .containsExactly(this.accessToken.getScopes().toArray(new String[0])); } @Test @@ -163,7 +164,8 @@ public class DefaultRefreshTokenTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); ClientRegistration clientRegistration = this.clientRegistration - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST).build(); + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST) + .build(); OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration, this.accessToken, this.refreshToken); this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest); @@ -206,7 +208,7 @@ public class DefaultRefreshTokenTokenResponseClientTests { assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters) - .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); + .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); assertThat(formParameters).contains("client_assertion="); } @@ -239,7 +241,7 @@ public class DefaultRefreshTokenTokenResponseClientTests { assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters) - .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); + .contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"); assertThat(formParameters).contains("client_assertion="); } @@ -264,10 +266,10 @@ public class DefaultRefreshTokenTokenResponseClientTests { OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistration.build(), this.accessToken, this.refreshToken); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest)) - .withMessageContaining("[invalid_token_response] An error occurred while attempting to " - + "retrieve the OAuth 2.0 Access Token Response") - .withMessageContaining("tokenType cannot be null"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest)) + .withMessageContaining("[invalid_token_response] An error occurred while attempting to " + + "retrieve the OAuth 2.0 Access Token Response") + .withMessageContaining("tokenType cannot be null"); } @Test @@ -284,7 +286,7 @@ public class DefaultRefreshTokenTokenResponseClientTests { OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistration.build(), this.accessToken, this.refreshToken, Collections.singleton("read")); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(refreshTokenGrantRequest); + .getTokenResponse(refreshTokenGrantRequest); RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("scope=read"); @@ -298,8 +300,8 @@ public class DefaultRefreshTokenTokenResponseClientTests { OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistration.build(), this.accessToken, this.refreshToken); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest)) - .withMessageContaining("[unauthorized_client]"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest)) + .withMessageContaining("[unauthorized_client]"); } @Test @@ -308,9 +310,9 @@ public class DefaultRefreshTokenTokenResponseClientTests { OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistration.build(), this.accessToken, this.refreshToken); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest)) - .withMessageContaining("[invalid_token_response] An error occurred while attempting to " - + "retrieve the OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest)) + .withMessageContaining("[invalid_token_response] An error occurred while attempting to " + + "retrieve the OAuth 2.0 Access Token Response"); } private MockResponse jsonResponse(String json) { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/JwtBearerGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/JwtBearerGrantRequestEntityConverterTests.java index 4dc03b324c..c284d2d179 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/JwtBearerGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/JwtBearerGrantRequestEntityConverterTests.java @@ -57,25 +57,25 @@ public class JwtBearerGrantRequestEntityConverterTests { @Test public void setHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } @Test public void addHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.addHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } @Test public void setParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test public void addParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.addParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test @@ -132,15 +132,15 @@ public class JwtBearerGrantRequestEntityConverterTests { RequestEntity requestEntity = this.converter.convert(jwtBearerGrantRequest); assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) - .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); + .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.valueOf(MediaType.APPLICATION_JSON_UTF8_VALUE)); assertThat(headers.getContentType()) - .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); + .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) - .isEqualTo(AuthorizationGrantType.JWT_BEARER.getValue()); + .isEqualTo(AuthorizationGrantType.JWT_BEARER.getValue()); assertThat(formParameters.getFirst(OAuth2ParameterNames.ASSERTION)).isEqualTo(jwtAssertion.getTokenValue()); assertThat(formParameters.getFirst(OAuth2ParameterNames.SCOPE)).isEqualTo("read write"); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/JwtBearerGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/JwtBearerGrantRequestTests.java index 1d1ed41f80..ef75fa4916 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/JwtBearerGrantRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/JwtBearerGrantRequestTests.java @@ -35,28 +35,29 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException public class JwtBearerGrantRequestTests { private final ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() - .authorizationGrantType(AuthorizationGrantType.JWT_BEARER).build(); + .authorizationGrantType(AuthorizationGrantType.JWT_BEARER) + .build(); private final Jwt jwtAssertion = TestJwts.jwt().build(); @Test public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> new JwtBearerGrantRequest(null, this.jwtAssertion)) - .withMessage("clientRegistration cannot be null"); + .withMessage("clientRegistration cannot be null"); } @Test public void constructorWhenJwtIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> new JwtBearerGrantRequest(this.clientRegistration, null)) - .withMessage("jwt cannot be null"); + .withMessage("jwt cannot be null"); } @Test public void constructorWhenClientRegistrationInvalidGrantTypeThenThrowIllegalArgumentException() { ClientRegistration registration = TestClientRegistrations.clientCredentials().build(); assertThatIllegalArgumentException() - .isThrownBy(() -> new JwtBearerGrantRequest(registration, this.jwtAssertion)) - .withMessage("clientRegistration.authorizationGrantType must be AuthorizationGrantType.JWT_BEARER"); + .isThrownBy(() -> new JwtBearerGrantRequest(registration, this.jwtAssertion)) + .withMessage("clientRegistration.authorizationGrantType must be AuthorizationGrantType.JWT_BEARER"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java index d65c91f471..01cbe8a86f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClientTests.java @@ -61,7 +61,7 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { @BeforeEach public void setUp() { this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration() - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); this.authorizationRequest = TestOAuth2AuthorizationRequests.request().build(); this.authorizationResponse = TestOAuth2AuthorizationResponses.success().build(); this.authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, @@ -83,14 +83,14 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { + "}\n"; // @formatter:on server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) - .setBody(accessTokenSuccessResponse)); + .setBody(accessTokenSuccessResponse)); server.start(); String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); Instant expiresAtBefore = Instant.now().plusSeconds(3600); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), - this.authorizationExchange)); + .getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(this.clientRegistrationBuilder.build(), + this.authorizationExchange)); Instant expiresAtAfter = Instant.now().plusSeconds(3600); server.shutdown(); assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); @@ -107,12 +107,13 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { public void getTokenResponseWhenRedirectUriMalformedThenThrowIllegalArgumentException() { String redirectUri = "http:\\example.com"; OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .redirectUri(redirectUri).build(); + .redirectUri(redirectUri) + .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); assertThatIllegalArgumentException() - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( - this.clientRegistrationBuilder.build(), authorizationExchange))); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( + this.clientRegistrationBuilder.build(), authorizationExchange))); } @Test @@ -120,8 +121,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { String tokenUri = "http:\\provider.com\\oauth2\\token"; this.clientRegistrationBuilder.tokenUri(tokenUri); assertThatIllegalArgumentException() - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( - this.clientRegistrationBuilder.build(), this.authorizationExchange))); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( + this.clientRegistrationBuilder.build(), this.authorizationExchange))); } @Test @@ -138,15 +139,15 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { // "}\n"; // Make the JSON invalid/malformed // @formatter:on server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) - .setBody(accessTokenSuccessResponse)); + .setBody(accessTokenSuccessResponse)); server.start(); String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); try { assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( - this.clientRegistrationBuilder.build(), this.authorizationExchange))) - .withMessageContaining("invalid_token_response"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( + this.clientRegistrationBuilder.build(), this.authorizationExchange))) + .withMessageContaining("invalid_token_response"); } finally { server.shutdown(); @@ -158,8 +159,8 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { String tokenUri = "https://invalid-provider.com/oauth2/token"; this.clientRegistrationBuilder.tokenUri(tokenUri); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( - this.clientRegistrationBuilder.build(), this.authorizationExchange))); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( + this.clientRegistrationBuilder.build(), this.authorizationExchange))); } @Test @@ -171,15 +172,16 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { + "}\n"; // @formatter:on server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) - .setResponseCode(500).setBody(accessTokenErrorResponse)); + .setResponseCode(500) + .setBody(accessTokenErrorResponse)); server.start(); String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); try { assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( - this.clientRegistrationBuilder.build(), this.authorizationExchange))) - .withMessageContaining("unauthorized_client"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( + this.clientRegistrationBuilder.build(), this.authorizationExchange))) + .withMessageContaining("unauthorized_client"); } finally { server.shutdown(); @@ -196,9 +198,9 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { this.clientRegistrationBuilder.tokenUri(tokenUri); try { assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( - this.clientRegistrationBuilder.build(), this.authorizationExchange))) - .withMessageContaining("server_error"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( + this.clientRegistrationBuilder.build(), this.authorizationExchange))) + .withMessageContaining("server_error"); } finally { server.shutdown(); @@ -217,15 +219,15 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { + "}\n"; // @formatter:on server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) - .setBody(accessTokenSuccessResponse)); + .setBody(accessTokenSuccessResponse)); server.start(); String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); try { assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( - this.clientRegistrationBuilder.build(), this.authorizationExchange))) - .withMessageContaining("invalid_token_response"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest( + this.clientRegistrationBuilder.build(), this.authorizationExchange))) + .withMessageContaining("invalid_token_response"); } finally { server.shutdown(); @@ -245,12 +247,13 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { + "}\n"; // @formatter:on server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) - .setBody(accessTokenSuccessResponse)); + .setBody(accessTokenSuccessResponse)); server.start(); String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .scope("openid", "profile", "email", "address").build(); + .scope("openid", "profile", "email", "address") + .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse( @@ -271,12 +274,13 @@ public class NimbusAuthorizationCodeTokenResponseClientTests { + "}\n"; // @formatter:on server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) - .setBody(accessTokenSuccessResponse)); + .setBody(accessTokenSuccessResponse)); server.start(); String tokenUri = server.url("/oauth2/token").toString(); this.clientRegistrationBuilder.tokenUri(tokenUri); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .scope("openid", "profile", "email", "address").build(); + .scope("openid", "profile", "email", "address") + .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse( diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusJwtClientAuthenticationParametersConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusJwtClientAuthenticationParametersConverterTests.java index 4770fe3b2e..6fd2833cd5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusJwtClientAuthenticationParametersConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/NimbusJwtClientAuthenticationParametersConverterTests.java @@ -73,20 +73,20 @@ public class NimbusJwtClientAuthenticationParametersConverterTests { @Test public void constructorWhenJwkResolverNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new NimbusJwtClientAuthenticationParametersConverter<>(null)) - .withMessage("jwkResolver cannot be null"); + .isThrownBy(() -> new NimbusJwtClientAuthenticationParametersConverter<>(null)) + .withMessage("jwkResolver cannot be null"); } @Test public void convertWhenAuthorizationGrantRequestNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.convert(null)) - .withMessage("authorizationGrantRequest cannot be null"); + .withMessage("authorizationGrantRequest cannot be null"); } @Test public void setJwtClientAssertionCustomizerWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setJwtClientAssertionCustomizer(null)) - .withMessage("jwtClientAssertionCustomizer cannot be null"); + .withMessage("jwtClientAssertionCustomizer cannot be null"); } @Test @@ -112,9 +112,9 @@ public class NimbusJwtClientAuthenticationParametersConverterTests { OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( clientRegistration); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.converter.convert(clientCredentialsGrantRequest)) - .withMessage("[invalid_key] Failed to resolve JWK signing key for client registration '" - + clientRegistration.getRegistrationId() + "'."); + .isThrownBy(() -> this.converter.convert(clientCredentialsGrantRequest)) + .withMessage("[invalid_key] Failed to resolve JWK signing key for client registration '" + + clientRegistration.getRegistrationId() + "'."); } @Test @@ -133,7 +133,7 @@ public class NimbusJwtClientAuthenticationParametersConverterTests { MultiValueMap parameters = this.converter.convert(clientCredentialsGrantRequest); assertThat(parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION_TYPE)) - .isEqualTo("urn:ietf:params:oauth:client-assertion-type:jwt-bearer"); + .isEqualTo("urn:ietf:params:oauth:client-assertion-type:jwt-bearer"); String encodedJws = parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION); assertThat(encodedJws).isNotNull(); @@ -145,7 +145,7 @@ public class NimbusJwtClientAuthenticationParametersConverterTests { assertThat(jws.getClaim(JwtClaimNames.ISS)).isEqualTo(clientRegistration.getClientId()); assertThat(jws.getSubject()).isEqualTo(clientRegistration.getClientId()); assertThat(jws.getAudience()) - .isEqualTo(Collections.singletonList(clientRegistration.getProviderDetails().getTokenUri())); + .isEqualTo(Collections.singletonList(clientRegistration.getProviderDetails().getTokenUri())); assertThat(jws.getId()).isNotNull(); assertThat(jws.getIssuedAt()).isNotNull(); assertThat(jws.getExpiresAt()).isNotNull(); @@ -167,7 +167,7 @@ public class NimbusJwtClientAuthenticationParametersConverterTests { MultiValueMap parameters = this.converter.convert(clientCredentialsGrantRequest); assertThat(parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION_TYPE)) - .isEqualTo("urn:ietf:params:oauth:client-assertion-type:jwt-bearer"); + .isEqualTo("urn:ietf:params:oauth:client-assertion-type:jwt-bearer"); String encodedJws = parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION); assertThat(encodedJws).isNotNull(); @@ -179,7 +179,7 @@ public class NimbusJwtClientAuthenticationParametersConverterTests { assertThat(jws.getClaim(JwtClaimNames.ISS)).isEqualTo(clientRegistration.getClientId()); assertThat(jws.getSubject()).isEqualTo(clientRegistration.getClientId()); assertThat(jws.getAudience()) - .isEqualTo(Collections.singletonList(clientRegistration.getProviderDetails().getTokenUri())); + .isEqualTo(Collections.singletonList(clientRegistration.getProviderDetails().getTokenUri())); assertThat(jws.getId()).isNotNull(); assertThat(jws.getIssuedAt()).isNotNull(); assertThat(jws.getExpiresAt()).isNotNull(); @@ -210,7 +210,7 @@ public class NimbusJwtClientAuthenticationParametersConverterTests { MultiValueMap parameters = this.converter.convert(clientCredentialsGrantRequest); assertThat(parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION_TYPE)) - .isEqualTo("urn:ietf:params:oauth:client-assertion-type:jwt-bearer"); + .isEqualTo("urn:ietf:params:oauth:client-assertion-type:jwt-bearer"); String encodedJws = parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION); assertThat(encodedJws).isNotNull(); @@ -223,7 +223,7 @@ public class NimbusJwtClientAuthenticationParametersConverterTests { assertThat(jws.getClaim(JwtClaimNames.ISS)).isEqualTo(clientRegistration.getClientId()); assertThat(jws.getSubject()).isEqualTo(clientRegistration.getClientId()); assertThat(jws.getAudience()) - .isEqualTo(Collections.singletonList(clientRegistration.getProviderDetails().getTokenUri())); + .isEqualTo(Collections.singletonList(clientRegistration.getProviderDetails().getTokenUri())); assertThat(jws.getId()).isNotNull(); assertThat(jws.getIssuedAt()).isNotNull(); assertThat(jws.getExpiresAt()).isNotNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java index ca3c3a9c8d..3c722fb050 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java @@ -64,25 +64,25 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests { @Test public void setHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } @Test public void addHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.addHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } @Test public void setParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test public void addParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.addParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test @@ -131,33 +131,37 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests { RequestEntity requestEntity = this.converter.convert(authorizationCodeGrantRequest); assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) - .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); + .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) - .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); + .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) - .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()); + .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()); assertThat(formParameters.getFirst(OAuth2ParameterNames.CODE)).isEqualTo(authorizationResponse.getCode()); assertThat(formParameters.getFirst(OAuth2ParameterNames.CLIENT_ID)).isNull(); assertThat(formParameters.getFirst(OAuth2ParameterNames.REDIRECT_URI)) - .isEqualTo(authorizationRequest.getRedirectUri()); + .isEqualTo(authorizationRequest.getRedirectUri()); } @SuppressWarnings("unchecked") @Test public void convertWhenPkceGrantRequestValidThenConverts() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() - .clientAuthenticationMethod(null).clientSecret(null).build(); + .clientAuthenticationMethod(null) + .clientSecret(null) + .build(); Map attributes = new HashMap<>(); attributes.put(PkceParameterNames.CODE_VERIFIER, "code-verifier-1234"); Map additionalParameters = new HashMap<>(); additionalParameters.put(PkceParameterNames.CODE_CHALLENGE, "code-challenge-1234"); additionalParameters.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256"); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .attributes(attributes).additionalParameters(additionalParameters).build(); + .attributes(attributes) + .additionalParameters(additionalParameters) + .build(); OAuth2AuthorizationResponse authorizationResponse = TestOAuth2AuthorizationResponses.success().build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse); @@ -166,22 +170,22 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests { RequestEntity requestEntity = this.converter.convert(authorizationCodeGrantRequest); assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) - .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); + .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) - .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); + .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).isNull(); MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) - .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()); + .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()); assertThat(formParameters.getFirst(OAuth2ParameterNames.CODE)).isEqualTo(authorizationResponse.getCode()); assertThat(formParameters.getFirst(OAuth2ParameterNames.REDIRECT_URI)) - .isEqualTo(authorizationRequest.getRedirectUri()); + .isEqualTo(authorizationRequest.getRedirectUri()); assertThat(formParameters.getFirst(OAuth2ParameterNames.CLIENT_ID)) - .isEqualTo(authorizationRequest.getClientId()); + .isEqualTo(authorizationRequest.getClientId()); assertThat(formParameters.getFirst(PkceParameterNames.CODE_VERIFIER)) - .isEqualTo(authorizationRequest.getAttribute(PkceParameterNames.CODE_VERIFIER)); + .isEqualTo(authorizationRequest.getAttribute(PkceParameterNames.CODE_VERIFIER)); } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java index e3788be50f..8a7cf22045 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestTests.java @@ -48,13 +48,13 @@ public class OAuth2AuthorizationCodeGrantRequestTests { @Test public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizationCodeGrantRequest(null, this.authorizationExchange)); + .isThrownBy(() -> new OAuth2AuthorizationCodeGrantRequest(null, this.authorizationExchange)); } @Test public void constructorWhenAuthorizationExchangeIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizationCodeGrantRequest(this.clientRegistration, null)); + .isThrownBy(() -> new OAuth2AuthorizationCodeGrantRequest(this.clientRegistration, null)); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java index c33aad0a35..f988edcd3c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java @@ -59,25 +59,25 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverterTests { @Test public void setHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } @Test public void addHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.addHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } @Test public void setParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test public void addParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.addParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test @@ -121,15 +121,15 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverterTests { RequestEntity requestEntity = this.converter.convert(clientCredentialsGrantRequest); assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) - .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); + .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) - .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); + .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) - .isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()); + .isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()); assertThat(formParameters.getFirst(OAuth2ParameterNames.SCOPE)).contains(clientRegistration.getScopes()); } @@ -150,19 +150,20 @@ public class OAuth2ClientCredentialsGrantRequestEntityConverterTests { RequestEntity requestEntity = this.converter.convert(clientCredentialsGrantRequest); assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) - .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); + .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) - .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); + .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); String urlEncodedClientCredential = URLEncoder.encode(clientCredentialWithAnsiKeyboardSpecialCharacters, StandardCharsets.UTF_8.toString()); - String clientCredentials = Base64.getEncoder().encodeToString( - (urlEncodedClientCredential + ":" + urlEncodedClientCredential).getBytes(StandardCharsets.UTF_8)); + String clientCredentials = Base64.getEncoder() + .encodeToString( + (urlEncodedClientCredential + ":" + urlEncodedClientCredential).getBytes(StandardCharsets.UTF_8)); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic " + clientCredentials); MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) - .isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()); + .isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()); assertThat(formParameters.getFirst(OAuth2ParameterNames.SCOPE)).contains(clientRegistration.getScopes()); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java index abffc98849..96f2a0e6ac 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java @@ -66,8 +66,8 @@ public class OAuth2ClientCredentialsGrantRequestTests { .build(); // @formatter:on assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2ClientCredentialsGrantRequest(clientRegistration)).withMessage( - "clientRegistration.authorizationGrantType must be AuthorizationGrantType.CLIENT_CREDENTIALS"); + .isThrownBy(() -> new OAuth2ClientCredentialsGrantRequest(clientRegistration)) + .withMessage("clientRegistration.authorizationGrantType must be AuthorizationGrantType.CLIENT_CREDENTIALS"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java index 71560017d4..d884559f73 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestEntityConverterTests.java @@ -54,25 +54,25 @@ public class OAuth2PasswordGrantRequestEntityConverterTests { @Test public void setHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } @Test public void addHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.addHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } @Test public void setParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test public void addParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.addParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test @@ -116,15 +116,15 @@ public class OAuth2PasswordGrantRequestEntityConverterTests { RequestEntity requestEntity = this.converter.convert(passwordGrantRequest); assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) - .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); + .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) - .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); + .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) - .isEqualTo(AuthorizationGrantType.PASSWORD.getValue()); + .isEqualTo(AuthorizationGrantType.PASSWORD.getValue()); assertThat(formParameters.getFirst(OAuth2ParameterNames.USERNAME)).isEqualTo("user1"); assertThat(formParameters.getFirst(OAuth2ParameterNames.PASSWORD)).isEqualTo("password"); assertThat(formParameters.getFirst(OAuth2ParameterNames.SCOPE)).contains(clientRegistration.getScopes()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java index 1535cdff04..1d929a95f6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2PasswordGrantRequestTests.java @@ -33,7 +33,8 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException public class OAuth2PasswordGrantRequestTests { private ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() - .authorizationGrantType(AuthorizationGrantType.PASSWORD).build(); + .authorizationGrantType(AuthorizationGrantType.PASSWORD) + .build(); private String username = "user1"; @@ -42,36 +43,36 @@ public class OAuth2PasswordGrantRequestTests { @Test public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2PasswordGrantRequest(null, this.username, this.password)) - .withMessage("clientRegistration cannot be null"); + .isThrownBy(() -> new OAuth2PasswordGrantRequest(null, this.username, this.password)) + .withMessage("clientRegistration cannot be null"); } @Test public void constructorWhenUsernameIsEmptyThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, null, this.password)) - .withMessage("username cannot be empty"); + .isThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, null, this.password)) + .withMessage("username cannot be empty"); assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, "", this.password)) - .withMessage("username cannot be empty"); + .isThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, "", this.password)) + .withMessage("username cannot be empty"); } @Test public void constructorWhenPasswordIsEmptyThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, this.username, null)) - .withMessage("password cannot be empty"); + .isThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, this.username, null)) + .withMessage("password cannot be empty"); assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, this.username, "")) - .withMessage("password cannot be empty"); + .isThrownBy(() -> new OAuth2PasswordGrantRequest(this.clientRegistration, this.username, "")) + .withMessage("password cannot be empty"); } @Test public void constructorWhenClientRegistrationInvalidGrantTypeThenThrowIllegalArgumentException() { ClientRegistration registration = TestClientRegistrations.clientCredentials().build(); assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2PasswordGrantRequest(registration, this.username, this.password)) - .withMessage("clientRegistration.authorizationGrantType must be AuthorizationGrantType.PASSWORD"); + .isThrownBy(() -> new OAuth2PasswordGrantRequest(registration, this.username, this.password)) + .withMessage("clientRegistration.authorizationGrantType must be AuthorizationGrantType.PASSWORD"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java index 05e8968725..1278e92e47 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestEntityConverterTests.java @@ -60,25 +60,25 @@ public class OAuth2RefreshTokenGrantRequestEntityConverterTests { @Test public void setHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } @Test public void addHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.addHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } @Test public void setParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test public void addParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.addParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test @@ -128,15 +128,15 @@ public class OAuth2RefreshTokenGrantRequestEntityConverterTests { RequestEntity requestEntity = this.converter.convert(refreshTokenGrantRequest); assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) - .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); + .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()) - .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); + .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) - .isEqualTo(AuthorizationGrantType.REFRESH_TOKEN.getValue()); + .isEqualTo(AuthorizationGrantType.REFRESH_TOKEN.getValue()); assertThat(formParameters.getFirst(OAuth2ParameterNames.REFRESH_TOKEN)).isEqualTo(refreshToken.getTokenValue()); assertThat(formParameters.getFirst(OAuth2ParameterNames.SCOPE)).isEqualTo("read"); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java index 195c7a9c3f..cc745483ef 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequestTests.java @@ -56,22 +56,22 @@ public class OAuth2RefreshTokenGrantRequestTests { @Test public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2RefreshTokenGrantRequest(null, this.accessToken, this.refreshToken)) - .withMessage("clientRegistration cannot be null"); + .isThrownBy(() -> new OAuth2RefreshTokenGrantRequest(null, this.accessToken, this.refreshToken)) + .withMessage("clientRegistration cannot be null"); } @Test public void constructorWhenAccessTokenIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2RefreshTokenGrantRequest(this.clientRegistration, null, this.refreshToken)) - .withMessage("accessToken cannot be null"); + .isThrownBy(() -> new OAuth2RefreshTokenGrantRequest(this.clientRegistration, null, this.refreshToken)) + .withMessage("accessToken cannot be null"); } @Test public void constructorWhenRefreshTokenIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2RefreshTokenGrantRequest(this.clientRegistration, this.accessToken, null)) - .withMessage("refreshToken cannot be null"); + .isThrownBy(() -> new OAuth2RefreshTokenGrantRequest(this.clientRegistration, this.accessToken, null)) + .withMessage("refreshToken cannot be null"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java index bdc682a269..99cdccc43a 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java @@ -107,7 +107,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); Instant expiresAtBefore = Instant.now().plusSeconds(3600); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(authorizationCodeGrantRequest()).block(); + .getTokenResponse(authorizationCodeGrantRequest()) + .block(); String body = this.server.takeRequest().getBody().readUtf8(); assertThat(body).isEqualTo( "grant_type=authorization_code&code=code&redirect_uri=%7BbaseUrl%7D%2F%7Baction%7D%2Foauth2%2Fcode%2F%7BregistrationId%7D"); @@ -194,23 +195,23 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { @Test public void getTokenResponseWhenErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{\n" + " \"error\": \"unauthorized_client\"\n" + "}\n"; - this.server.enqueue( - jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value())); + this.server + .enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value())); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) - .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("unauthorized_client")) - .withMessageContaining("unauthorized_client"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) + .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("unauthorized_client")) + .withMessageContaining("unauthorized_client"); } // gh-5594 @Test public void getTokenResponseWhenServerErrorResponseThenThrowOAuth2AuthorizationException() { String accessTokenErrorResponse = "{}"; - this.server.enqueue( - jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value())); + this.server + .enqueue(jsonResponse(accessTokenErrorResponse).setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value())); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) - .withMessageContaining("server_error"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) + .withMessageContaining("server_error"); } @Test @@ -224,8 +225,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) - .withMessageContaining("invalid_token_response"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()).block()) + .withMessageContaining("invalid_token_response"); } @Test @@ -241,7 +242,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); this.clientRegistration.scope("openid", "profile", "email", "address"); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(authorizationCodeGrantRequest()).block(); + .getTokenResponse(authorizationCodeGrantRequest()) + .block(); assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("openid", "profile"); } @@ -257,7 +259,8 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); this.clientRegistration.scope("openid", "profile", "email", "address"); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(authorizationCodeGrantRequest()).block(); + .getTokenResponse(authorizationCodeGrantRequest()) + .block(); assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty(); } @@ -267,11 +270,16 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { private OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest(ClientRegistration registration) { OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() - .clientId(registration.getClientId()).state("state") - .authorizationUri(registration.getProviderDetails().getAuthorizationUri()) - .redirectUri(registration.getRedirectUri()).scopes(registration.getScopes()).build(); - OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse.success("code").state("state") - .redirectUri(registration.getRedirectUri()).build(); + .clientId(registration.getClientId()) + .state("state") + .authorizationUri(registration.getProviderDetails().getAuthorizationUri()) + .redirectUri(registration.getRedirectUri()) + .scopes(registration.getScopes()) + .build(); + OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse.success("code") + .state("state") + .redirectUri(registration.getRedirectUri()) + .build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse); return new OAuth2AuthorizationCodeGrantRequest(registration, authorizationExchange); @@ -302,7 +310,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); this.clientRegistration.scope("openid", "profile", "email", "address"); OAuth2AccessTokenResponse response = this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest()) - .block(); + .block(); verify(customClient, atLeastOnce()).post(); } @@ -324,8 +332,9 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { } private OAuth2AuthorizationCodeGrantRequest pkceAuthorizationCodeGrantRequest() { - ClientRegistration registration = this.clientRegistration.clientAuthenticationMethod(null).clientSecret(null) - .build(); + ClientRegistration registration = this.clientRegistration.clientAuthenticationMethod(null) + .clientSecret(null) + .build(); Map attributes = new HashMap<>(); attributes.put(PkceParameterNames.CODE_VERIFIER, "code-verifier-1234"); Map additionalParameters = new HashMap<>(); @@ -356,14 +365,14 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { @Test public void setHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } // gh-10130 @Test public void addHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.addHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } // gh-10130 @@ -388,7 +397,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { verify(addedHeadersConverter).convert(request); RecordedRequest actualRequest = this.server.takeRequest(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); assertThat(actualRequest.getHeader("custom-header-name")).isEqualTo("custom-header-value"); } @@ -415,19 +424,19 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { verify(headersConverter).convert(request); RecordedRequest actualRequest = this.server.takeRequest(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); } @Test public void setParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test public void addParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.addParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test @@ -495,7 +504,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); OAuth2AccessTokenResponse accessTokenResponse = customClient.getTokenResponse(authorizationCodeGrantRequest()) - .block(); + .block(); assertThat(accessTokenResponse.getAccessToken()).isNotNull(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java index 16933ab2ef..5c4d228df0 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java @@ -77,7 +77,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { this.server = new MockWebServer(); this.server.start(); this.clientRegistration = TestClientRegistrations.clientCredentials() - .tokenUri(this.server.url("/oauth2/token").uri().toASCIIString()); + .tokenUri(this.server.url("/oauth2/token").uri().toASCIIString()); } @AfterEach @@ -105,7 +105,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { assertThat(response.getAccessToken()).isNotNull(); assertThat(response.getAccessToken().getScopes()).containsExactly("create"); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); assertThat(body).isEqualTo("grant_type=client_credentials&scope=read%3Auser"); } @@ -124,7 +124,8 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { String clientCredentialWithAnsiKeyboardSpecialCharacters = "~!@#$%^&*()_+{}|:\"<>?`-=[]\\;',./ "; OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest( this.clientRegistration.clientId(clientCredentialWithAnsiKeyboardSpecialCharacters) - .clientSecret(clientCredentialWithAnsiKeyboardSpecialCharacters).build()); + .clientSecret(clientCredentialWithAnsiKeyboardSpecialCharacters) + .build()); OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block(); RecordedRequest actualRequest = this.server.takeRequest(); String body = actualRequest.getBody().readUtf8(); @@ -133,8 +134,8 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { String urlEncodedClientCredentialecret = URLEncoder.encode(clientCredentialWithAnsiKeyboardSpecialCharacters, StandardCharsets.UTF_8.toString()); String clientCredentials = Base64.getEncoder() - .encodeToString((urlEncodedClientCredentialecret + ":" + urlEncodedClientCredentialecret) - .getBytes(StandardCharsets.UTF_8)); + .encodeToString((urlEncodedClientCredentialecret + ":" + urlEncodedClientCredentialecret) + .getBytes(StandardCharsets.UTF_8)); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic " + clientCredentials); assertThat(body).isEqualTo("grant_type=client_credentials&scope=read%3Auser"); } @@ -142,7 +143,8 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { @Test public void getTokenResponseWhenPostThenSuccess() throws Exception { ClientRegistration registration = this.clientRegistration - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST).build(); + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST) + .build(); // @formatter:off enqueueJson("{\n" + " \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n" @@ -278,10 +280,10 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { enqueueUnexpectedResponse(); OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest(registration); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.client.getTokenResponse(request).block()) - .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response")) - .withMessageContaining("[invalid_token_response]") - .withMessageContaining("Empty OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.client.getTokenResponse(request).block()) + .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response")) + .withMessageContaining("[invalid_token_response]") + .withMessageContaining("Empty OAuth 2.0 Access Token Response"); } private void enqueueUnexpectedResponse() { @@ -294,8 +296,8 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { } private void enqueueJson(String body) { - MockResponse response = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE, - MediaType.APPLICATION_JSON_VALUE); + MockResponse response = new MockResponse().setBody(body) + .setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); this.server.enqueue(response); } @@ -303,14 +305,14 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { @Test public void setHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.client.setHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } // gh-10130 @Test public void addHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.client.addHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } // gh-10130 @@ -335,7 +337,7 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { verify(addedHeadersConverter).convert(request); RecordedRequest actualRequest = this.server.takeRequest(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); assertThat(actualRequest.getHeader("custom-header-name")).isEqualTo("custom-header-value"); } @@ -362,19 +364,19 @@ public class WebClientReactiveClientCredentialsTokenResponseClientTests { verify(headersConverter).convert(request); RecordedRequest actualRequest = this.server.takeRequest(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); } @Test public void setParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.client.setParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test public void addParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.client.addParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveJwtBearerTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveJwtBearerTokenResponseClientTests.java index d221511cc3..dcfd30ed4d 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveJwtBearerTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveJwtBearerTokenResponseClientTests.java @@ -99,31 +99,31 @@ public class WebClientReactiveJwtBearerTokenResponseClientTests { @Test public void setWebClientWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.client.setWebClient(null)) - .withMessage("webClient cannot be null"); + .withMessage("webClient cannot be null"); } @Test public void setHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.client.setHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } @Test public void addHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.client.addHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } @Test public void setBodyExtractorWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.client.setBodyExtractor(null)) - .withMessage("bodyExtractor cannot be null"); + .withMessage("bodyExtractor cannot be null"); } @Test public void getTokenResponseWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.client.getTokenResponse(null)) - .withMessage("grantRequest cannot be null"); + .withMessage("grantRequest cannot be null"); } @Test @@ -132,9 +132,9 @@ public class WebClientReactiveJwtBearerTokenResponseClientTests { enqueueUnexpectedResponse(); JwtBearerGrantRequest request = new JwtBearerGrantRequest(registration, this.jwtAssertion); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.client.getTokenResponse(request).block()) - .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response")) - .withMessage("[invalid_token_response] Empty OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.client.getTokenResponse(request).block()) + .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response")) + .withMessage("[invalid_token_response] Empty OAuth 2.0 Access Token Response"); } @Test @@ -143,9 +143,9 @@ public class WebClientReactiveJwtBearerTokenResponseClientTests { enqueueServerErrorResponse(); JwtBearerGrantRequest request = new JwtBearerGrantRequest(registration, this.jwtAssertion); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.client.getTokenResponse(request).block()) - .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.SERVER_ERROR)) - .withMessageContaining("[server_error]"); + .isThrownBy(() -> this.client.getTokenResponse(request).block()) + .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.SERVER_ERROR)) + .withMessageContaining("[server_error]"); } @Test @@ -159,9 +159,9 @@ public class WebClientReactiveJwtBearerTokenResponseClientTests { enqueueJson(accessTokenResponse); JwtBearerGrantRequest request = new JwtBearerGrantRequest(registration, this.jwtAssertion); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.client.getTokenResponse(request).block()) - .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_GRANT)) - .withMessageContaining("[invalid_grant]"); + .isThrownBy(() -> this.client.getTokenResponse(request).block()) + .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_GRANT)) + .withMessageContaining("[invalid_grant]"); } @Test @@ -177,10 +177,10 @@ public class WebClientReactiveJwtBearerTokenResponseClientTests { enqueueJson(accessTokenResponse); JwtBearerGrantRequest request = new JwtBearerGrantRequest(registration, this.jwtAssertion); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.client.getTokenResponse(request).block()) - .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response")) - .withMessageContaining("[invalid_token_response] An error occurred parsing the Access Token response") - .withMessageContaining("Unsupported token_type: not-bearer"); + .isThrownBy(() -> this.client.getTokenResponse(request).block()) + .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response")) + .withMessageContaining("[invalid_token_response] An error occurred parsing the Access Token response") + .withMessageContaining("Unsupported token_type: not-bearer"); } @Test @@ -209,7 +209,7 @@ public class WebClientReactiveJwtBearerTokenResponseClientTests { verify(headersConverter).convert(request); RecordedRequest actualRequest = this.server.takeRequest(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); } @Test @@ -226,20 +226,20 @@ public class WebClientReactiveJwtBearerTokenResponseClientTests { verify(addedHeadersConverter).convert(request); RecordedRequest actualRequest = this.server.takeRequest(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); assertThat(actualRequest.getHeader("custom-header-name")).isEqualTo("custom-header-value"); } @Test public void setParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.client.setParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test public void addParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.client.addParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test @@ -309,7 +309,7 @@ public class WebClientReactiveJwtBearerTokenResponseClientTests { assertThat(response.getAccessToken().getScopes()).containsExactly("read", "write"); RecordedRequest actualRequest = this.server.takeRequest(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); assertThat(actualRequest.getBody().readUtf8()).isEqualTo( "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&scope=read+write&assertion=token"); } @@ -368,8 +368,8 @@ public class WebClientReactiveJwtBearerTokenResponseClientTests { } private void enqueueJson(String body) { - MockResponse response = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE, - MediaType.APPLICATION_JSON_VALUE); + MockResponse response = new MockResponse().setBody(body) + .setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); this.server.enqueue(response); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java index d8570c58c2..db1d88cc48 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactivePasswordTokenResponseClientTests.java @@ -114,13 +114,13 @@ public class WebClientReactivePasswordTokenResponseClientTests { OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, this.username, this.password); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest) - .block(); + .block(); Instant expiresAtAfter = Instant.now().plusSeconds(3600); RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) - .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); + .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=password"); assertThat(formParameters).contains("username=user1"); @@ -149,13 +149,13 @@ public class WebClientReactivePasswordTokenResponseClientTests { OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, this.username, this.password); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest) - .block(); + .block(); Instant expiresAtAfter = Instant.now().plusSeconds(3600); RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) - .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); + .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=password"); assertThat(formParameters).contains("username=user1"); @@ -165,7 +165,7 @@ public class WebClientReactivePasswordTokenResponseClientTests { assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); assertThat(accessTokenResponse.getAccessToken().getScopes()) - .containsExactly(clientRegistration.getScopes().toArray(new String[0])); + .containsExactly(clientRegistration.getScopes().toArray(new String[0])); assertThat(accessTokenResponse.getRefreshToken()).isNull(); } @@ -180,7 +180,8 @@ public class WebClientReactivePasswordTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); ClientRegistration clientRegistration = this.clientRegistrationBuilder - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST).build(); + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST) + .build(); OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest(clientRegistration, this.username, this.password); this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block(); @@ -277,11 +278,11 @@ public class WebClientReactivePasswordTokenResponseClientTests { OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block()) - .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response")) - .withMessageContaining("[invalid_token_response]") - .withMessageContaining("An error occurred parsing the Access Token response") - .withCauseInstanceOf(Throwable.class); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block()) + .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response")) + .withMessageContaining("[invalid_token_response]") + .withMessageContaining("An error occurred parsing the Access Token response") + .withCauseInstanceOf(Throwable.class); } @Test @@ -298,7 +299,7 @@ public class WebClientReactivePasswordTokenResponseClientTests { OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient.getTokenResponse(passwordGrantRequest) - .block(); + .block(); RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("scope=read"); @@ -316,9 +317,9 @@ public class WebClientReactivePasswordTokenResponseClientTests { OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block()) - .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("unauthorized_client")) - .withMessageContaining("[unauthorized_client]"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block()) + .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("unauthorized_client")) + .withMessageContaining("[unauthorized_client]"); } @Test @@ -327,10 +328,10 @@ public class WebClientReactivePasswordTokenResponseClientTests { OAuth2PasswordGrantRequest passwordGrantRequest = new OAuth2PasswordGrantRequest( this.clientRegistrationBuilder.build(), this.username, this.password); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block()) - .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response")) - .withMessageContaining("[invalid_token_response]") - .withMessageContaining("Empty OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(passwordGrantRequest).block()) + .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response")) + .withMessageContaining("[invalid_token_response]") + .withMessageContaining("Empty OAuth 2.0 Access Token Response"); } private MockResponse jsonResponse(String json) { @@ -345,14 +346,14 @@ public class WebClientReactivePasswordTokenResponseClientTests { @Test public void setHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } // gh-10130 @Test public void addHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.addHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } // gh-10130 @@ -378,7 +379,7 @@ public class WebClientReactivePasswordTokenResponseClientTests { verify(addedHeadersConverter).convert(request); RecordedRequest actualRequest = this.server.takeRequest(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); assertThat(actualRequest.getHeader("custom-header-name")).isEqualTo("custom-header-value"); } @@ -406,19 +407,19 @@ public class WebClientReactivePasswordTokenResponseClientTests { verify(headersConverter).convert(request); RecordedRequest actualRequest = this.server.takeRequest(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); } @Test public void setParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test public void addParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.addParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java index 4d2c945237..43a8705fdf 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClientTests.java @@ -117,13 +117,14 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(refreshTokenGrantRequest).block(); + .getTokenResponse(refreshTokenGrantRequest) + .block(); Instant expiresAtAfter = Instant.now().plusSeconds(3600); RecordedRequest recordedRequest = this.server.takeRequest(); assertThat(recordedRequest.getMethod()).isEqualTo(HttpMethod.POST.toString()); assertThat(recordedRequest.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); assertThat(recordedRequest.getHeader(HttpHeaders.CONTENT_TYPE)) - .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); + .isEqualTo(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"); assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("grant_type=refresh_token"); @@ -132,7 +133,7 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBetween(expiresAtBefore, expiresAtAfter); assertThat(accessTokenResponse.getAccessToken().getScopes()) - .containsExactly(this.accessToken.getScopes().toArray(new String[0])); + .containsExactly(this.accessToken.getScopes().toArray(new String[0])); assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo(this.refreshToken.getTokenValue()); } @@ -147,7 +148,8 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenSuccessResponse)); ClientRegistration clientRegistration = this.clientRegistrationBuilder - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST).build(); + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST) + .build(); OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest(clientRegistration, this.accessToken, this.refreshToken); this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block(); @@ -244,10 +246,10 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block()) - .withMessageContaining("[invalid_token_response]") - .withMessageContaining("An error occurred parsing the Access Token response") - .withCauseInstanceOf(Throwable.class); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block()) + .withMessageContaining("[invalid_token_response]") + .withMessageContaining("An error occurred parsing the Access Token response") + .withCauseInstanceOf(Throwable.class); } @Test @@ -265,7 +267,8 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken, Collections.singleton("read")); OAuth2AccessTokenResponse accessTokenResponse = this.tokenResponseClient - .getTokenResponse(refreshTokenGrantRequest).block(); + .getTokenResponse(refreshTokenGrantRequest) + .block(); RecordedRequest recordedRequest = this.server.takeRequest(); String formParameters = recordedRequest.getBody().readUtf8(); assertThat(formParameters).contains("scope=read"); @@ -283,9 +286,9 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block()) - .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("unauthorized_client")) - .withMessageContaining("[unauthorized_client]"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block()) + .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("unauthorized_client")) + .withMessageContaining("[unauthorized_client]"); } @Test @@ -294,10 +297,10 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { OAuth2RefreshTokenGrantRequest refreshTokenGrantRequest = new OAuth2RefreshTokenGrantRequest( this.clientRegistrationBuilder.build(), this.accessToken, this.refreshToken); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block()) - .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response")) - .withMessageContaining("[invalid_token_response]") - .withMessageContaining("Empty OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.tokenResponseClient.getTokenResponse(refreshTokenGrantRequest).block()) + .satisfies((ex) -> assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token_response")) + .withMessageContaining("[invalid_token_response]") + .withMessageContaining("Empty OAuth 2.0 Access Token Response"); } private MockResponse jsonResponse(String json) { @@ -312,14 +315,14 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { @Test public void setHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } // gh-10130 @Test public void addHeadersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.addHeadersConverter(null)) - .withMessage("headersConverter cannot be null"); + .withMessage("headersConverter cannot be null"); } // gh-10130 @@ -345,7 +348,7 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { verify(addedHeadersConverter).convert(request); RecordedRequest actualRequest = this.server.takeRequest(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); assertThat(actualRequest.getHeader("custom-header-name")).isEqualTo("custom-header-value"); } @@ -373,19 +376,19 @@ public class WebClientReactiveRefreshTokenTokenResponseClientTests { verify(headersConverter1).convert(request); RecordedRequest actualRequest = this.server.takeRequest(); assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); + .isEqualTo("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ="); } @Test public void setParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.setParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test public void addParametersConverterWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.tokenResponseClient.addParametersConverter(null)) - .withMessage("parametersConverter cannot be null"); + .withMessage("parametersConverter cannot be null"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java index aed0aad7fa..24b27d5d7f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java @@ -56,8 +56,8 @@ public class OAuth2ErrorResponseErrorHandlerTests { // @formatter:on MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.errorHandler.handleError(response)) - .withMessage("[unauthorized_client] The client is not authorized"); + .isThrownBy(() -> this.errorHandler.handleError(response)) + .withMessage("[unauthorized_client] The client is not authorized"); } @Test @@ -72,11 +72,11 @@ public class OAuth2ErrorResponseErrorHandlerTests { // @formatter:on MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST); given(oauth2ErrorConverter.read(any(), any())) - .willReturn(new OAuth2Error("unauthorized_client", "The client is not authorized", null)); + .willReturn(new OAuth2Error("unauthorized_client", "The client is not authorized", null)); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.errorHandler.handleError(response)) - .withMessage("[unauthorized_client] The client is not authorized"); + .isThrownBy(() -> this.errorHandler.handleError(response)) + .withMessage("[unauthorized_client] The client is not authorized"); verify(oauth2ErrorConverter).read(eq(OAuth2Error.class), eq(response)); } @@ -86,8 +86,8 @@ public class OAuth2ErrorResponseErrorHandlerTests { MockClientHttpResponse response = new MockClientHttpResponse(new byte[0], HttpStatus.BAD_REQUEST); response.getHeaders().add(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticateHeader); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.errorHandler.handleError(response)) - .withMessage("[insufficient_scope] The access token expired"); + .isThrownBy(() -> this.errorHandler.handleError(response)) + .withMessage("[insufficient_scope] The access token expired"); } @Test @@ -96,14 +96,16 @@ public class OAuth2ErrorResponseErrorHandlerTests { MockClientHttpResponse response = new MockClientHttpResponse(new byte[0], HttpStatus.BAD_REQUEST); response.getHeaders().add(HttpHeaders.WWW_AUTHENTICATE, invalidWwwAuthenticateHeader); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.errorHandler.handleError(response)).withMessage("[server_error] "); + .isThrownBy(() -> this.errorHandler.handleError(response)) + .withMessage("[server_error] "); } @Test public void handleErrorWhenErrorResponseWithInvalidStatusCodeThenHandled() { CustomMockClientHttpResponse response = new CustomMockClientHttpResponse(new byte[0], 596); assertThatExceptionOfType(UnknownHttpStatusCodeException.class) - .isThrownBy(() -> this.errorHandler.handleError(response)).withMessage("596 : [no body]"); + .isThrownBy(() -> this.errorHandler.handleError(response)) + .withMessage("596 : [no body]"); } private static final class CustomMockClientHttpResponse extends MockHttpInputMessage implements ClientHttpResponse { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java index ab97544e2f..4fe5b9850e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java @@ -69,7 +69,7 @@ public class OAuth2AuthenticationExceptionMixinTests { public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() { String json = asJson(new OAuth2AuthenticationException(new OAuth2Error("[authorization_request_not_found]"))); assertThatExceptionOfType(JsonProcessingException.class) - .isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthenticationException.class)); + .isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthenticationException.class)); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java index aa5ebe83ca..8d100fddca 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java @@ -100,7 +100,7 @@ public class OAuth2AuthenticationTokenMixinTests { OAuth2AuthenticationToken authentication = TestOAuth2AuthenticationTokens.oidcAuthenticated(); String json = asJson(authentication); assertThatExceptionOfType(JsonProcessingException.class) - .isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthenticationToken.class)); + .isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthenticationToken.class)); } @Test @@ -113,7 +113,7 @@ public class OAuth2AuthenticationTokenMixinTests { assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails()); assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated()); assertThat(authentication.getAuthorizedClientRegistrationId()) - .isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId()); + .isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId()); DefaultOidcUser expectedOidcUser = (DefaultOidcUser) expectedAuthentication.getPrincipal(); DefaultOidcUser oidcUser = (DefaultOidcUser) authentication.getPrincipal(); assertThat(oidcUser.getAuthorities().containsAll(expectedOidcUser.getAuthorities())).isTrue(); @@ -136,7 +136,7 @@ public class OAuth2AuthenticationTokenMixinTests { assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails()); assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated()); assertThat(authentication.getAuthorizedClientRegistrationId()) - .isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId()); + .isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId()); DefaultOAuth2User expectedOauth2User = (DefaultOAuth2User) expectedAuthentication.getPrincipal(); DefaultOAuth2User oauth2User = (DefaultOAuth2User) authentication.getPrincipal(); assertThat(oauth2User.getAuthorities().containsAll(expectedOauth2User.getAuthorities())).isTrue(); @@ -156,7 +156,7 @@ public class OAuth2AuthenticationTokenMixinTests { assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails()); assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated()); assertThat(authentication.getAuthorizedClientRegistrationId()) - .isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId()); + .isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId()); DefaultOidcUser principal = (DefaultOidcUser) authentication.getPrincipal(); assertThat(principal.getAuthorities().containsAll(expectedPrincipal.getAuthorities())).isTrue(); assertThat(principal.getAttributes()).containsExactlyEntriesOf(expectedPrincipal.getAttributes()); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java index 1d00de7d33..2d7b326c8e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java @@ -89,7 +89,7 @@ public class OAuth2AuthorizationRequestMixinTests { public void deserializeWhenMixinNotRegisteredThenThrowJsonProcessingException() { String json = asJson(this.authorizationRequestBuilder.build()); assertThatExceptionOfType(JsonProcessingException.class) - .isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthorizationRequest.class)); + .isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthorizationRequest.class)); } @Test @@ -98,7 +98,7 @@ public class OAuth2AuthorizationRequestMixinTests { String json = asJson(expectedAuthorizationRequest); OAuth2AuthorizationRequest authorizationRequest = this.mapper.readValue(json, OAuth2AuthorizationRequest.class); assertThat(authorizationRequest.getAuthorizationUri()) - .isEqualTo(expectedAuthorizationRequest.getAuthorizationUri()); + .isEqualTo(expectedAuthorizationRequest.getAuthorizationUri()); assertThat(authorizationRequest.getGrantType()).isEqualTo(expectedAuthorizationRequest.getGrantType()); assertThat(authorizationRequest.getResponseType()).isEqualTo(expectedAuthorizationRequest.getResponseType()); assertThat(authorizationRequest.getClientId()).isEqualTo(expectedAuthorizationRequest.getClientId()); @@ -106,11 +106,11 @@ public class OAuth2AuthorizationRequestMixinTests { assertThat(authorizationRequest.getScopes()).isEqualTo(expectedAuthorizationRequest.getScopes()); assertThat(authorizationRequest.getState()).isEqualTo(expectedAuthorizationRequest.getState()); assertThat(authorizationRequest.getAdditionalParameters()) - .containsExactlyEntriesOf(expectedAuthorizationRequest.getAdditionalParameters()); + .containsExactlyEntriesOf(expectedAuthorizationRequest.getAdditionalParameters()); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .isEqualTo(expectedAuthorizationRequest.getAuthorizationRequestUri()); + .isEqualTo(expectedAuthorizationRequest.getAuthorizationRequestUri()); assertThat(authorizationRequest.getAttributes()) - .containsExactlyEntriesOf(expectedAuthorizationRequest.getAttributes()); + .containsExactlyEntriesOf(expectedAuthorizationRequest.getAttributes()); } @Test @@ -125,7 +125,7 @@ public class OAuth2AuthorizationRequestMixinTests { String json = asJson(expectedAuthorizationRequest); OAuth2AuthorizationRequest authorizationRequest = this.mapper.readValue(json, OAuth2AuthorizationRequest.class); assertThat(authorizationRequest.getAuthorizationUri()) - .isEqualTo(expectedAuthorizationRequest.getAuthorizationUri()); + .isEqualTo(expectedAuthorizationRequest.getAuthorizationUri()); assertThat(authorizationRequest.getGrantType()).isEqualTo(expectedAuthorizationRequest.getGrantType()); assertThat(authorizationRequest.getResponseType()).isEqualTo(expectedAuthorizationRequest.getResponseType()); assertThat(authorizationRequest.getClientId()).isEqualTo(expectedAuthorizationRequest.getClientId()); @@ -134,7 +134,7 @@ public class OAuth2AuthorizationRequestMixinTests { assertThat(authorizationRequest.getState()).isNull(); assertThat(authorizationRequest.getAdditionalParameters()).isEmpty(); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .isEqualTo(expectedAuthorizationRequest.getAuthorizationRequestUri()); + .isEqualTo(expectedAuthorizationRequest.getAuthorizationRequestUri()); assertThat(authorizationRequest.getAttributes()).isEmpty(); } @@ -143,8 +143,8 @@ public class OAuth2AuthorizationRequestMixinTests { OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestBuilder.build(); String json = asJson(authorizationRequest).replace("authorization_code", "client_credentials"); assertThatExceptionOfType(JsonParseException.class) - .isThrownBy(() -> this.mapper.readValue(json, OAuth2AuthorizationRequest.class)) - .withMessageContaining("Invalid authorizationGrantType"); + .isThrownBy(() -> this.mapper.readValue(json, OAuth2AuthorizationRequest.class)) + .withMessageContaining("Invalid authorizationGrantType"); } private static String asJson(OAuth2AuthorizationRequest authorizationRequest) { @@ -154,15 +154,19 @@ public class OAuth2AuthorizationRequestMixinTests { } String additionalParameters = "\"@class\": \"java.util.Collections$UnmodifiableMap\""; if (!CollectionUtils.isEmpty(authorizationRequest.getAdditionalParameters())) { - additionalParameters += "," + authorizationRequest.getAdditionalParameters().keySet().stream().map( - (key) -> "\"" + key + "\": \"" + authorizationRequest.getAdditionalParameters().get(key) + "\"") - .collect(Collectors.joining(",")); + additionalParameters += "," + authorizationRequest.getAdditionalParameters() + .keySet() + .stream() + .map((key) -> "\"" + key + "\": \"" + authorizationRequest.getAdditionalParameters().get(key) + "\"") + .collect(Collectors.joining(",")); } String attributes = "\"@class\": \"java.util.Collections$UnmodifiableMap\""; if (!CollectionUtils.isEmpty(authorizationRequest.getAttributes())) { - attributes += "," + authorizationRequest.getAttributes().keySet().stream() - .map((key) -> "\"" + key + "\": \"" + authorizationRequest.getAttributes().get(key) + "\"") - .collect(Collectors.joining(",")); + attributes += "," + authorizationRequest.getAttributes() + .keySet() + .stream() + .map((key) -> "\"" + key + "\": \"" + authorizationRequest.getAttributes().get(key) + "\"") + .collect(Collectors.joining(",")); } // @formatter:off return "{\n" + diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java index 45d1ba4d12..3f696c361c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java @@ -113,7 +113,7 @@ public class OAuth2AuthorizedClientMixinTests { this.principalName, this.accessToken); String json = asJson(authorizedClient); assertThatExceptionOfType(JsonProcessingException.class) - .isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthorizedClient.class)); + .isThrownBy(() -> new ObjectMapper().readValue(json, OAuth2AuthorizedClient.class)); } @Test @@ -130,27 +130,27 @@ public class OAuth2AuthorizedClientMixinTests { assertThat(clientRegistration.getClientId()).isEqualTo(expectedClientRegistration.getClientId()); assertThat(clientRegistration.getClientSecret()).isEqualTo(expectedClientRegistration.getClientSecret()); assertThat(clientRegistration.getClientAuthenticationMethod()) - .isEqualTo(expectedClientRegistration.getClientAuthenticationMethod()); + .isEqualTo(expectedClientRegistration.getClientAuthenticationMethod()); assertThat(clientRegistration.getAuthorizationGrantType()) - .isEqualTo(expectedClientRegistration.getAuthorizationGrantType()); + .isEqualTo(expectedClientRegistration.getAuthorizationGrantType()); assertThat(clientRegistration.getRedirectUri()).isEqualTo(expectedClientRegistration.getRedirectUri()); assertThat(clientRegistration.getScopes()).isEqualTo(expectedClientRegistration.getScopes()); assertThat(clientRegistration.getProviderDetails().getAuthorizationUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getAuthorizationUri()); + .isEqualTo(expectedClientRegistration.getProviderDetails().getAuthorizationUri()); assertThat(clientRegistration.getProviderDetails().getTokenUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getTokenUri()); + .isEqualTo(expectedClientRegistration.getProviderDetails().getTokenUri()); assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()); - assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()).isEqualTo( - expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()); + .isEqualTo(expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()); + assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()) + .isEqualTo(expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()); assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName()).isEqualTo( expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName()); assertThat(clientRegistration.getProviderDetails().getJwkSetUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getJwkSetUri()); + .isEqualTo(expectedClientRegistration.getProviderDetails().getJwkSetUri()); assertThat(clientRegistration.getProviderDetails().getIssuerUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getIssuerUri()); + .isEqualTo(expectedClientRegistration.getProviderDetails().getIssuerUri()); assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()) - .containsExactlyEntriesOf(clientRegistration.getProviderDetails().getConfigurationMetadata()); + .containsExactlyEntriesOf(clientRegistration.getProviderDetails().getConfigurationMetadata()); assertThat(clientRegistration.getClientName()).isEqualTo(expectedClientRegistration.getClientName()); assertThat(authorizedClient.getPrincipalName()).isEqualTo(expectedAuthorizedClient.getPrincipalName()); OAuth2AccessToken accessToken = authorizedClient.getAccessToken(); @@ -187,18 +187,18 @@ public class OAuth2AuthorizedClientMixinTests { assertThat(clientRegistration.getClientId()).isEqualTo(expectedClientRegistration.getClientId()); assertThat(clientRegistration.getClientSecret()).isEmpty(); assertThat(clientRegistration.getClientAuthenticationMethod()) - .isEqualTo(expectedClientRegistration.getClientAuthenticationMethod()); + .isEqualTo(expectedClientRegistration.getClientAuthenticationMethod()); assertThat(clientRegistration.getAuthorizationGrantType()) - .isEqualTo(expectedClientRegistration.getAuthorizationGrantType()); + .isEqualTo(expectedClientRegistration.getAuthorizationGrantType()); assertThat(clientRegistration.getRedirectUri()).isEqualTo(expectedClientRegistration.getRedirectUri()); assertThat(clientRegistration.getScopes()).isEqualTo(expectedClientRegistration.getScopes()); assertThat(clientRegistration.getProviderDetails().getAuthorizationUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getAuthorizationUri()); + .isEqualTo(expectedClientRegistration.getProviderDetails().getAuthorizationUri()); assertThat(clientRegistration.getProviderDetails().getTokenUri()) - .isEqualTo(expectedClientRegistration.getProviderDetails().getTokenUri()); + .isEqualTo(expectedClientRegistration.getProviderDetails().getTokenUri()); assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()).isNull(); - assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()).isEqualTo( - expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()); + assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()) + .isEqualTo(expectedClientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()); assertThat(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName()).isNull(); assertThat(clientRegistration.getProviderDetails().getJwkSetUri()).isNull(); assertThat(clientRegistration.getProviderDetails().getIssuerUri()).isNull(); @@ -235,9 +235,11 @@ public class OAuth2AuthorizedClientMixinTests { } String configurationMetadata = "\"@class\": \"java.util.Collections$UnmodifiableMap\""; if (!CollectionUtils.isEmpty(providerDetails.getConfigurationMetadata())) { - configurationMetadata += "," + providerDetails.getConfigurationMetadata().keySet().stream() - .map((key) -> "\"" + key + "\": \"" + providerDetails.getConfigurationMetadata().get(key) + "\"") - .collect(Collectors.joining(",")); + configurationMetadata += "," + providerDetails.getConfigurationMetadata() + .keySet() + .stream() + .map((key) -> "\"" + key + "\": \"" + providerDetails.getConfigurationMetadata().get(key) + "\"") + .collect(Collectors.joining(",")); } // @formatter:off return "{\n" + diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java index b7c38455f8..57e8791ed5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProviderTests.java @@ -135,13 +135,13 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { @Test public void constructorWhenAccessTokenResponseClientIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OidcAuthorizationCodeAuthenticationProvider(null, this.userService)); + .isThrownBy(() -> new OidcAuthorizationCodeAuthenticationProvider(null, this.userService)); } @Test public void constructorWhenUserServiceIsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy( - () -> new OidcAuthorizationCodeAuthenticationProvider(this.accessTokenResponseClient, null)); + assertThatIllegalArgumentException() + .isThrownBy(() -> new OidcAuthorizationCodeAuthenticationProvider(this.accessTokenResponseClient, null)); } @Test @@ -169,7 +169,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, this.authorizationResponse); OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider - .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange)); assertThat(authentication).isNull(); } @@ -183,9 +183,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.authenticationProvider.authenticate( - new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange))) - .withMessageContaining(OAuth2ErrorCodes.INVALID_SCOPE); + .isThrownBy(() -> this.authenticationProvider + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange))) + .withMessageContaining(OAuth2ErrorCodes.INVALID_SCOPE); } @Test @@ -198,9 +198,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, authorizationResponse); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.authenticationProvider.authenticate( - new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange))) - .withMessageContaining("invalid_state_parameter"); + .isThrownBy(() -> this.authenticationProvider + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, authorizationExchange))) + .withMessageContaining("invalid_state_parameter"); } @Test @@ -213,9 +213,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { // @formatter:on given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.authenticationProvider.authenticate( - new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange))) - .withMessageContaining("invalid_id_token"); + .isThrownBy(() -> this.authenticationProvider + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange))) + .withMessageContaining("invalid_id_token"); } @Test @@ -226,9 +226,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { .build(); // @formatter:on assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.authenticationProvider.authenticate( - new OAuth2LoginAuthenticationToken(clientRegistration, this.authorizationExchange))) - .withMessageContaining("missing_signature_verifier"); + .isThrownBy(() -> this.authenticationProvider + .authenticate(new OAuth2LoginAuthenticationToken(clientRegistration, this.authorizationExchange))) + .withMessageContaining("missing_signature_verifier"); } @Test @@ -237,9 +237,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { given(jwtDecoder.decode(anyString())).willThrow(new JwtException("ID Token Validation Error")); this.authenticationProvider.setJwtDecoderFactory((registration) -> jwtDecoder); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.authenticationProvider.authenticate( - new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange))) - .withMessageContaining("[invalid_id_token] ID Token Validation Error"); + .isThrownBy(() -> this.authenticationProvider + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange))) + .withMessageContaining("[invalid_id_token] ID Token Validation Error"); } @Test @@ -252,9 +252,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { claims.put(IdTokenClaimNames.NONCE, "invalid-nonce-hash"); this.setUpIdToken(claims); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.authenticationProvider.authenticate( - new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange))) - .withMessageContaining("[invalid_nonce]"); + .isThrownBy(() -> this.authenticationProvider + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange))) + .withMessageContaining("[invalid_nonce]"); } @Test @@ -271,7 +271,7 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { given(principal.getAuthorities()).willAnswer((Answer>) (invocation) -> authorities); given(this.userService.loadUser(any())).willReturn(principal); OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider - .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); assertThat(authentication.isAuthenticated()).isTrue(); assertThat(authentication.getPrincipal()).isEqualTo(principal); assertThat(authentication.getCredentials()).isEqualTo(""); @@ -298,10 +298,10 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { List mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER"); GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class); given(authoritiesMapper.mapAuthorities(anyCollection())) - .willAnswer((Answer>) (invocation) -> mappedAuthorities); + .willAnswer((Answer>) (invocation) -> mappedAuthorities); this.authenticationProvider.setAuthoritiesMapper(authoritiesMapper); OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) this.authenticationProvider - .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); assertThat(authentication.getAuthorities()).isEqualTo(mappedAuthorities); } @@ -321,9 +321,9 @@ public class OidcAuthorizationCodeAuthenticationProviderTests { ArgumentCaptor userRequestArgCaptor = ArgumentCaptor.forClass(OidcUserRequest.class); given(this.userService.loadUser(userRequestArgCaptor.capture())).willReturn(principal); this.authenticationProvider - .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); + .authenticate(new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange)); assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()) - .containsAllEntriesOf(this.accessTokenResponse.getAdditionalParameters()); + .containsAllEntriesOf(this.accessTokenResponse.getAdditionalParameters()); } private void setUpIdToken(Map claims) { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java index 281b8ad31f..6932311a1b 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java @@ -119,16 +119,16 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { public void constructorWhenNullAccessTokenResponseClientThenIllegalArgumentException() { this.accessTokenResponseClient = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient, - this.userService)); + .isThrownBy(() -> new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient, + this.userService)); } @Test public void constructorWhenNullUserServiceThenIllegalArgumentException() { this.userService = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient, - this.userService)); + .isThrownBy(() -> new OidcAuthorizationCodeReactiveAuthenticationManager(this.accessTokenResponseClient, + this.userService)); } @Test @@ -163,14 +163,14 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { .state("state"); // @formatter:on assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.manager.authenticate(loginToken()).block()); + .isThrownBy(() -> this.manager.authenticate(loginToken()).block()); } @Test public void authenticationWhenStateDoesNotMatchThenOAuth2AuthenticationException() { this.authorizationResponseBldr.state("notmatch"); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.manager.authenticate(loginToken()).block()); + .isThrownBy(() -> this.manager.authenticate(loginToken()).block()); } @Test @@ -185,8 +185,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { given(this.jwtDecoder.decode(any())).willThrow(new JwtException("ID Token Validation Error")); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.manager.authenticate(loginToken()).block()) - .withMessageContaining("[invalid_id_token] ID Token Validation Error"); + .isThrownBy(() -> this.manager.authenticate(loginToken()).block()) + .withMessageContaining("[invalid_id_token] ID Token Validation Error"); } @Test @@ -209,8 +209,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.manager.authenticate(authorizationCodeAuthentication).block()) - .withMessageContaining("[invalid_nonce]"); + .isThrownBy(() -> this.manager.authenticate(authorizationCodeAuthentication).block()) + .withMessageContaining("[invalid_nonce]"); } @Test @@ -259,7 +259,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager - .authenticate(authorizationCodeAuthentication).block(); + .authenticate(authorizationCodeAuthentication) + .block(); assertThat(result.getPrincipal()).isEqualTo(user); assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities()); assertThat(result.isAuthenticated()).isTrue(); @@ -289,7 +290,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager - .authenticate(authorizationCodeAuthentication).block(); + .authenticate(authorizationCodeAuthentication) + .block(); assertThat(result.getPrincipal()).isEqualTo(user); assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities()); assertThat(result.isAuthenticated()).isTrue(); @@ -326,7 +328,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); this.manager.authenticate(authorizationCodeAuthentication).block(); assertThat(userRequestArgCaptor.getValue().getAdditionalParameters()) - .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); + .containsAllEntriesOf(accessTokenResponse.getAdditionalParameters()); } @Test @@ -353,7 +355,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { List mappedAuthorities = AuthorityUtils.createAuthorityList("ROLE_OIDC_USER"); GrantedAuthoritiesMapper authoritiesMapper = mock(GrantedAuthoritiesMapper.class); given(authoritiesMapper.mapAuthorities(anyCollection())) - .willAnswer((Answer>) (invocation) -> mappedAuthorities); + .willAnswer((Answer>) (invocation) -> mappedAuthorities); given(this.jwtDecoder.decode(any())).willReturn(Mono.just(idToken)); this.manager.setJwtDecoderFactory((c) -> this.jwtDecoder); this.manager.setAuthoritiesMapper(authoritiesMapper); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java index 0642602c5c..33663bac65 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java @@ -66,7 +66,7 @@ public class OidcIdTokenDecoderFactoryTests { @Test public void createDefaultClaimTypeConvertersWhenCalledThenDefaultsAreCorrect() { Map> claimTypeConverters = OidcIdTokenDecoderFactory - .createDefaultClaimTypeConverters(); + .createDefaultClaimTypeConverters(); assertThat(claimTypeConverters).containsKey(IdTokenClaimNames.ISS); assertThat(claimTypeConverters).containsKey(IdTokenClaimNames.AUD); assertThat(claimTypeConverters).containsKey(IdTokenClaimNames.NONCE); @@ -92,7 +92,7 @@ public class OidcIdTokenDecoderFactoryTests { @Test public void setClaimTypeConverterFactoryWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.idTokenDecoderFactory.setClaimTypeConverterFactory(null)); + .isThrownBy(() -> this.idTokenDecoderFactory.setClaimTypeConverterFactory(null)); } @Test @@ -103,41 +103,40 @@ public class OidcIdTokenDecoderFactoryTests { @Test public void createDecoderWhenJwsAlgorithmDefaultAndJwkSetUriEmptyThenThrowOAuth2AuthenticationException() { assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build())) - .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " - + "for Client Registration: 'registration-id'. " - + "Check to ensure you have configured the JwkSet URI."); + .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build())) + .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " + + "for Client Registration: 'registration-id'. " + + "Check to ensure you have configured the JwkSet URI."); } @Test public void createDecoderWhenJwsAlgorithmEcAndJwkSetUriEmptyThenThrowOAuth2AuthenticationException() { this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> SignatureAlgorithm.ES256); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build())) - .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " - + "for Client Registration: 'registration-id'. " - + "Check to ensure you have configured the JwkSet URI."); + .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build())) + .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " + + "for Client Registration: 'registration-id'. " + + "Check to ensure you have configured the JwkSet URI."); } @Test public void createDecoderWhenJwsAlgorithmHmacAndClientSecretNullThenThrowOAuth2AuthenticationException() { this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> MacAlgorithm.HS256); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy( - () -> this.idTokenDecoderFactory.createDecoder(this.registration.clientSecret(null).build())) - .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " - + "for Client Registration: 'registration-id'. " - + "Check to ensure you have configured the client secret."); + .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.clientSecret(null).build())) + .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " + + "for Client Registration: 'registration-id'. " + + "Check to ensure you have configured the client secret."); } @Test public void createDecoderWhenJwsAlgorithmNullThenThrowOAuth2AuthenticationException() { this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> null); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.build())) - .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " - + "for Client Registration: 'registration-id'. " - + "Check to ensure you have configured a valid JWS Algorithm: 'null'"); + .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.build())) + .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " + + "for Client Registration: 'registration-id'. " + + "Check to ensure you have configured a valid JWS Algorithm: 'null'"); } @Test @@ -151,7 +150,7 @@ public class OidcIdTokenDecoderFactoryTests { this.idTokenDecoderFactory.setJwtValidatorFactory(customJwtValidatorFactory); ClientRegistration clientRegistration = this.registration.build(); given(customJwtValidatorFactory.apply(same(clientRegistration))) - .willReturn(new OidcIdTokenValidator(clientRegistration)); + .willReturn(new OidcIdTokenValidator(clientRegistration)); this.idTokenDecoderFactory.createDecoder(clientRegistration); verify(customJwtValidatorFactory).apply(same(clientRegistration)); } @@ -173,7 +172,7 @@ public class OidcIdTokenDecoderFactoryTests { this.idTokenDecoderFactory.setClaimTypeConverterFactory(customClaimTypeConverterFactory); ClientRegistration clientRegistration = this.registration.build(); given(customClaimTypeConverterFactory.apply(same(clientRegistration))) - .willReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters())); + .willReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters())); this.idTokenDecoderFactory.createDecoder(clientRegistration); verify(customClaimTypeConverterFactory).apply(same(clientRegistration)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java index 58750c296f..d9b2adcde9 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java @@ -168,8 +168,9 @@ public class OidcIdTokenValidatorTests { @Test public void validateWhenExpiresAtNullThenHasErrors() { this.expiresAt = null; - assertThat(this.validateIdToken()).hasSize(1).extracting(OAuth2Error::getDescription) - .allMatch((msg) -> msg.contains(IdTokenClaimNames.EXP)); + assertThat(this.validateIdToken()).hasSize(1) + .extracting(OAuth2Error::getDescription) + .allMatch((msg) -> msg.contains(IdTokenClaimNames.EXP)); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java index 547b1fbfa9..3a3f668d7a 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java @@ -65,7 +65,7 @@ public class ReactiveOidcIdTokenDecoderFactoryTests { @Test public void createDefaultClaimTypeConvertersWhenCalledThenDefaultsAreCorrect() { Map> claimTypeConverters = ReactiveOidcIdTokenDecoderFactory - .createDefaultClaimTypeConverters(); + .createDefaultClaimTypeConverters(); assertThat(claimTypeConverters).containsKey(IdTokenClaimNames.ISS); assertThat(claimTypeConverters).containsKey(IdTokenClaimNames.AUD); assertThat(claimTypeConverters).containsKey(IdTokenClaimNames.NONCE); @@ -91,7 +91,7 @@ public class ReactiveOidcIdTokenDecoderFactoryTests { @Test public void setClaimTypeConverterFactoryWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.idTokenDecoderFactory.setClaimTypeConverterFactory(null)); + .isThrownBy(() -> this.idTokenDecoderFactory.setClaimTypeConverterFactory(null)); } @Test @@ -102,41 +102,40 @@ public class ReactiveOidcIdTokenDecoderFactoryTests { @Test public void createDecoderWhenJwsAlgorithmDefaultAndJwkSetUriEmptyThenThrowOAuth2AuthenticationException() { assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build())) - .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " - + "for Client Registration: 'registration-id'. " - + "Check to ensure you have configured the JwkSet URI."); + .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build())) + .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " + + "for Client Registration: 'registration-id'. " + + "Check to ensure you have configured the JwkSet URI."); } @Test public void createDecoderWhenJwsAlgorithmEcAndJwkSetUriEmptyThenThrowOAuth2AuthenticationException() { this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> SignatureAlgorithm.ES256); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build())) - .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " - + "for Client Registration: 'registration-id'. " - + "Check to ensure you have configured the JwkSet URI."); + .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.jwkSetUri(null).build())) + .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " + + "for Client Registration: 'registration-id'. " + + "Check to ensure you have configured the JwkSet URI."); } @Test public void createDecoderWhenJwsAlgorithmHmacAndClientSecretNullThenThrowOAuth2AuthenticationException() { this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> MacAlgorithm.HS256); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy( - () -> this.idTokenDecoderFactory.createDecoder(this.registration.clientSecret(null).build())) - .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " - + "for Client Registration: 'registration-id'. " - + "Check to ensure you have configured the client secret."); + .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.clientSecret(null).build())) + .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " + + "for Client Registration: 'registration-id'. " + + "Check to ensure you have configured the client secret."); } @Test public void createDecoderWhenJwsAlgorithmNullThenThrowOAuth2AuthenticationException() { this.idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> null); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.build())) - .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " - + "for Client Registration: 'registration-id'. " - + "Check to ensure you have configured a valid JWS Algorithm: 'null'"); + .isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(this.registration.build())) + .withMessage("[missing_signature_verifier] Failed to find a Signature Verifier " + + "for Client Registration: 'registration-id'. " + + "Check to ensure you have configured a valid JWS Algorithm: 'null'"); } @Test @@ -150,7 +149,7 @@ public class ReactiveOidcIdTokenDecoderFactoryTests { this.idTokenDecoderFactory.setJwtValidatorFactory(customJwtValidatorFactory); ClientRegistration clientRegistration = this.registration.build(); given(customJwtValidatorFactory.apply(same(clientRegistration))) - .willReturn(new OidcIdTokenValidator(clientRegistration)); + .willReturn(new OidcIdTokenValidator(clientRegistration)); this.idTokenDecoderFactory.createDecoder(clientRegistration); verify(customJwtValidatorFactory).apply(same(clientRegistration)); } @@ -172,7 +171,7 @@ public class ReactiveOidcIdTokenDecoderFactoryTests { this.idTokenDecoderFactory.setClaimTypeConverterFactory(customClaimTypeConverterFactory); ClientRegistration clientRegistration = this.registration.build(); given(customClaimTypeConverterFactory.apply(same(clientRegistration))) - .willReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters())); + .willReturn(new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters())); this.idTokenDecoderFactory.createDecoder(clientRegistration); verify(customClaimTypeConverterFactory).apply(same(clientRegistration)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java index 5ed86f86ba..8701197018 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java @@ -72,7 +72,7 @@ public class OidcReactiveOAuth2UserServiceTests { private ReactiveOAuth2UserService oauth2UserService; private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration() - .userNameAttributeName(IdTokenClaimNames.SUB); + .userNameAttributeName(IdTokenClaimNames.SUB); private OidcIdToken idToken = TestOidcIdTokens.idToken().build(); @@ -89,7 +89,7 @@ public class OidcReactiveOAuth2UserServiceTests { @Test public void createDefaultClaimTypeConvertersWhenCalledThenDefaultsAreCorrect() { Map> claimTypeConverters = OidcReactiveOAuth2UserService - .createDefaultClaimTypeConverters(); + .createDefaultClaimTypeConverters(); assertThat(claimTypeConverters).containsKey(StandardClaimNames.EMAIL_VERIFIED); assertThat(claimTypeConverters).containsKey(StandardClaimNames.PHONE_NUMBER_VERIFIED); assertThat(claimTypeConverters).containsKey(StandardClaimNames.UPDATED_AT); @@ -120,7 +120,7 @@ public class OidcReactiveOAuth2UserServiceTests { Collections.singletonMap("user", "rob"), "user"); given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User)); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.userService.loadUser(userRequest()).block()); + .isThrownBy(() -> this.userService.loadUser(userRequest()).block()); } @Test @@ -132,7 +132,7 @@ public class OidcReactiveOAuth2UserServiceTests { "user"); given(this.oauth2UserService.loadUser(any())).willReturn(Mono.just(oauth2User)); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.userService.loadUser(userRequest()).block()); + .isThrownBy(() -> this.userService.loadUser(userRequest()).block()); } @Test @@ -171,7 +171,7 @@ public class OidcReactiveOAuth2UserServiceTests { Function.class); this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory); given(customClaimTypeConverterFactory.apply(same(userRequest.getClientRegistration()))) - .willReturn(new ClaimTypeConverter(OidcReactiveOAuth2UserService.createDefaultClaimTypeConverters())); + .willReturn(new ClaimTypeConverter(OidcReactiveOAuth2UserService.createDefaultClaimTypeConverters())); this.userService.loadUser(userRequest).block().getUserInfo(); verify(customClaimTypeConverterFactory).apply(same(userRequest.getClientRegistration())); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java index 127a68bbbd..64889d895a 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java @@ -63,19 +63,19 @@ public class OidcUserRequestTests { @Test public void constructorWhenClientRegistrationIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OidcUserRequest(null, this.accessToken, this.idToken)); + .isThrownBy(() -> new OidcUserRequest(null, this.accessToken, this.idToken)); } @Test public void constructorWhenAccessTokenIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OidcUserRequest(this.clientRegistration, null, this.idToken)); + .isThrownBy(() -> new OidcUserRequest(this.clientRegistration, null, this.idToken)); } @Test public void constructorWhenIdTokenIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OidcUserRequest(this.clientRegistration, this.accessToken, null)); + .isThrownBy(() -> new OidcUserRequest(this.clientRegistration, this.accessToken, null)); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java index 013029ba6e..6c51b974da 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java @@ -82,9 +82,10 @@ public class OidcUserServiceTests { public void setup() throws Exception { this.server = new MockWebServer(); this.server.start(); - this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().userInfoUri(null) - .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) - .userNameAttributeName(StandardClaimNames.SUB); + this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration() + .userInfoUri(null) + .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) + .userNameAttributeName(StandardClaimNames.SUB); this.accessToken = TestOAuth2AccessTokens.scopes(OidcScopes.OPENID, OidcScopes.PROFILE); Map idTokenClaims = new HashMap<>(); idTokenClaims.put(IdTokenClaimNames.ISS, "https://provider.com"); @@ -134,17 +135,17 @@ public class OidcUserServiceTests { @Test public void loadUserWhenUserInfoUriIsNullThenUserInfoEndpointNotRequested() { OidcUser user = this.userService - .loadUser(new OidcUserRequest(this.clientRegistrationBuilder.build(), this.accessToken, this.idToken)); + .loadUser(new OidcUserRequest(this.clientRegistrationBuilder.build(), this.accessToken, this.idToken)); assertThat(user.getUserInfo()).isNull(); } @Test public void loadUserWhenNonStandardScopesAuthorizedThenUserInfoEndpointNotRequested() { ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri("https://provider.com/user") - .build(); + .build(); this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2"); OidcUser user = this.userService - .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); + .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getUserInfo()).isNull(); } @@ -167,7 +168,7 @@ public class OidcUserServiceTests { this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2"); this.userService.setAccessibleScopes(Collections.singleton("scope2")); OidcUser user = this.userService - .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); + .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getUserInfo()).isNotNull(); } @@ -190,7 +191,7 @@ public class OidcUserServiceTests { this.accessToken = TestOAuth2AccessTokens.scopes("scope1", "scope2"); this.userService.setAccessibleScopes(Collections.emptySet()); OidcUser user = this.userService - .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); + .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getUserInfo()).isNotNull(); } @@ -211,7 +212,7 @@ public class OidcUserServiceTests { String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); OidcUser user = this.userService - .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); + .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getUserInfo()).isNotNull(); } @@ -231,7 +232,7 @@ public class OidcUserServiceTests { String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); OidcUser user = this.userService - .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); + .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getIdToken()).isNotNull(); assertThat(user.getUserInfo()).isNotNull(); assertThat(user.getUserInfo().getClaims().size()).isEqualTo(6); @@ -263,11 +264,12 @@ public class OidcUserServiceTests { this.server.enqueue(jsonResponse(userInfoResponse)); String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) - .userNameAttributeName(StandardClaimNames.EMAIL).build(); + .userNameAttributeName(StandardClaimNames.EMAIL) + .build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.userService - .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))) - .withMessageContaining("invalid_user_info_response"); + .isThrownBy(() -> this.userService + .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))) + .withMessageContaining("invalid_user_info_response"); } @Test @@ -277,9 +279,9 @@ public class OidcUserServiceTests { String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.userService - .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))) - .withMessageContaining("invalid_user_info_response"); + .isThrownBy(() -> this.userService + .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))) + .withMessageContaining("invalid_user_info_response"); } @Test @@ -298,10 +300,10 @@ public class OidcUserServiceTests { String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.userService - .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))) - .withMessageContaining( - "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"); + .isThrownBy(() -> this.userService + .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))) + .withMessageContaining( + "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"); } @Test @@ -310,10 +312,10 @@ public class OidcUserServiceTests { String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.userService - .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))) - .withMessageContaining( - "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"); + .isThrownBy(() -> this.userService + .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))) + .withMessageContaining( + "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"); } @Test @@ -321,10 +323,10 @@ public class OidcUserServiceTests { String userInfoUri = "https://invalid-provider.com/user"; ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.userService - .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))) - .withMessageContaining( - "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"); + .isThrownBy(() -> this.userService + .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken))) + .withMessageContaining( + "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"); } @Test @@ -342,9 +344,10 @@ public class OidcUserServiceTests { this.server.enqueue(jsonResponse(userInfoResponse)); String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) - .userNameAttributeName(StandardClaimNames.EMAIL).build(); + .userNameAttributeName(StandardClaimNames.EMAIL) + .build(); OidcUser user = this.userService - .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); + .loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(user.getName()).isEqualTo("user1@example.com"); } @@ -366,7 +369,7 @@ public class OidcUserServiceTests { ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); assertThat(this.server.takeRequest(1, TimeUnit.SECONDS).getHeader(HttpHeaders.ACCEPT)) - .isEqualTo(MediaType.APPLICATION_JSON_VALUE); + .isEqualTo(MediaType.APPLICATION_JSON_VALUE); } // gh-5500 @@ -390,7 +393,7 @@ public class OidcUserServiceTests { assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name()); assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); assertThat(request.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Bearer " + this.accessToken.getTokenValue()); + .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } // gh-5500 @@ -409,7 +412,8 @@ public class OidcUserServiceTests { this.server.enqueue(jsonResponse(userInfoResponse)); String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) - .userInfoAuthenticationMethod(AuthenticationMethod.FORM).build(); + .userInfoAuthenticationMethod(AuthenticationMethod.FORM) + .build(); this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.POST.name()); @@ -437,7 +441,7 @@ public class OidcUserServiceTests { Function.class); this.userService.setClaimTypeConverterFactory(customClaimTypeConverterFactory); given(customClaimTypeConverterFactory.apply(same(clientRegistration))) - .willReturn(new ClaimTypeConverter(OidcUserService.createDefaultClaimTypeConverters())); + .willReturn(new ClaimTypeConverter(OidcUserService.createDefaultClaimTypeConverters())); this.userService.loadUser(new OidcUserRequest(clientRegistration, this.accessToken, this.idToken)); verify(customClaimTypeConverterFactory).apply(same(clientRegistration)); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java index 5ee2ad432f..3adab7b17f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java @@ -48,7 +48,7 @@ public class ClientRegistrationTests { private static final String REDIRECT_URI = "https://example.com"; private static final Set SCOPES = Collections - .unmodifiableSet(Stream.of("openid", "profile", "email").collect(Collectors.toSet())); + .unmodifiableSet(Stream.of("openid", "profile", "email").collect(Collectors.toSet())); private static final String AUTHORIZATION_URI = "https://provider.com/oauth2/authorization"; @@ -61,7 +61,7 @@ public class ClientRegistrationTests { private static final String CLIENT_NAME = "Client 1"; private static final Map PROVIDER_CONFIGURATION_METADATA = Collections - .unmodifiableMap(createProviderConfigurationMetadata()); + .unmodifiableMap(createProviderConfigurationMetadata()); private static Map createProviderConfigurationMetadata() { Map configurationMetadata = new LinkedHashMap<>(); @@ -114,18 +114,18 @@ public class ClientRegistrationTests { assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(registration.getRedirectUri()).isEqualTo(REDIRECT_URI); assertThat(registration.getScopes()).isEqualTo(SCOPES); assertThat(registration.getProviderDetails().getAuthorizationUri()).isEqualTo(AUTHORIZATION_URI); assertThat(registration.getProviderDetails().getTokenUri()).isEqualTo(TOKEN_URI); assertThat(registration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()) - .isEqualTo(AuthenticationMethod.FORM); + .isEqualTo(AuthenticationMethod.FORM); assertThat(registration.getProviderDetails().getJwkSetUri()).isEqualTo(JWK_SET_URI); assertThat(registration.getProviderDetails().getIssuerUri()).isEqualTo(ISSUER_URI); assertThat(registration.getProviderDetails().getConfigurationMetadata()) - .isEqualTo(PROVIDER_CONFIGURATION_METADATA); + .isEqualTo(PROVIDER_CONFIGURATION_METADATA); assertThat(registration.getClientName()).isEqualTo(CLIENT_NAME); } @@ -208,7 +208,7 @@ public class ClientRegistrationTests { .build(); // @formatter:on assertThat(clientRegistration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); } @Test @@ -451,7 +451,7 @@ public class ClientRegistrationTests { assertThat(registration.getScopes()).isEqualTo(SCOPES); assertThat(registration.getProviderDetails().getAuthorizationUri()).isEqualTo(AUTHORIZATION_URI); assertThat(registration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()) - .isEqualTo(AuthenticationMethod.FORM); + .isEqualTo(AuthenticationMethod.FORM); assertThat(registration.getClientName()).isEqualTo(CLIENT_NAME); } @@ -592,7 +592,7 @@ public class ClientRegistrationTests { assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS); assertThat(registration.getScopes()).isEqualTo(SCOPES); assertThat(registration.getProviderDetails().getTokenUri()).isEqualTo(TOKEN_URI); @@ -601,18 +601,24 @@ public class ClientRegistrationTests { @Test public void buildWhenClientCredentialsGrantRegistrationIdIsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy( - () -> ClientRegistration.withRegistrationId(null).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET) - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) - .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(TOKEN_URI).build()); + assertThatIllegalArgumentException().isThrownBy(() -> ClientRegistration.withRegistrationId(null) + .clientId(CLIENT_ID) + .clientSecret(CLIENT_SECRET) + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) + .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) + .tokenUri(TOKEN_URI) + .build()); } @Test public void buildWhenClientCredentialsGrantClientIdIsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy( - () -> ClientRegistration.withRegistrationId(REGISTRATION_ID).clientId(null).clientSecret(CLIENT_SECRET) - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) - .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(TOKEN_URI).build()); + assertThatIllegalArgumentException().isThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID) + .clientId(null) + .clientSecret(CLIENT_SECRET) + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) + .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) + .tokenUri(TOKEN_URI) + .build()); } @Test @@ -640,28 +646,31 @@ public class ClientRegistrationTests { .build(); // @formatter:on assertThat(clientRegistration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); } @Test public void buildWhenClientCredentialsGrantTokenUriIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> ClientRegistration.withRegistrationId(REGISTRATION_ID) - .clientId(CLIENT_ID).clientSecret(CLIENT_SECRET) - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) - .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(null).build()); + .clientId(CLIENT_ID) + .clientSecret(CLIENT_SECRET) + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) + .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) + .tokenUri(null) + .build()); } // gh-6256 @Test public void buildWhenScopesContainASpaceThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> TestClientRegistrations.clientCredentials().scope("openid profile email").build()); + .isThrownBy(() -> TestClientRegistrations.clientCredentials().scope("openid profile email").build()); } @Test public void buildWhenScopesContainAnInvalidCharacterThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> TestClientRegistrations.clientCredentials().scope("an\"invalid\"scope").build()); + .isThrownBy(() -> TestClientRegistrations.clientCredentials().scope("an\"invalid\"scope").build()); } @Test @@ -681,7 +690,7 @@ public class ClientRegistrationTests { assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.PASSWORD); assertThat(registration.getScopes()).isEqualTo(SCOPES); assertThat(registration.getProviderDetails().getTokenUri()).isEqualTo(TOKEN_URI); @@ -743,7 +752,7 @@ public class ClientRegistrationTests { .build(); // @formatter:on assertThat(clientRegistration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); } @Test @@ -780,7 +789,7 @@ public class ClientRegistrationTests { assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); assertThat(registration.getAuthorizationGrantType()).isEqualTo(customGrantType); assertThat(registration.getScopes()).isEqualTo(SCOPES); assertThat(registration.getProviderDetails().getTokenUri()).isEqualTo(TOKEN_URI); @@ -794,9 +803,9 @@ public class ClientRegistrationTests { assertThat(clientRegistration.getScopes()).isEqualTo(updated.getScopes()); assertThat(clientRegistration.getScopes()).isNotSameAs(updated.getScopes()); assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()) - .isEqualTo(updated.getProviderDetails().getConfigurationMetadata()); + .isEqualTo(updated.getProviderDetails().getConfigurationMetadata()); assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()) - .isNotSameAs(updated.getProviderDetails().getConfigurationMetadata()); + .isNotSameAs(updated.getProviderDetails().getConfigurationMetadata()); } @Test @@ -807,7 +816,7 @@ public class ClientRegistrationTests { assertThat(clientRegistration.getClientId()).isEqualTo(updated.getClientId()); assertThat(clientRegistration.getClientSecret()).isEqualTo(updated.getClientSecret()); assertThat(clientRegistration.getClientAuthenticationMethod()) - .isEqualTo(updated.getClientAuthenticationMethod()); + .isEqualTo(updated.getClientAuthenticationMethod()); assertThat(clientRegistration.getAuthorizationGrantType()).isEqualTo(updated.getAuthorizationGrantType()); assertThat(clientRegistration.getRedirectUri()).isEqualTo(updated.getRedirectUri()); assertThat(clientRegistration.getScopes()).isEqualTo(updated.getScopes()); @@ -817,16 +826,16 @@ public class ClientRegistrationTests { assertThat(providerDetails.getTokenUri()).isEqualTo(updatedProviderDetails.getTokenUri()); ClientRegistration.ProviderDetails.UserInfoEndpoint userInfoEndpoint = providerDetails.getUserInfoEndpoint(); ClientRegistration.ProviderDetails.UserInfoEndpoint updatedUserInfoEndpoint = updatedProviderDetails - .getUserInfoEndpoint(); + .getUserInfoEndpoint(); assertThat(userInfoEndpoint.getUri()).isEqualTo(updatedUserInfoEndpoint.getUri()); assertThat(userInfoEndpoint.getAuthenticationMethod()) - .isEqualTo(updatedUserInfoEndpoint.getAuthenticationMethod()); + .isEqualTo(updatedUserInfoEndpoint.getAuthenticationMethod()); assertThat(userInfoEndpoint.getUserNameAttributeName()) - .isEqualTo(updatedUserInfoEndpoint.getUserNameAttributeName()); + .isEqualTo(updatedUserInfoEndpoint.getUserNameAttributeName()); assertThat(providerDetails.getJwkSetUri()).isEqualTo(updatedProviderDetails.getJwkSetUri()); assertThat(providerDetails.getIssuerUri()).isEqualTo(updatedProviderDetails.getIssuerUri()); assertThat(providerDetails.getConfigurationMetadata()) - .isEqualTo(updatedProviderDetails.getConfigurationMetadata()); + .isEqualTo(updatedProviderDetails.getConfigurationMetadata()); assertThat(clientRegistration.getClientName()).isEqualTo(updated.getClientName()); } @@ -845,9 +854,9 @@ public class ClientRegistrationTests { assertThat(clientRegistration.getScopes()).doesNotContain("a-new-scope"); assertThat(updated.getScopes()).containsExactly("a-new-scope"); assertThat(clientRegistration.getProviderDetails().getConfigurationMetadata()).doesNotContainKey("a-new-config") - .doesNotContainValue("a-new-value"); + .doesNotContainValue("a-new-value"); assertThat(updated.getProviderDetails().getConfigurationMetadata()).containsOnlyKeys("a-new-config") - .containsValue("a-new-value"); + .containsValue("a-new-value"); } // gh-8903 diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java index 2884f63dda..2da662c82e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java @@ -159,7 +159,7 @@ public class ClientRegistrationsTests { private void assertIssuerMetadata(ClientRegistration registration, ClientRegistration.ProviderDetails provider) { assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(registration.getRegistrationId()).isEqualTo(URI.create(this.issuer).getHost()); assertThat(registration.getClientName()).isEqualTo(this.issuer); @@ -180,7 +180,7 @@ public class ClientRegistrationsTests { public void issuerWhenResponseMissingJwksUriThenThrowsIllegalArgumentException() throws Exception { this.response.remove("jwks_uri"); assertThatIllegalArgumentException().isThrownBy(() -> registration("").build()) - .withMessageContaining("The public JWK set URI must not be null"); + .withMessageContaining("The public JWK set URI must not be null"); } // gh-7512 @@ -188,7 +188,7 @@ public class ClientRegistrationsTests { public void issuerWhenOidcFallbackResponseMissingJwksUriThenThrowsIllegalArgumentException() throws Exception { this.response.remove("jwks_uri"); assertThatIllegalArgumentException().isThrownBy(() -> registrationOidcFallback("issuer1", null).build()) - .withMessageContaining("The public JWK set URI must not be null"); + .withMessageContaining("The public JWK set URI must not be null"); } // gh-7512 @@ -264,7 +264,7 @@ public class ClientRegistrationsTests { this.response.put("grant_types_supported", Arrays.asList("urn:ietf:params:oauth:grant-type:jwt-bearer")); this.response.remove("authorization_endpoint"); ClientRegistration registration = registration("").authorizationGrantType(AuthorizationGrantType.JWT_BEARER) - .build(); + .build(); assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.JWT_BEARER); ClientRegistration.ProviderDetails provider = registration.getProviderDetails(); assertThat(provider.getAuthorizationUri()).isNull(); @@ -276,7 +276,8 @@ public class ClientRegistrationsTests { this.response.put("grant_types_supported", Arrays.asList("urn:ietf:params:oauth:grant-type:jwt-bearer")); this.response.remove("authorization_endpoint"); ClientRegistration registration = registrationOAuth2("", null) - .authorizationGrantType(AuthorizationGrantType.JWT_BEARER).build(); + .authorizationGrantType(AuthorizationGrantType.JWT_BEARER) + .build(); assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.JWT_BEARER); ClientRegistration.ProviderDetails provider = registration.getProviderDetails(); assertThat(provider.getAuthorizationUri()).isNull(); @@ -287,7 +288,7 @@ public class ClientRegistrationsTests { this.response.remove("token_endpoint_auth_methods_supported"); ClientRegistration registration = registration("").build(); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); } @Test @@ -295,7 +296,7 @@ public class ClientRegistrationsTests { this.response.remove("token_endpoint_auth_methods_supported"); ClientRegistration registration = registrationOAuth2("", null).build(); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); } // gh-9780 @@ -304,7 +305,7 @@ public class ClientRegistrationsTests { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("client_secret_basic")); ClientRegistration registration = registration("").build(); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); } // gh-9780 @@ -313,7 +314,7 @@ public class ClientRegistrationsTests { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("client_secret_basic")); ClientRegistration registration = registrationOAuth2("", null).build(); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); } @Test @@ -321,7 +322,7 @@ public class ClientRegistrationsTests { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("client_secret_post")); ClientRegistration registration = registration("").build(); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_POST); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_POST); } @Test @@ -329,7 +330,7 @@ public class ClientRegistrationsTests { this.response.put("token_endpoint_auth_methods_supported", Arrays.asList("client_secret_post")); ClientRegistration registration = registrationOAuth2("", null).build(); assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_POST); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_POST); } // gh-9780 @@ -339,7 +340,7 @@ public class ClientRegistrationsTests { ClientRegistration registration = registration("").build(); // The client_secret_basic auth method is still the default assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); } // gh-9780 @@ -349,7 +350,7 @@ public class ClientRegistrationsTests { ClientRegistration registration = registrationOAuth2("", null).build(); // The client_secret_basic auth method is still the default assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); } // gh-9780 @@ -359,7 +360,7 @@ public class ClientRegistrationsTests { ClientRegistration registration = registration("").build(); // The client_secret_basic auth method is still the default assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); } // gh-9780 @@ -369,7 +370,7 @@ public class ClientRegistrationsTests { ClientRegistration registration = registrationOAuth2("", null).build(); // The client_secret_basic auth method is still the default assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); } @Test @@ -393,7 +394,7 @@ public class ClientRegistrationsTests { ClientRegistration registration = registration("").build(); // The client_secret_basic auth method is still the default assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); } // gh-9780 @@ -403,7 +404,7 @@ public class ClientRegistrationsTests { ClientRegistration registration = registrationOAuth2("", null).build(); // The client_secret_basic auth method is still the default assertThat(registration.getClientAuthenticationMethod()) - .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); + .isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC); } @Test @@ -428,8 +429,8 @@ public class ClientRegistrationsTests { public void issuerWhenOpenIdConfigurationDoesNotMatchThenMeaningfulErrorMessage() throws Exception { this.issuer = createIssuerFromServer(""); String body = this.mapper.writeValueAsString(this.response); - MockResponse mockResponse = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE, - MediaType.APPLICATION_JSON_VALUE); + MockResponse mockResponse = new MockResponse().setBody(body) + .setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); this.server.enqueue(mockResponse); // @formatter:off assertThatIllegalStateException() @@ -443,8 +444,8 @@ public class ClientRegistrationsTests { public void issuerWhenOAuth2ConfigurationDoesNotMatchThenMeaningfulErrorMessage() throws Exception { this.issuer = createIssuerFromServer(""); String body = this.mapper.writeValueAsString(this.response); - MockResponse mockResponse = new MockResponse().setBody(body).setHeader(HttpHeaders.CONTENT_TYPE, - MediaType.APPLICATION_JSON_VALUE); + MockResponse mockResponse = new MockResponse().setBody(body) + .setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); this.server.enqueue(mockResponse); // @formatter:off assertThatIllegalStateException() @@ -479,9 +480,9 @@ public class ClientRegistrationsTests { @Override public MockResponse dispatch(RecordedRequest request) { switch (request.getPath()) { - case "/.well-known/oauth-authorization-server/issuer1": - case "/.well-known/oauth-authorization-server/": - return buildSuccessMockResponse(responseBody); + case "/.well-known/oauth-authorization-server/issuer1": + case "/.well-known/oauth-authorization-server/": + return buildSuccessMockResponse(responseBody); } return new MockResponse().setResponseCode(404); } @@ -515,9 +516,9 @@ public class ClientRegistrationsTests { @Override public MockResponse dispatch(RecordedRequest request) { switch (request.getPath()) { - case "/issuer1/.well-known/openid-configuration": - case "/.well-known/openid-configuration/": - return buildSuccessMockResponse(responseBody); + case "/issuer1/.well-known/openid-configuration": + case "/.well-known/openid-configuration/": + return buildSuccessMockResponse(responseBody); } return new MockResponse().setResponseCode(404); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java index 22bbd91465..b68505a35a 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryClientRegistrationRepositoryTests.java @@ -45,19 +45,19 @@ public class InMemoryClientRegistrationRepositoryTests { @Test public void constructorListClientRegistrationWhenNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new InMemoryClientRegistrationRepository((List) null)); + .isThrownBy(() -> new InMemoryClientRegistrationRepository((List) null)); } @Test public void constructorListClientRegistrationWhenEmptyThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new InMemoryClientRegistrationRepository(Collections.emptyList())); + .isThrownBy(() -> new InMemoryClientRegistrationRepository(Collections.emptyList())); } @Test public void constructorMapClientRegistrationWhenNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new InMemoryClientRegistrationRepository((Map) null)); + .isThrownBy(() -> new InMemoryClientRegistrationRepository((Map) null)); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java index 4bc83f1679..9fcd5bff1c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/InMemoryReactiveClientRegistrationRepositoryTests.java @@ -51,28 +51,28 @@ public class InMemoryReactiveClientRegistrationRepositoryTests { public void constructorWhenClientRegistrationArrayThenIllegalArgumentException() { ClientRegistration[] registrations = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registrations)); + .isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registrations)); } @Test public void constructorWhenClientRegistrationListThenIllegalArgumentException() { List registrations = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registrations)); + .isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registrations)); } @Test public void constructorListClientRegistrationWhenDuplicateIdThenIllegalArgumentException() { List registrations = Arrays.asList(this.registration, this.registration); assertThatIllegalStateException() - .isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registrations)); + .isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registrations)); } @Test public void constructorWhenClientRegistrationIsNullThenIllegalArgumentException() { ClientRegistration registration = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registration)); + .isThrownBy(() -> new InMemoryReactiveClientRegistrationRepository(registration)); } @Test @@ -87,7 +87,7 @@ public class InMemoryReactiveClientRegistrationRepositoryTests { @Test public void findByRegistrationIdWhenNotValidIdThenEmpty() { StepVerifier.create(this.repository.findByRegistrationId(this.registration.getRegistrationId() + "invalid")) - .verifyComplete(); + .verifyComplete(); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java index 87a9a9cbf2..06fad8adec 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/CustomUserTypesOAuth2UserServiceTests.java @@ -88,7 +88,7 @@ public class CustomUserTypesOAuth2UserServiceTests { @Test public void constructorWhenCustomUserTypesIsEmptyThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new CustomUserTypesOAuth2UserService(Collections.emptyMap())); + .isThrownBy(() -> new CustomUserTypesOAuth2UserService(Collections.emptyMap())); } @Test @@ -156,10 +156,9 @@ public class CustomUserTypesOAuth2UserServiceTests { String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy( - () -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) - .withMessageContaining( - "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"); + .isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) + .withMessageContaining( + "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"); } @Test @@ -168,10 +167,9 @@ public class CustomUserTypesOAuth2UserServiceTests { String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy( - () -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) - .withMessageContaining( - "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"); + .isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) + .withMessageContaining( + "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"); } @Test @@ -179,10 +177,9 @@ public class CustomUserTypesOAuth2UserServiceTests { String userInfoUri = "https://invalid-provider.com/user"; ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri).build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy( - () -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) - .withMessageContaining( - "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"); + .isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) + .withMessageContaining( + "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"); } private ClientRegistration.Builder withRegistrationId(String registrationId) { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java index 49e2a3c5c7..ba823f8d0e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java @@ -108,9 +108,8 @@ public class DefaultOAuth2UserServiceTests { public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() { ClientRegistration clientRegistration = this.clientRegistrationBuilder.build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy( - () -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) - .withMessageContaining("missing_user_info_uri"); + .isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) + .withMessageContaining("missing_user_info_uri"); } @Test @@ -121,9 +120,8 @@ public class DefaultOAuth2UserServiceTests { .build(); // @formatter:on assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy( - () -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) - .withMessageContaining("missing_user_name_attribute"); + .isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) + .withMessageContaining("missing_user_name_attribute"); } @Test @@ -141,7 +139,9 @@ public class DefaultOAuth2UserServiceTests { this.server.enqueue(jsonResponse(userInfoResponse)); String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) - .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); + .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) + .userNameAttributeName("user-name") + .build(); OAuth2User user = this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); assertThat(user.getName()).isEqualTo("user1"); assertThat(user.getAttributes().size()).isEqualTo(6); @@ -173,12 +173,13 @@ public class DefaultOAuth2UserServiceTests { this.server.enqueue(jsonResponse(userInfoResponse)); String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) - .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); + .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) + .userNameAttributeName("user-name") + .build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy( - () -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) - .withMessageContaining( - "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"); + .isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) + .withMessageContaining( + "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"); } @Test @@ -190,13 +191,14 @@ public class DefaultOAuth2UserServiceTests { this.server.enqueue(response); String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) - .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); + .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) + .userNameAttributeName("user-name") + .build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy( - () -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) - .withMessageContaining( - "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource") - .withMessageContaining("Error Code: insufficient_scope, Error Description: The access token expired"); + .isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) + .withMessageContaining( + "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource") + .withMessageContaining("Error Code: insufficient_scope, Error Description: The access token expired"); } @Test @@ -209,13 +211,14 @@ public class DefaultOAuth2UserServiceTests { this.server.enqueue(jsonResponse(userInfoErrorResponse).setResponseCode(400)); String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) - .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); + .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) + .userNameAttributeName("user-name") + .build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy( - () -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) - .withMessageContaining( - "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource") - .withMessageContaining("Error Code: invalid_token"); + .isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) + .withMessageContaining( + "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource") + .withMessageContaining("Error Code: invalid_token"); } @Test @@ -223,24 +226,26 @@ public class DefaultOAuth2UserServiceTests { this.server.enqueue(new MockResponse().setResponseCode(500)); String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) - .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); + .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) + .userNameAttributeName("user-name") + .build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy( - () -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) - .withMessageContaining( - "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"); + .isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) + .withMessageContaining( + "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 500 Server Error"); } @Test public void loadUserWhenUserInfoUriInvalidThenThrowOAuth2AuthenticationException() { String userInfoUri = "https://invalid-provider.com/user"; ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) - .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); + .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) + .userNameAttributeName("user-name") + .build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy( - () -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) - .withMessageContaining( - "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"); + .isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) + .withMessageContaining( + "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource"); } // gh-5294 @@ -259,10 +264,12 @@ public class DefaultOAuth2UserServiceTests { this.server.enqueue(jsonResponse(userInfoResponse)); String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) - .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); + .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) + .userNameAttributeName("user-name") + .build(); this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); assertThat(this.server.takeRequest(1, TimeUnit.SECONDS).getHeader(HttpHeaders.ACCEPT)) - .isEqualTo(MediaType.APPLICATION_JSON_VALUE); + .isEqualTo(MediaType.APPLICATION_JSON_VALUE); } // gh-5500 @@ -281,13 +288,15 @@ public class DefaultOAuth2UserServiceTests { this.server.enqueue(jsonResponse(userInfoResponse)); String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) - .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); + .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) + .userNameAttributeName("user-name") + .build(); this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name()); assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); assertThat(request.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Bearer " + this.accessToken.getTokenValue()); + .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } // gh-5500 @@ -306,7 +315,9 @@ public class DefaultOAuth2UserServiceTests { this.server.enqueue(jsonResponse(userInfoResponse)); String userInfoUri = this.server.url("/user").toString(); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) - .userInfoAuthenticationMethod(AuthenticationMethod.FORM).userNameAttributeName("user-name").build(); + .userInfoAuthenticationMethod(AuthenticationMethod.FORM) + .userNameAttributeName("user-name") + .build(); this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken)); RecordedRequest request = this.server.takeRequest(); assertThat(request.getMethod()).isEqualTo(HttpMethod.POST.name()); @@ -352,13 +363,14 @@ public class DefaultOAuth2UserServiceTests { response.setBody("invalid content type"); this.server.enqueue(response); ClientRegistration clientRegistration = this.clientRegistrationBuilder.userInfoUri(userInfoUri) - .userInfoAuthenticationMethod(AuthenticationMethod.HEADER).userNameAttributeName("user-name").build(); + .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) + .userNameAttributeName("user-name") + .build(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy( - () -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) - .withMessageContaining( - "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource " - + "from '" + userInfoUri + "': response contains invalid content type 'text/plain'."); + .isThrownBy(() -> this.userService.loadUser(new OAuth2UserRequest(clientRegistration, this.accessToken))) + .withMessageContaining( + "[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource " + + "from '" + userInfoUri + "': response contains invalid content type 'text/plain'."); } private DefaultOAuth2UserService withMockResponse(Map response) { @@ -366,7 +378,7 @@ public class DefaultOAuth2UserServiceTests { Converter> requestEntityConverter = mock(Converter.class); RestOperations rest = mock(RestOperations.class); given(rest.exchange(nullable(RequestEntity.class), any(ParameterizedTypeReference.class))) - .willReturn(responseEntity); + .willReturn(responseEntity); DefaultOAuth2UserService userService = new DefaultOAuth2UserService(); userService.setRequestEntityConverter(requestEntityConverter); userService.setRestOperations(rest); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java index 1a215ca8b6..6b8bdb2840 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java @@ -98,9 +98,10 @@ public class DefaultReactiveOAuth2UserServiceTests { @Test public void loadUserWhenUserInfoUriIsNullThenThrowOAuth2AuthenticationException() { this.clientRegistration.userInfoUri(null); - StepVerifier.create(this.userService.loadUser(oauth2UserRequest())).expectErrorSatisfies((ex) -> assertThat(ex) - .isInstanceOf(OAuth2AuthenticationException.class).hasMessageContaining("missing_user_info_uri")) - .verify(); + StepVerifier.create(this.userService.loadUser(oauth2UserRequest())) + .expectErrorSatisfies((ex) -> assertThat(ex).isInstanceOf(OAuth2AuthenticationException.class) + .hasMessageContaining("missing_user_info_uri")) + .verify(); } @Test @@ -159,7 +160,8 @@ public class DefaultReactiveOAuth2UserServiceTests { + "}\n"; // @formatter:on this.server.enqueue(new MockResponse().setResponseCode(201) - .setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE).setBody(userInfoResponse)); + .setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) + .setBody(userInfoResponse)); assertThatNoException().isThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block()); } @@ -183,7 +185,7 @@ public class DefaultReactiveOAuth2UserServiceTests { assertThat(request.getMethod()).isEqualTo(HttpMethod.GET.name()); assertThat(request.getHeader(HttpHeaders.ACCEPT)).isEqualTo(MediaType.APPLICATION_JSON_VALUE); assertThat(request.getHeader(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Bearer " + this.accessToken.getTokenValue()); + .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } // gh-5500 @@ -223,24 +225,25 @@ public class DefaultReactiveOAuth2UserServiceTests { // @formatter:on enqueueApplicationJsonBody(userInfoResponse); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block()) - .withMessageContaining("invalid_user_info_response"); + .isThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block()) + .withMessageContaining("invalid_user_info_response"); } @Test public void loadUserWhenUserInfoErrorResponseThenThrowOAuth2AuthenticationException() { this.server.enqueue(new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) - .setResponseCode(500).setBody("{}")); + .setResponseCode(500) + .setBody("{}")); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block()) - .withMessageContaining("invalid_user_info_response"); + .isThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block()) + .withMessageContaining("invalid_user_info_response"); } @Test public void loadUserWhenUserInfoUriInvalidThenThrowOAuth2AuthenticationException() { this.clientRegistration.userInfoUri("https://invalid-provider.com/user"); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block()); + .isThrownBy(() -> this.userService.loadUser(oauth2UserRequest()).block()); } @Test @@ -280,11 +283,11 @@ public class DefaultReactiveOAuth2UserServiceTests { this.server.enqueue(response); OAuth2UserRequest userRequest = oauth2UserRequest(); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.userService.loadUser(userRequest).block()).withMessageContaining( - "[invalid_user_info_response] An error occurred while attempting to " - + "retrieve the UserInfo Resource from '" + userRequest.getClientRegistration() - .getProviderDetails().getUserInfoEndpoint().getUri() - + "': " + "response contains invalid content type 'text/plain'"); + .isThrownBy(() -> this.userService.loadUser(userRequest).block()) + .withMessageContaining("[invalid_user_info_response] An error occurred while attempting to " + + "retrieve the UserInfo Resource from '" + + userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri() + "': " + + "response contains invalid content type 'text/plain'"); } private DefaultReactiveOAuth2UserService withMockResponse(Map body) { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java index f717c9b896..a50660ad54 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DelegatingOAuth2UserServiceTests.java @@ -44,7 +44,7 @@ public class DelegatingOAuth2UserServiceTests { @Test public void constructorWhenUserServicesIsEmptyThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingOAuth2UserService<>(Collections.emptyList())); + .isThrownBy(() -> new DelegatingOAuth2UserService<>(Collections.emptyList())); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java index 79d726c2bc..4810e33b68 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestEntityConverterTests.java @@ -52,30 +52,31 @@ public class OAuth2UserRequestEntityConverterTests { RequestEntity requestEntity = this.converter.convert(userRequest); assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.GET); assertThat(requestEntity.getUrl().toASCIIString()) - .isEqualTo(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()); + .isEqualTo(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()); HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Bearer " + userRequest.getAccessToken().getTokenValue()); + .isEqualTo("Bearer " + userRequest.getAccessToken().getTokenValue()); } @SuppressWarnings("unchecked") @Test public void convertWhenAuthenticationMethodFormThenPostRequest() { ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() - .userInfoAuthenticationMethod(AuthenticationMethod.FORM).build(); + .userInfoAuthenticationMethod(AuthenticationMethod.FORM) + .build(); OAuth2UserRequest userRequest = new OAuth2UserRequest(clientRegistration, this.createAccessToken()); RequestEntity requestEntity = this.converter.convert(userRequest); assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()) - .isEqualTo(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()); + .isEqualTo(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()); HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON); assertThat(headers.getContentType()) - .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); + .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.ACCESS_TOKEN)) - .isEqualTo(userRequest.getAccessToken().getTokenValue()); + .isEqualTo(userRequest.getAccessToken().getTokenValue()); } private OAuth2AccessToken createAccessToken() { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java index 57ec548b76..793c60fdcc 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests.java @@ -60,7 +60,7 @@ public class AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests { this.authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository( this.authorizedClientService); this.authorizedClientRepository - .setAnonymousAuthorizedClientRepository(this.anonymousAuthorizedClientRepository); + .setAnonymousAuthorizedClientRepository(this.anonymousAuthorizedClientRepository); this.request = new MockHttpServletRequest(); this.response = new MockHttpServletResponse(); } @@ -68,13 +68,13 @@ public class AuthenticatedPrincipalOAuth2AuthorizedClientRepositoryTests { @Test public void constructorWhenAuthorizedClientServiceIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(null)); + .isThrownBy(() -> new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(null)); } @Test public void setAuthorizedClientRepositoryWhenAuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientRepository.setAnonymousAuthorizedClientRepository(null)); + .isThrownBy(() -> this.authorizedClientRepository.setAnonymousAuthorizedClientRepository(null)); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java index 0345f55a29..46b7a986c6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java @@ -93,14 +93,14 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { @Test public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy( - () -> new DefaultOAuth2AuthorizationRequestResolver(null, this.authorizationRequestBaseUri)); + assertThatIllegalArgumentException() + .isThrownBy(() -> new DefaultOAuth2AuthorizationRequestResolver(null, this.authorizationRequestBaseUri)); } @Test public void constructorWhenAuthorizationRequestBaseUriIsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy( - () -> new DefaultOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository, null)); + assertThatIllegalArgumentException() + .isThrownBy(() -> new DefaultOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository, null)); } @Test @@ -157,22 +157,22 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest).isNotNull(); assertThat(authorizationRequest.getAuthorizationUri()) - .isEqualTo(clientRegistration.getProviderDetails().getAuthorizationUri()); + .isEqualTo(clientRegistration.getProviderDetails().getAuthorizationUri()); assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE); assertThat(authorizationRequest.getClientId()).isEqualTo(clientRegistration.getClientId()); assertThat(authorizationRequest.getRedirectUri()) - .isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); + .isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); assertThat(authorizationRequest.getScopes()).isEqualTo(clientRegistration.getScopes()); assertThat(authorizationRequest.getState()).isNotNull(); assertThat(authorizationRequest.getAdditionalParameters()) - .doesNotContainKey(OAuth2ParameterNames.REGISTRATION_ID); + .doesNotContainKey(OAuth2ParameterNames.REGISTRATION_ID); assertThat(authorizationRequest.getAttributes()) - .containsExactly(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId())); + .containsExactly(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId())); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=read:user&state=.{15,}&" - + "redirect_uri=http://localhost/login/oauth2/code/registration-id"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=read:user&state=.{15,}&" + + "redirect_uri=http://localhost/login/oauth2/code/registration-id"); } @Test @@ -185,7 +185,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { clientRegistration.getRegistrationId()); assertThat(authorizationRequest).isNotNull(); assertThat(authorizationRequest.getAttributes()) - .containsExactly(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId())); + .containsExactly(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId())); } @Test @@ -197,7 +197,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) - .isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); + .isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); } @Test @@ -210,7 +210,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) - .isEqualTo("http://localhost:8080/login/oauth2/code/" + clientRegistration.getRegistrationId()); + .isEqualTo("http://localhost:8080/login/oauth2/code/" + clientRegistration.getRegistrationId()); } @Test @@ -224,7 +224,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) - .isEqualTo("https://localhost:8081/login/oauth2/code/" + clientRegistration.getRegistrationId()); + .isEqualTo("https://localhost:8081/login/oauth2/code/" + clientRegistration.getRegistrationId()); } @Test @@ -238,7 +238,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) - .isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); + .isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); } @Test @@ -252,7 +252,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) - .isEqualTo("https://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); + .isEqualTo("https://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); } @Test @@ -266,7 +266,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) - .isEqualTo("https://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); + .isEqualTo("https://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); } // gh-5520 @@ -280,7 +280,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri()); assertThat(authorizationRequest.getRedirectUri()) - .isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); + .isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); } @Test @@ -294,9 +294,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=read:user&state=.{15,}&" - + "redirect_uri=http://localhost/login/oauth2/code/registration-id"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=read:user&state=.{15,}&" + + "redirect_uri=http://localhost/login/oauth2/code/registration-id"); } @Test @@ -310,9 +310,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=read:user&state=.{15,}&" - + "redirect_uri=https://example.com/login/oauth2/code/registration-id"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=read:user&state=.{15,}&" + + "redirect_uri=https://example.com/login/oauth2/code/registration-id"); } @Test @@ -324,9 +324,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request, clientRegistration.getRegistrationId()); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=read:user&state=.{15,}&" - + "redirect_uri=http://localhost/authorize/oauth2/code/registration-id"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=read:user&state=.{15,}&" + + "redirect_uri=http://localhost/authorize/oauth2/code/registration-id"); } @Test @@ -337,9 +337,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id-2&" - + "scope=read:user&state=.{15,}&" - + "redirect_uri=http://localhost/login/oauth2/code/registration-id-2"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id-2&" + + "scope=read:user&state=.{15,}&" + + "redirect_uri=http://localhost/login/oauth2/code/registration-id-2"); } @Test @@ -351,9 +351,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=read:user&state=.{15,}&" - + "redirect_uri=http://localhost/authorize/oauth2/code/registration-id"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=read:user&state=.{15,}&" + + "redirect_uri=http://localhost/authorize/oauth2/code/registration-id"); } @Test @@ -365,9 +365,9 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id-2&" - + "scope=read:user&state=.{15,}&" - + "redirect_uri=http://localhost/login/oauth2/code/registration-id-2"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id-2&" + + "scope=read:user&state=.{15,}&" + + "redirect_uri=http://localhost/login/oauth2/code/registration-id-2"); } @Test @@ -379,29 +379,29 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest).isNotNull(); assertThat(authorizationRequest.getAuthorizationUri()) - .isEqualTo(clientRegistration.getProviderDetails().getAuthorizationUri()); + .isEqualTo(clientRegistration.getProviderDetails().getAuthorizationUri()); assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE); assertThat(authorizationRequest.getClientId()).isEqualTo(clientRegistration.getClientId()); assertThat(authorizationRequest.getRedirectUri()) - .isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); + .isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); assertThat(authorizationRequest.getScopes()).isEqualTo(clientRegistration.getScopes()); assertThat(authorizationRequest.getState()).isNotNull(); assertThat(authorizationRequest.getAdditionalParameters()) - .doesNotContainKey(OAuth2ParameterNames.REGISTRATION_ID); + .doesNotContainKey(OAuth2ParameterNames.REGISTRATION_ID); assertThat(authorizationRequest.getAdditionalParameters()).containsKey(PkceParameterNames.CODE_CHALLENGE); assertThat(authorizationRequest.getAdditionalParameters()) - .contains(entry(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256")); + .contains(entry(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256")); assertThat(authorizationRequest.getAttributes()) - .contains(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId())); + .contains(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId())); assertThat(authorizationRequest.getAttributes()).containsKey(PkceParameterNames.CODE_VERIFIER); assertThat((String) authorizationRequest.getAttribute(PkceParameterNames.CODE_VERIFIER)) - .matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); + .matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" - + "response_type=code&client_id=public-client-id&" + "scope=read:user&state=.{15,}&" - + "redirect_uri=http://localhost/login/oauth2/code/public-client-registration-id&" - + "code_challenge=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "code_challenge_method=S256"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=public-client-id&" + + "scope=read:user&state=.{15,}&" + + "redirect_uri=http://localhost/login/oauth2/code/public-client-registration-id&" + + "code_challenge=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "code_challenge_method=S256"); } // gh-6548 @@ -455,27 +455,27 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { ClientRegistration clientRegistration) { assertThat(authorizationRequest.getAdditionalParameters()).containsKey(PkceParameterNames.CODE_CHALLENGE); assertThat(authorizationRequest.getAdditionalParameters()) - .contains(entry(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256")); + .contains(entry(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256")); assertThat(authorizationRequest.getAttributes()).containsKey(PkceParameterNames.CODE_VERIFIER); assertThat((String) authorizationRequest.getAttribute(PkceParameterNames.CODE_VERIFIER)) - .matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); + .matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "client_id=" - + clientRegistration.getClientId() + "&" + "scope=read:user&" + "state=.{15,}&" - + "redirect_uri=http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId() - + "&" + "code_challenge=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "code_challenge_method=S256"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "client_id=" + + clientRegistration.getClientId() + "&" + "scope=read:user&" + "state=.{15,}&" + + "redirect_uri=http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId() + "&" + + "code_challenge=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "code_challenge_method=S256"); } private void assertPkceNotApplied(OAuth2AuthorizationRequest authorizationRequest, ClientRegistration clientRegistration) { assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(PkceParameterNames.CODE_CHALLENGE); assertThat(authorizationRequest.getAdditionalParameters()) - .doesNotContainKey(PkceParameterNames.CODE_CHALLENGE_METHOD); + .doesNotContainKey(PkceParameterNames.CODE_CHALLENGE_METHOD); assertThat(authorizationRequest.getAttributes()).doesNotContainKey(PkceParameterNames.CODE_VERIFIER); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "client_id=" - + clientRegistration.getClientId() + "&" + "scope=read:user&" + "state=.{15,}&" - + "redirect_uri=http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "client_id=" + + clientRegistration.getClientId() + "&" + "scope=read:user&" + "state=.{15,}&" + + "redirect_uri=http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); } @Test @@ -487,27 +487,27 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest).isNotNull(); assertThat(authorizationRequest.getAuthorizationUri()) - .isEqualTo(clientRegistration.getProviderDetails().getAuthorizationUri()); + .isEqualTo(clientRegistration.getProviderDetails().getAuthorizationUri()); assertThat(authorizationRequest.getGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(authorizationRequest.getResponseType()).isEqualTo(OAuth2AuthorizationResponseType.CODE); assertThat(authorizationRequest.getClientId()).isEqualTo(clientRegistration.getClientId()); assertThat(authorizationRequest.getRedirectUri()) - .isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); + .isEqualTo("http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId()); assertThat(authorizationRequest.getScopes()).isEqualTo(clientRegistration.getScopes()); assertThat(authorizationRequest.getState()).isNotNull(); assertThat(authorizationRequest.getAdditionalParameters()) - .doesNotContainKey(OAuth2ParameterNames.REGISTRATION_ID); + .doesNotContainKey(OAuth2ParameterNames.REGISTRATION_ID); assertThat(authorizationRequest.getAdditionalParameters()).containsKey(OidcParameterNames.NONCE); assertThat(authorizationRequest.getAttributes()) - .contains(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId())); + .contains(entry(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId())); assertThat(authorizationRequest.getAttributes()).containsKey(OidcParameterNames.NONCE); assertThat((String) authorizationRequest.getAttribute(OidcParameterNames.NONCE)) - .matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); + .matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=openid&state=.{15,}&" - + "redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id&" - + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=openid&state=.{15,}&" + + "redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id&" + + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}"); } // gh-7696 @@ -519,15 +519,15 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { request.setServletPath(requestUri); this.resolver.setAuthorizationRequestCustomizer( (builder) -> builder.additionalParameters((params) -> params.remove(OidcParameterNames.NONCE)) - .attributes((attrs) -> attrs.remove(OidcParameterNames.NONCE))); + .attributes((attrs) -> attrs.remove(OidcParameterNames.NONCE))); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OidcParameterNames.NONCE); assertThat(authorizationRequest.getAttributes()).doesNotContainKey(OidcParameterNames.NONCE); assertThat(authorizationRequest.getAttributes()).containsKey(OAuth2ParameterNames.REGISTRATION_ID); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=openid&state=.{15,}&" - + "redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=openid&state=.{15,}&" + + "redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id"); } @Test @@ -542,10 +542,10 @@ public class DefaultOAuth2AuthorizationRequestResolverTests { })); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=openid&state=.{15,}&" - + "redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id&" - + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "param1=value1"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=openid&state=.{15,}&" + + "redirect_uri=http://localhost/login/oauth2/code/oidc-registration-id&" + + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "param1=value1"); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java index 8fe786146f..95fa24f9d6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManagerTests.java @@ -134,67 +134,70 @@ public class DefaultOAuth2AuthorizedClientManagerTests { @Test public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultOAuth2AuthorizedClientManager(null, this.authorizedClientRepository)) - .withMessage("clientRegistrationRepository cannot be null"); + .isThrownBy(() -> new DefaultOAuth2AuthorizedClientManager(null, this.authorizedClientRepository)) + .withMessage("clientRegistrationRepository cannot be null"); } @Test public void constructorWhenOAuth2AuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null)) - .withMessage("authorizedClientRepository cannot be null"); + .isThrownBy(() -> new DefaultOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null)) + .withMessage("authorizedClientRepository cannot be null"); } @Test public void setAuthorizedClientProviderWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null)) - .withMessage("authorizedClientProvider cannot be null"); + .isThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null)) + .withMessage("authorizedClientProvider cannot be null"); } @Test public void setContextAttributesMapperWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null)) - .withMessage("contextAttributesMapper cannot be null"); + .isThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null)) + .withMessage("contextAttributesMapper cannot be null"); } @Test public void setAuthorizationSuccessHandlerWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null)) - .withMessage("authorizationSuccessHandler cannot be null"); + .isThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null)) + .withMessage("authorizationSuccessHandler cannot be null"); } @Test public void setAuthorizationFailureHandlerWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null)) - .withMessage("authorizationFailureHandler cannot be null"); + .isThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null)) + .withMessage("authorizationFailureHandler cannot be null"); } @Test public void authorizeWhenRequestIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(null)) - .withMessage("authorizeRequest cannot be null"); + .withMessage("authorizeRequest cannot be null"); } @Test public void authorizeWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() { OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest)) - .withMessage("servletRequest cannot be null"); + .withMessage("servletRequest cannot be null"); } @Test public void authorizeWhenHttpServletResponseIsNullThenThrowIllegalArgumentException() { OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .attribute(HttpServletRequest.class.getName(), this.request).build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .attribute(HttpServletRequest.class.getName(), this.request) + .build(); assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest)) - .withMessage("servletResponse cannot be null"); + .withMessage("servletResponse cannot be null"); } @Test @@ -210,14 +213,14 @@ public class DefaultOAuth2AuthorizedClientManagerTests { .build(); // @formatter:on assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest)) - .withMessage("Could not find ClientRegistration with id 'invalid-registration-id'"); + .withMessage("Could not find ClientRegistration with id 'invalid-registration-id'"); } @SuppressWarnings("unchecked") @Test public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(this.clientRegistration); + .willReturn(this.clientRegistration); // @formatter:off OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()) @@ -244,9 +247,9 @@ public class DefaultOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(this.clientRegistration); + .willReturn(this.clientRegistration); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(this.authorizedClient); + .willReturn(this.authorizedClient); // @formatter:off OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()) @@ -275,13 +278,14 @@ public class DefaultOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(this.clientRegistration); + .willReturn(this.clientRegistration); given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), - eq(this.principal), eq(this.request))).willReturn(this.authorizedClient); + eq(this.principal), eq(this.request))) + .willReturn(this.authorizedClient); OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(reauthorizedClient); + .willReturn(reauthorizedClient); // @formatter:off OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest .withClientRegistrationId(this.clientRegistration.getRegistrationId()) @@ -309,9 +313,9 @@ public class DefaultOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenRequestParameterUsernamePasswordThenMappedToContext() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(this.clientRegistration); + .willReturn(this.clientRegistration); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(this.authorizedClient); + .willReturn(this.authorizedClient); // Set custom contextAttributesMapper this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> { Map contextAttributes = new HashMap<>(); @@ -376,7 +380,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(reauthorizedClient); + .willReturn(reauthorizedClient); // @formatter:off OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal) @@ -405,10 +409,10 @@ public class DefaultOAuth2AuthorizedClientManagerTests { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(reauthorizedClient); + .willReturn(reauthorizedClient); // Override the mock with the default this.authorizedClientManager - .setContextAttributesMapper(new DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper()); + .setContextAttributesMapper(new DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper()); this.request.addParameter(OAuth2ParameterNames.SCOPE, "read write"); // @formatter:off OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) @@ -423,7 +427,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests { verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); String[] requestScopeAttribute = authorizationContext - .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); + .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); assertThat(requestScopeAttribute).contains("read", "write"); } @@ -433,7 +437,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests { new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willThrow(authorizationException); + .willThrow(authorizationException); // @formatter:off OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal) @@ -444,8 +448,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests { .build(); // @formatter:on assertThatExceptionOfType(ClientAuthorizationException.class) - .isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) - .isEqualTo(authorizationException); + .isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) + .isEqualTo(authorizationException); verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any()); verify(this.authorizedClientRepository).removeAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), @@ -457,7 +461,7 @@ public class DefaultOAuth2AuthorizedClientManagerTests { ClientAuthorizationException authorizationException = new ClientAuthorizationException( new OAuth2Error("non-matching-error-code", null, null), this.clientRegistration.getRegistrationId()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willThrow(authorizationException); + .willThrow(authorizationException); // @formatter:off OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) .principal(this.principal) @@ -468,8 +472,8 @@ public class DefaultOAuth2AuthorizedClientManagerTests { .build(); // @formatter:on assertThatExceptionOfType(ClientAuthorizationException.class) - .isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) - .isEqualTo(authorizationException); + .isThrownBy(() -> this.authorizedClientManager.authorize(reauthorizeRequest)) + .isEqualTo(authorizationException); verify(this.authorizationFailureHandler).onAuthorizationFailure(eq(authorizationException), eq(this.principal), any()); verifyNoInteractions(this.authorizedClientRepository); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java index c21d405033..4287b0e675 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManagerTests.java @@ -104,14 +104,16 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { this.authorizedClientRepository = mock(ServerOAuth2AuthorizedClientRepository.class); this.loadAuthorizedClientProbe = PublisherProbe.empty(); given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(Authentication.class), - any(ServerWebExchange.class))).willReturn(this.loadAuthorizedClientProbe.mono()); + any(ServerWebExchange.class))) + .willReturn(this.loadAuthorizedClientProbe.mono()); this.saveAuthorizedClientProbe = PublisherProbe.empty(); given(this.authorizedClientRepository.saveAuthorizedClient(any(OAuth2AuthorizedClient.class), any(Authentication.class), any(ServerWebExchange.class))) - .willReturn(this.saveAuthorizedClientProbe.mono()); + .willReturn(this.saveAuthorizedClientProbe.mono()); this.removeAuthorizedClientProbe = PublisherProbe.empty(); given(this.authorizedClientRepository.removeAuthorizedClient(any(String.class), any(Authentication.class), - any(ServerWebExchange.class))).willReturn(this.removeAuthorizedClientProbe.mono()); + any(ServerWebExchange.class))) + .willReturn(this.removeAuthorizedClientProbe.mono()); this.authorizedClientProvider = mock(ReactiveOAuth2AuthorizedClientProvider.class); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))).willReturn(Mono.empty()); this.contextAttributesMapper = mock(Function.class); @@ -132,82 +134,85 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { @Test public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy( - () -> new DefaultReactiveOAuth2AuthorizedClientManager(null, this.authorizedClientRepository)) - .withMessage("clientRegistrationRepository cannot be null"); + .isThrownBy(() -> new DefaultReactiveOAuth2AuthorizedClientManager(null, this.authorizedClientRepository)) + .withMessage("clientRegistrationRepository cannot be null"); } @Test public void constructorWhenOAuth2AuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy( - () -> new DefaultReactiveOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null)) - .withMessage("authorizedClientRepository cannot be null"); + .isThrownBy(() -> new DefaultReactiveOAuth2AuthorizedClientManager(this.clientRegistrationRepository, null)) + .withMessage("authorizedClientRepository cannot be null"); } @Test public void setAuthorizedClientProviderWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null)) - .withMessage("authorizedClientProvider cannot be null"); + .isThrownBy(() -> this.authorizedClientManager.setAuthorizedClientProvider(null)) + .withMessage("authorizedClientProvider cannot be null"); } @Test public void setAuthorizationSuccessHandlerWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null)) - .withMessage("authorizationSuccessHandler cannot be null"); + .isThrownBy(() -> this.authorizedClientManager.setAuthorizationSuccessHandler(null)) + .withMessage("authorizationSuccessHandler cannot be null"); } @Test public void setAuthorizationFailureHandlerWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null)) - .withMessage("authorizationFailureHandler cannot be null"); + .isThrownBy(() -> this.authorizedClientManager.setAuthorizationFailureHandler(null)) + .withMessage("authorizationFailureHandler cannot be null"); } @Test public void setContextAttributesMapperWhenNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null)) - .withMessage("contextAttributesMapper cannot be null"); + .isThrownBy(() -> this.authorizedClientManager.setContextAttributesMapper(null)) + .withMessage("contextAttributesMapper cannot be null"); } @Test public void authorizeWhenRequestIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientManager.authorize(null).block()) - .withMessage("authorizeRequest cannot be null"); + .withMessage("authorizeRequest cannot be null"); } @Test public void authorizeWhenExchangeIsNullThenThrowIllegalArgumentException() { OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block()) - .withMessage("serverWebExchange cannot be null"); + .isThrownBy(() -> this.authorizedClientManager.authorize(authorizeRequest).block()) + .withMessage("serverWebExchange cannot be null"); } @Test public void authorizeWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() { OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId("invalid-registration-id").principal(this.principal).build(); + .withClientRegistrationId("invalid-registration-id") + .principal(this.principal) + .build(); assertThatIllegalArgumentException().isThrownBy( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) - .withMessage("Could not find ClientRegistration with id 'invalid-registration-id'"); + .withMessage("Could not find ClientRegistration with id 'invalid-registration-id'"); } @SuppressWarnings("unchecked") @Test public void authorizeWhenNotAuthorizedAndUnsupportedProviderThenNotAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest) - .subscriberContext(this.context).block(); + .subscriberContext(this.context) + .block(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -223,14 +228,16 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenNotAuthorizedAndSupportedProviderThenAuthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.just(this.authorizedClient)); + .willReturn(Mono.just(this.authorizedClient)); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest) - .subscriberContext(this.context).block(); + .subscriberContext(this.context) + .block(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -248,17 +255,19 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenNotAuthorizedAndSupportedProviderAndCustomSuccessHandlerThenInvokeCustomSuccessHandler() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.just(this.authorizedClient)); + .willReturn(Mono.just(this.authorizedClient)); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); PublisherProbe authorizationSuccessHandlerProbe = PublisherProbe.empty(); - this.authorizedClientManager.setAuthorizationSuccessHandler( - (client, principal, attributes) -> authorizationSuccessHandlerProbe.mono()); + this.authorizedClientManager + .setAuthorizationSuccessHandler((client, principal, attributes) -> authorizationSuccessHandlerProbe.mono()); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest) - .subscriberContext(this.context).block(); + .subscriberContext(this.context) + .block(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -275,18 +284,19 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenInvalidTokenThenRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null), this.clientRegistration.getRegistrationId()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.error(exception)); + .willReturn(Mono.error(exception)); assertThatExceptionOfType(ClientAuthorizationException.class).isThrownBy( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) - .isEqualTo(exception); + .isEqualTo(exception); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -303,18 +313,19 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenInvalidGrantThenRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null), this.clientRegistration.getRegistrationId()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.error(exception)); + .willReturn(Mono.error(exception)); assertThatExceptionOfType(ClientAuthorizationException.class).isThrownBy( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) - .isEqualTo(exception); + .isEqualTo(exception); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -331,18 +342,19 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenServerErrorThenDoNotRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); ClientAuthorizationException exception = new ClientAuthorizationException( new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null), this.clientRegistration.getRegistrationId()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.error(exception)); + .willReturn(Mono.error(exception)); assertThatExceptionOfType(ClientAuthorizationException.class).isThrownBy( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) - .isEqualTo(exception); + .isEqualTo(exception); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -357,17 +369,18 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenOAuth2AuthorizationExceptionThenDoNotRemoveAuthorizedClient() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null)); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.error(exception)); + .willReturn(Mono.error(exception)); assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) - .isEqualTo(exception); + .isEqualTo(exception); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -382,20 +395,21 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenOAuth2AuthorizationExceptionAndCustomFailureHandlerThenInvokeCustomFailureHandler() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT, null, null)); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.error(exception)); + .willReturn(Mono.error(exception)); PublisherProbe authorizationFailureHandlerProbe = PublisherProbe.empty(); - this.authorizedClientManager.setAuthorizationFailureHandler( - (client, principal, attributes) -> authorizationFailureHandlerProbe.mono()); + this.authorizedClientManager + .setAuthorizationFailureHandler((client, principal, attributes) -> authorizationFailureHandlerProbe.mono()); assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy( () -> this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block()) - .isEqualTo(exception); + .isEqualTo(exception); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(authorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -411,19 +425,22 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenAuthorizedAndSupportedProviderThenReauthorized() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); this.loadAuthorizedClientProbe = PublisherProbe.of(Mono.just(this.authorizedClient)); given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.clientRegistration.getRegistrationId()), - eq(this.principal), eq(this.serverWebExchange))).willReturn(this.loadAuthorizedClientProbe.mono()); + eq(this.principal), eq(this.serverWebExchange))) + .willReturn(this.loadAuthorizedClientProbe.mono()); OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.just(reauthorizedClient)); + .willReturn(Mono.just(reauthorizedClient)); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest) - .subscriberContext(this.context).block(); + .subscriberContext(this.context) + .block(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(any()); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -440,26 +457,30 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { @Test public void authorizeWhenRequestFormParameterUsernamePasswordThenMappedToContext() { given(this.clientRegistrationRepository.findByRegistrationId(eq(this.clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.just(this.authorizedClient)); + .willReturn(Mono.just(this.authorizedClient)); // Set custom contextAttributesMapper capable of mapping the form parameters - this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> currentServerWebExchange() - .flatMap(ServerWebExchange::getFormData).map((formData) -> { - Map contextAttributes = new HashMap<>(); - String username = formData.getFirst(OAuth2ParameterNames.USERNAME); - contextAttributes.put(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username); - String password = formData.getFirst(OAuth2ParameterNames.PASSWORD); - contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password); - return contextAttributes; - })); - this.serverWebExchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/") - .contentType(MediaType.APPLICATION_FORM_URLENCODED).body("username=username&password=password")) - .build(); + this.authorizedClientManager.setContextAttributesMapper( + (authorizeRequest) -> currentServerWebExchange().flatMap(ServerWebExchange::getFormData) + .map((formData) -> { + Map contextAttributes = new HashMap<>(); + String username = formData.getFirst(OAuth2ParameterNames.USERNAME); + contextAttributes.put(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username); + String password = formData.getFirst(OAuth2ParameterNames.PASSWORD); + contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password); + return contextAttributes; + })); + this.serverWebExchange = MockServerWebExchange + .builder(MockServerHttpRequest.post("/") + .contentType(MediaType.APPLICATION_FORM_URLENCODED) + .body("username=username&password=password")) + .build(); this.context = Context.of(ServerWebExchange.class, this.serverWebExchange); OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest - .withClientRegistrationId(this.clientRegistration.getRegistrationId()).principal(this.principal) - .build(); + .withClientRegistrationId(this.clientRegistration.getRegistrationId()) + .principal(this.principal) + .build(); this.authorizedClientManager.authorize(authorizeRequest).subscriberContext(this.context).block(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -473,9 +494,11 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { @Test public void reauthorizeWhenUnsupportedProviderThenNotReauthorized() { OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) - .principal(this.principal).build(); + .principal(this.principal) + .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest) - .subscriberContext(this.context).block(); + .subscriberContext(this.context) + .block(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -492,11 +515,13 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.just(reauthorizedClient)); + .willReturn(Mono.just(reauthorizedClient)); OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) - .principal(this.principal).build(); + .principal(this.principal) + .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(reauthorizeRequest) - .subscriberContext(this.context).block(); + .subscriberContext(this.context) + .block(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); verify(this.contextAttributesMapper).apply(eq(reauthorizeRequest)); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); @@ -515,26 +540,29 @@ public class DefaultReactiveOAuth2AuthorizedClientManagerTests { OAuth2AuthorizedClient reauthorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), TestOAuth2AccessTokens.noScopes(), TestOAuth2RefreshTokens.refreshToken()); given(this.authorizedClientProvider.authorize(any(OAuth2AuthorizationContext.class))) - .willReturn(Mono.just(reauthorizedClient)); + .willReturn(Mono.just(reauthorizedClient)); // Override the mock with the default this.authorizedClientManager.setContextAttributesMapper( new DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper()); this.serverWebExchange = MockServerWebExchange - .builder(MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.SCOPE, "read write")).build(); + .builder(MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.SCOPE, "read write")) + .build(); this.context = Context.of(ServerWebExchange.class, this.serverWebExchange); OAuth2AuthorizeRequest reauthorizeRequest = OAuth2AuthorizeRequest.withAuthorizedClient(this.authorizedClient) - .principal(this.principal).build(); + .principal(this.principal) + .build(); this.authorizedClientManager.authorize(reauthorizeRequest).subscriberContext(this.context).block(); verify(this.authorizedClientProvider).authorize(this.authorizationContextCaptor.capture()); OAuth2AuthorizationContext authorizationContext = this.authorizationContextCaptor.getValue(); String[] requestScopeAttribute = authorizationContext - .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); + .getAttribute(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME); assertThat(requestScopeAttribute).contains("read", "write"); } private Mono currentServerWebExchange() { - return Mono.subscriberContext().filter((c) -> c.hasKey(ServerWebExchange.class)) - .map((c) -> c.get(ServerWebExchange.class)); + return Mono.subscriberContext() + .filter((c) -> c.hasKey(ServerWebExchange.class)) + .map((c) -> c.get(ServerWebExchange.class)); } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryAllowMultipleAuthorizationRequestsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryAllowMultipleAuthorizationRequestsTests.java index 2a55a96a3f..8e2380a495 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryAllowMultipleAuthorizationRequestsTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryAllowMultipleAuthorizationRequestsTests.java @@ -59,17 +59,17 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryAllowMultipleAuthori this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest3, request, response); request.addParameter(OAuth2ParameterNames.STATE, state1); OAuth2AuthorizationRequest loadedAuthorizationRequest1 = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest1).isEqualTo(authorizationRequest1); request.removeParameter(OAuth2ParameterNames.STATE); request.addParameter(OAuth2ParameterNames.STATE, state2); OAuth2AuthorizationRequest loadedAuthorizationRequest2 = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest2).isEqualTo(authorizationRequest2); request.removeParameter(OAuth2ParameterNames.STATE); request.addParameter(OAuth2ParameterNames.STATE, state3); OAuth2AuthorizationRequest loadedAuthorizationRequest3 = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest3).isEqualTo(authorizationRequest3); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryDoNotAllowMultipleAuthorizationRequestsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryDoNotAllowMultipleAuthorizationRequestsTests.java index 3c2b7a7139..ddf11c5ce5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryDoNotAllowMultipleAuthorizationRequestsTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryDoNotAllowMultipleAuthorizationRequestsTests.java @@ -59,17 +59,17 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryDoNotAllowMultipleAu this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest3, request, response); request.addParameter(OAuth2ParameterNames.STATE, state1); OAuth2AuthorizationRequest loadedAuthorizationRequest1 = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest1).isNull(); request.removeParameter(OAuth2ParameterNames.STATE); request.addParameter(OAuth2ParameterNames.STATE, state2); OAuth2AuthorizationRequest loadedAuthorizationRequest2 = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest2).isNull(); request.removeParameter(OAuth2ParameterNames.STATE); request.addParameter(OAuth2ParameterNames.STATE, state3); OAuth2AuthorizationRequest loadedAuthorizationRequest3 = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest3).isEqualTo(authorizationRequest3); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java index 4bd6e2e2ce..b464c77797 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java @@ -46,7 +46,7 @@ public abstract class HttpSessionOAuth2AuthorizationRequestRepositoryTests { @Test public void loadAuthorizationRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizationRequestRepository.loadAuthorizationRequest(null)); + .isThrownBy(() -> this.authorizationRequestRepository.loadAuthorizationRequest(null)); } @Test @@ -54,7 +54,7 @@ public abstract class HttpSessionOAuth2AuthorizationRequestRepositoryTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(OAuth2ParameterNames.STATE, "state-1234"); OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); assertThat(authorizationRequest).isNull(); } @@ -66,7 +66,7 @@ public abstract class HttpSessionOAuth2AuthorizationRequestRepositoryTests { this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest); } @@ -83,22 +83,22 @@ public abstract class HttpSessionOAuth2AuthorizationRequestRepositoryTests { public void saveAuthorizationRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() { OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); assertThatIllegalArgumentException().isThrownBy(() -> this.authorizationRequestRepository - .saveAuthorizationRequest(authorizationRequest, null, new MockHttpServletResponse())); + .saveAuthorizationRequest(authorizationRequest, null, new MockHttpServletResponse())); } @Test public void saveAuthorizationRequestWhenHttpServletResponseIsNullThenThrowIllegalArgumentException() { OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build(); assertThatIllegalArgumentException().isThrownBy(() -> this.authorizationRequestRepository - .saveAuthorizationRequest(authorizationRequest, new MockHttpServletRequest(), null)); + .saveAuthorizationRequest(authorizationRequest, new MockHttpServletRequest(), null)); } @Test public void saveAuthorizationRequestWhenStateNullThenThrowIllegalArgumentException() { OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().state(null).build(); assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, - new MockHttpServletRequest(), new MockHttpServletResponse())); + .isThrownBy(() -> this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, + new MockHttpServletRequest(), new MockHttpServletResponse())); } @Test @@ -109,7 +109,7 @@ public abstract class HttpSessionOAuth2AuthorizationRequestRepositoryTests { new MockHttpServletResponse()); request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest); } @@ -122,7 +122,7 @@ public abstract class HttpSessionOAuth2AuthorizationRequestRepositoryTests { new MockHttpServletResponse()); request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest); } @@ -138,7 +138,7 @@ public abstract class HttpSessionOAuth2AuthorizationRequestRepositoryTests { new MockHttpServletResponse()); request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest2.getState()); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest).isEqualTo(authorizationRequest2); } @@ -151,20 +151,20 @@ public abstract class HttpSessionOAuth2AuthorizationRequestRepositoryTests { request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); this.authorizationRequestRepository.saveAuthorizationRequest(null, request, response); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); assertThat(loadedAuthorizationRequest).isNull(); } @Test public void removeAuthorizationRequestWhenHttpServletRequestIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.authorizationRequestRepository - .removeAuthorizationRequest(null, new MockHttpServletResponse())); + .removeAuthorizationRequest(null, new MockHttpServletResponse())); } @Test public void removeAuthorizationRequestWhenHttpServletResponseIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.authorizationRequestRepository - .removeAuthorizationRequest(new MockHttpServletRequest(), null)); + .removeAuthorizationRequest(new MockHttpServletRequest(), null)); } @Test @@ -175,9 +175,9 @@ public abstract class HttpSessionOAuth2AuthorizationRequestRepositoryTests { this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository - .removeAuthorizationRequest(request, response); + .removeAuthorizationRequest(request, response); OAuth2AuthorizationRequest loadedAuthorizationRequest = this.authorizationRequestRepository - .loadAuthorizationRequest(request); + .loadAuthorizationRequest(request); assertThat(removedAuthorizationRequest).isNotNull(); assertThat(loadedAuthorizationRequest).isNull(); } @@ -191,7 +191,7 @@ public abstract class HttpSessionOAuth2AuthorizationRequestRepositoryTests { this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState()); OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository - .removeAuthorizationRequest(request, response); + .removeAuthorizationRequest(request, response); String sessionAttributeName = HttpSessionOAuth2AuthorizationRequestRepository.class.getName() + ".AUTHORIZATION_REQUEST"; assertThat(removedAuthorizationRequest).isNotNull(); @@ -204,13 +204,15 @@ public abstract class HttpSessionOAuth2AuthorizationRequestRepositoryTests { request.addParameter(OAuth2ParameterNames.STATE, "state-1234"); MockHttpServletResponse response = new MockHttpServletResponse(); OAuth2AuthorizationRequest removedAuthorizationRequest = this.authorizationRequestRepository - .removeAuthorizationRequest(request, response); + .removeAuthorizationRequest(request, response); assertThat(removedAuthorizationRequest).isNull(); } protected OAuth2AuthorizationRequest.Builder createAuthorizationRequest() { - return OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize") - .clientId("client-id-1234").state("state-1234"); + return OAuth2AuthorizationRequest.authorizationCode() + .authorizationUri("https://example.com/oauth2/authorize") + .clientId("client-id-1234") + .state("state-1234"); } static class MockDistributedHttpSession extends MockHttpSession { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java index 1054b29beb..e4f36fd0c0 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizedClientRepositoryTests.java @@ -66,7 +66,7 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { @Test public void loadAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientRepository.loadAuthorizedClient(null, null, this.request)); + .isThrownBy(() -> this.authorizedClientRepository.loadAuthorizedClient(null, null, this.request)); } @Test @@ -76,14 +76,14 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { @Test public void loadAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy( - () -> this.authorizedClientRepository.loadAuthorizedClient(this.registrationId1, null, null)); + assertThatIllegalArgumentException() + .isThrownBy(() -> this.authorizedClientRepository.loadAuthorizedClient(this.registrationId1, null, null)); } @Test public void loadAuthorizedClientWhenClientRegistrationNotFoundThenReturnNull() { OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository - .loadAuthorizedClient("registration-not-found", null, this.request); + .loadAuthorizedClient("registration-not-found", null, this.request); assertThat(authorizedClient).isNull(); } @@ -93,7 +93,7 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response); OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository - .loadAuthorizedClient(this.registrationId1, null, this.request); + .loadAuthorizedClient(this.registrationId1, null, this.request); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); } @@ -115,7 +115,7 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1, mock(OAuth2AccessToken.class)); assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientRepository - .saveAuthorizedClient(authorizedClient, null, null, this.response)); + .saveAuthorizedClient(authorizedClient, null, null, this.response)); } @Test @@ -135,7 +135,7 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { assertThat(session).isNotNull(); @SuppressWarnings("unchecked") Map authorizedClients = (Map) session - .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"); + .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"); assertThat(authorizedClients).isNotEmpty(); assertThat(authorizedClients).hasSize(1); assertThat(authorizedClients.values().iterator().next()).isSameAs(authorizedClient); @@ -155,7 +155,7 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { @Test public void removeAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.authorizedClientRepository - .removeAuthorizedClient(this.registrationId1, null, null, this.response)); + .removeAuthorizedClient(this.registrationId1, null, null, this.response)); } @Test @@ -177,7 +177,7 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { // Remove registrationId2 (never added so is not removed either) this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.request, this.response); OAuth2AuthorizedClient loadedAuthorizedClient1 = this.authorizedClientRepository - .loadAuthorizedClient(this.registrationId1, null, this.request); + .loadAuthorizedClient(this.registrationId1, null, this.request); assertThat(loadedAuthorizedClient1).isNotNull(); assertThat(loadedAuthorizedClient1).isSameAs(authorizedClient1); } @@ -188,7 +188,7 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response); OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository - .loadAuthorizedClient(this.registrationId2, null, this.request); + .loadAuthorizedClient(this.registrationId2, null, this.request); assertThat(loadedAuthorizedClient).isSameAs(authorizedClient); this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.request, this.response); loadedAuthorizedClient = this.authorizedClientRepository.loadAuthorizedClient(this.registrationId2, null, @@ -202,14 +202,14 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response); OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository - .loadAuthorizedClient(this.registrationId1, null, this.request); + .loadAuthorizedClient(this.registrationId1, null, this.request); assertThat(loadedAuthorizedClient).isSameAs(authorizedClient); this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.request, this.response); HttpSession session = this.request.getSession(false); assertThat(session).isNotNull(); assertThat(session - .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS")) - .isNull(); + .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS")) + .isNull(); } @Test @@ -222,7 +222,7 @@ public class HttpSessionOAuth2AuthorizedClientRepositoryTests { this.authorizedClientRepository.saveAuthorizedClient(authorizedClient2, null, this.request, this.response); this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.request, this.response); OAuth2AuthorizedClient loadedAuthorizedClient2 = this.authorizedClientRepository - .loadAuthorizedClient(this.registrationId2, null, this.request); + .loadAuthorizedClient(this.registrationId2, null, this.request); assertThat(loadedAuthorizedClient2).isNotNull(); assertThat(loadedAuthorizedClient2).isSameAs(authorizedClient2); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java index dc4b0a0db9..6f365f655c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationCodeGrantFilterTests.java @@ -130,15 +130,15 @@ public class OAuth2AuthorizationCodeGrantFilterTests { @Test public void constructorWhenAuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(this.clientRegistrationRepository, null, - this.authenticationManager)); + .isThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(this.clientRegistrationRepository, null, + this.authenticationManager)); } @Test public void constructorWhenAuthenticationManagerIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(this.clientRegistrationRepository, - this.authorizedClientRepository, null)); + .isThrownBy(() -> new OAuth2AuthorizationCodeGrantFilter(this.clientRegistrationRepository, + this.authorizedClientRepository, null)); } @Test @@ -273,7 +273,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT); given(this.authenticationManager.authenticate(any(Authentication.class))) - .willThrow(new OAuth2AuthorizationException(error)); + .willThrow(new OAuth2AuthorizationException(error)); this.filter.doFilter(authorizationResponse, response, filterChain); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/callback/client-1?error=invalid_grant"); } @@ -288,7 +288,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { this.setUpAuthenticationResult(this.registration1); this.filter.doFilter(authorizationResponse, response, filterChain); OAuth2AuthorizedClient authorizedClient = this.authorizedClientService - .loadAuthorizedClient(this.registration1.getRegistrationId(), this.principalName1); + .loadAuthorizedClient(this.registration1.getRegistrationId(), this.principalName1); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName1); @@ -318,7 +318,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { this.setUpAuthenticationResult(this.registration1); SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class); given(strategy.getContext()) - .willReturn(new SecurityContextImpl(new TestingAuthenticationToken("user", "password"))); + .willReturn(new SecurityContextImpl(new TestingAuthenticationToken("user", "password"))); this.filter.setSecurityContextHolderStrategy(strategy); this.filter.doFilter(authorizationResponse, response, filterChain); verify(strategy).getContext(); @@ -375,8 +375,8 @@ public class OAuth2AuthorizationCodeGrantFilterTests { this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1); this.setUpAuthenticationResult(this.registration1); this.filter.doFilter(authorizationResponse, response, filterChain); - OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository.loadAuthorizedClient( - this.registration1.getRegistrationId(), anonymousPrincipal, authorizationResponse); + OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository + .loadAuthorizedClient(this.registration1.getRegistrationId(), anonymousPrincipal, authorizationResponse); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1); assertThat(authorizedClient.getPrincipalName()).isEqualTo(anonymousPrincipal.getName()); @@ -385,7 +385,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { assertThat(session).isNotNull(); @SuppressWarnings("unchecked") Map authorizedClients = (Map) session - .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"); + .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"); assertThat(authorizedClients).isNotEmpty(); assertThat(authorizedClients).hasSize(1); assertThat(authorizedClients.values().iterator().next()).isSameAs(authorizedClient); @@ -404,7 +404,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { this.setUpAuthenticationResult(this.registration1); this.filter.doFilter(authorizationResponse, response, filterChain); OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository - .loadAuthorizedClient(this.registration1.getRegistrationId(), null, authorizationResponse); + .loadAuthorizedClient(this.registration1.getRegistrationId(), null, authorizationResponse); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1); assertThat(authorizedClient.getPrincipalName()).isEqualTo("anonymousUser"); @@ -413,7 +413,7 @@ public class OAuth2AuthorizationCodeGrantFilterTests { assertThat(session).isNotNull(); @SuppressWarnings("unchecked") Map authorizedClients = (Map) session - .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"); + .getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"); assertThat(authorizedClients).isNotEmpty(); assertThat(authorizedClients).hasSize(1); assertThat(authorizedClients.values().iterator().next()).isSameAs(authorizedClient); @@ -429,8 +429,10 @@ public class OAuth2AuthorizationCodeGrantFilterTests { request.setServletPath(requestUri); if (!CollectionUtils.isEmpty(parameters)) { parameters.forEach(request::addParameter); - request.setQueryString(parameters.entrySet().stream().map((e) -> e.getKey() + "=" + e.getValue()) - .collect(Collectors.joining("&"))); + request.setQueryString(parameters.entrySet() + .stream() + .map((e) -> e.getKey() + "=" + e.getValue()) + .collect(Collectors.joining("&"))); } return request; } @@ -448,8 +450,11 @@ public class OAuth2AuthorizationCodeGrantFilterTests { authorizationResponse.addParameter(OAuth2ParameterNames.CODE, "code"); authorizationResponse.addParameter(OAuth2ParameterNames.STATE, "state"); additionalParameters.forEach(authorizationResponse::addParameter); - authorizationResponse.setQueryString(authorizationResponse.getParameterMap().entrySet().stream() - .map((e) -> e.getKey() + "=" + e.getValue()[0]).collect(Collectors.joining("&"))); + authorizationResponse.setQueryString(authorizationResponse.getParameterMap() + .entrySet() + .stream() + .map((e) -> e.getKey() + "=" + e.getValue()[0]) + .collect(Collectors.joining("&"))); authorizationResponse.setSession(authorizationRequest.getSession()); return authorizationResponse; } @@ -459,7 +464,9 @@ public class OAuth2AuthorizationCodeGrantFilterTests { Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, registration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .attributes(attributes).redirectUri(UrlUtils.buildFullRequestUrl(request)).build(); + .attributes(attributes) + .redirectUri(UrlUtils.buildFullRequestUrl(request)) + .build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java index a8b92dd67b..f12c9c2026 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java @@ -105,8 +105,8 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { @Test public void constructorWhenAuthorizationRequestBaseUriIsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy( - () -> new OAuth2AuthorizationRequestRedirectFilter(this.clientRegistrationRepository, null)); + assertThatIllegalArgumentException() + .isThrownBy(() -> new OAuth2AuthorizationRequestRedirectFilter(this.clientRegistrationRepository, null)); } @Test @@ -246,7 +246,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); willThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).given(filterChain) - .doFilter(any(ServletRequest.class), any(ServletResponse.class)); + .doFilter(any(ServletRequest.class), any(ServletResponse.class)); this.filter.doFilter(request, response, filterChain); verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" @@ -264,7 +264,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); willThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).given(filterChain) - .doFilter(any(ServletRequest.class), any(ServletResponse.class)); + .doFilter(any(ServletRequest.class), any(ServletResponse.class)); OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class); OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver); filter.doFilter(request, response, filterChain); @@ -290,8 +290,9 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI); OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class); OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest - .from(defaultAuthorizationRequestResolver.resolve(request)) - .additionalParameters(Collections.singletonMap("idp", request.getParameter("idp"))).build(); + .from(defaultAuthorizationRequestResolver.resolve(request)) + .additionalParameters(Collections.singletonMap("idp", request.getParameter("idp"))) + .build(); given(resolver.resolve(any())).willReturn(result); OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver); filter.doFilter(request, response, filterChain); @@ -365,9 +366,9 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value()); assertThat(response.getContentType()).isEqualTo(MediaType.TEXT_PLAIN_VALUE); assertThat(response.getContentAsString(StandardCharsets.UTF_8)) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=read:user&state=.{15,}&" - + "redirect_uri=http://localhost/login/oauth2/code/registration-id"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=read:user&state=.{15,}&" + + "redirect_uri=http://localhost/login/oauth2/code/registration-id"); } // gh-11602 @@ -381,9 +382,10 @@ public class OAuth2AuthorizationRequestRedirectFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); willAnswer((invocation) -> assertThat((invocation.getArgument(1)).isCommitted()).isFalse()) - .given(this.requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); + .given(this.requestCache) + .saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); willThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).given(filterChain) - .doFilter(any(ServletRequest.class), any(ServletResponse.class)); + .doFilter(any(ServletRequest.class), any(ServletResponse.class)); this.filter.doFilter(request, response, filterChain); assertThat(response.isCommitted()).isTrue(); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java index 84b3d4b938..7745acff17 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java @@ -126,28 +126,28 @@ public class OAuth2LoginAuthenticationFilterTests { @Test public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2LoginAuthenticationFilter(null, this.authorizedClientService)); + .isThrownBy(() -> new OAuth2LoginAuthenticationFilter(null, this.authorizedClientService)); } @Test public void constructorWhenAuthorizedClientServiceIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, null)); + .isThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, null)); } @Test public void constructorWhenAuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, - (OAuth2AuthorizedClientRepository) null, - OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI)); + .isThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, + (OAuth2AuthorizedClientRepository) null, + OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI)); } @Test public void constructorWhenFilterProcessesUrlIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, - this.authorizedClientRepository, null)); + .isThrownBy(() -> new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, + this.authorizedClientRepository, null)); } @Test @@ -186,12 +186,12 @@ public class OAuth2LoginAuthenticationFilterTests { FilterChain filterChain = mock(FilterChain.class); this.filter.doFilter(request, response, filterChain); ArgumentCaptor authenticationExceptionArgCaptor = ArgumentCaptor - .forClass(AuthenticationException.class); + .forClass(AuthenticationException.class); verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture()); assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class); OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor - .getValue(); + .getValue(); assertThat(authenticationException.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_REQUEST); } @@ -207,12 +207,12 @@ public class OAuth2LoginAuthenticationFilterTests { FilterChain filterChain = mock(FilterChain.class); this.filter.doFilter(request, response, filterChain); ArgumentCaptor authenticationExceptionArgCaptor = ArgumentCaptor - .forClass(AuthenticationException.class); + .forClass(AuthenticationException.class); verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture()); assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class); OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor - .getValue(); + .getValue(); assertThat(authenticationException.getError().getErrorCode()).isEqualTo("authorization_request_not_found"); } @@ -246,12 +246,12 @@ public class OAuth2LoginAuthenticationFilterTests { this.setUpAuthorizationRequest(request, response, registrationNotFound, state); this.filter.doFilter(request, response, filterChain); ArgumentCaptor authenticationExceptionArgCaptor = ArgumentCaptor - .forClass(AuthenticationException.class); + .forClass(AuthenticationException.class); verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture()); assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class); OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor - .getValue(); + .getValue(); assertThat(authenticationException.getError().getErrorCode()).isEqualTo("client_registration_not_found"); } @@ -285,7 +285,7 @@ public class OAuth2LoginAuthenticationFilterTests { this.setUpAuthenticationResult(this.registration1); this.filter.doFilter(request, response, filterChain); OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository - .loadAuthorizedClient(this.registration1.getRegistrationId(), this.loginAuthentication, request); + .loadAuthorizedClient(this.registration1.getRegistrationId(), this.loginAuthentication, request); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName1); @@ -335,11 +335,11 @@ public class OAuth2LoginAuthenticationFilterTests { ArgumentCaptor authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture()); OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor - .getValue(); + .getValue(); OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange() - .getAuthorizationRequest(); + .getAuthorizationRequest(); OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange() - .getAuthorizationResponse(); + .getAuthorizationResponse(); String expectedRedirectUri = "http://localhost/login/oauth2/code/registration-id-2"; assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri); assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri); @@ -366,11 +366,11 @@ public class OAuth2LoginAuthenticationFilterTests { ArgumentCaptor authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture()); OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor - .getValue(); + .getValue(); OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange() - .getAuthorizationRequest(); + .getAuthorizationRequest(); OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange() - .getAuthorizationResponse(); + .getAuthorizationResponse(); String expectedRedirectUri = "https://example.com/login/oauth2/code/registration-id-2"; assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri); assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri); @@ -397,11 +397,11 @@ public class OAuth2LoginAuthenticationFilterTests { ArgumentCaptor authenticationArgCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.authenticationManager).authenticate(authenticationArgCaptor.capture()); OAuth2LoginAuthenticationToken authentication = (OAuth2LoginAuthenticationToken) authenticationArgCaptor - .getValue(); + .getValue(); OAuth2AuthorizationRequest authorizationRequest = authentication.getAuthorizationExchange() - .getAuthorizationRequest(); + .getAuthorizationRequest(); OAuth2AuthorizationResponse authorizationResponse = authentication.getAuthorizationExchange() - .getAuthorizationResponse(); + .getAuthorizationResponse(); String expectedRedirectUri = "https://example.com:9090/login/oauth2/code/registration-id-2"; assertThat(authorizationRequest.getRedirectUri()).isEqualTo(expectedRedirectUri); assertThat(authorizationResponse.getRedirectUri()).isEqualTo(expectedRedirectUri); @@ -465,21 +465,29 @@ public class OAuth2LoginAuthenticationFilterTests { Map attributes = new HashMap<>(); attributes.put(OAuth2ParameterNames.REGISTRATION_ID, registration.getRegistrationId()); OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() - .authorizationUri(registration.getProviderDetails().getAuthorizationUri()) - .clientId(registration.getClientId()).redirectUri(expandRedirectUri(request, registration)) - .scopes(registration.getScopes()).state(state).attributes(attributes).build(); + .authorizationUri(registration.getProviderDetails().getAuthorizationUri()) + .clientId(registration.getClientId()) + .redirectUri(expandRedirectUri(request, registration)) + .scopes(registration.getScopes()) + .state(state) + .attributes(attributes) + .build(); this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response); } private String expandRedirectUri(HttpServletRequest request, ClientRegistration clientRegistration) { - String baseUrl = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)).replaceQuery(null) - .replacePath(request.getContextPath()).build().toUriString(); + String baseUrl = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)) + .replaceQuery(null) + .replacePath(request.getContextPath()) + .build() + .toUriString(); Map uriVariables = new HashMap<>(); uriVariables.put("baseUrl", baseUrl); uriVariables.put("action", "login"); uriVariables.put("registrationId", clientRegistration.getRegistrationId()); - return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()).buildAndExpand(uriVariables) - .toUriString(); + return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri()) + .buildAndExpand(uriVariables) + .toUriString(); } private void setUpAuthenticationResult(ClientRegistration registration) { @@ -491,7 +499,7 @@ public class OAuth2LoginAuthenticationFilterTests { given(this.loginAuthentication.getAuthorities()).willReturn(AuthorityUtils.createAuthorityList("ROLE_USER")); given(this.loginAuthentication.getClientRegistration()).willReturn(registration); given(this.loginAuthentication.getAuthorizationExchange()) - .willReturn(TestOAuth2AuthorizationExchanges.success()); + .willReturn(TestOAuth2AuthorizationExchanges.success()); given(this.loginAuthentication.getAccessToken()).willReturn(mock(OAuth2AccessToken.class)); given(this.loginAuthentication.getRefreshToken()).willReturn(mock(OAuth2RefreshToken.class)); given(this.loginAuthentication.isAuthenticated()).willReturn(true); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java index 70d33b1865..3025db193f 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java @@ -143,7 +143,10 @@ public class OAuth2AuthorizedClientArgumentResolverTests { this.registration2, this.registration3); this.authorizedClientRepository = mock(OAuth2AuthorizedClientRepository.class); OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder() - .authorizationCode().refreshToken().clientCredentials().build(); + .authorizationCode() + .refreshToken() + .clientCredentials() + .build(); DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager( this.clientRegistrationRepository, this.authorizedClientRepository); authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider); @@ -151,11 +154,13 @@ public class OAuth2AuthorizedClientArgumentResolverTests { this.authorizedClient1 = new OAuth2AuthorizedClient(this.registration1, this.principalName, mock(OAuth2AccessToken.class)); given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.registration1.getRegistrationId()), - any(Authentication.class), any(HttpServletRequest.class))).willReturn(this.authorizedClient1); + any(Authentication.class), any(HttpServletRequest.class))) + .willReturn(this.authorizedClient1); this.authorizedClient2 = new OAuth2AuthorizedClient(this.registration2, this.principalName, mock(OAuth2AccessToken.class)); given(this.authorizedClientRepository.loadAuthorizedClient(eq(this.registration2.getRegistrationId()), - any(Authentication.class), any(HttpServletRequest.class))).willReturn(this.authorizedClient2); + any(Authentication.class), any(HttpServletRequest.class))) + .willReturn(this.authorizedClient2); this.request = new MockHttpServletRequest(); this.response = new MockHttpServletResponse(); } @@ -168,13 +173,13 @@ public class OAuth2AuthorizedClientArgumentResolverTests { @Test public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null, this.authorizedClientRepository)); + .isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null, this.authorizedClientRepository)); } @Test public void constructorWhenOAuth2AuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(this.clientRegistrationRepository, null)); + .isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(this.clientRegistrationRepository, null)); } @Test @@ -185,19 +190,19 @@ public class OAuth2AuthorizedClientArgumentResolverTests { @Test public void setClientCredentialsTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.argumentResolver.setClientCredentialsTokenResponseClient(null)) - .withMessage("clientCredentialsTokenResponseClient cannot be null"); + .isThrownBy(() -> this.argumentResolver.setClientCredentialsTokenResponseClient(null)) + .withMessage("clientCredentialsTokenResponseClient cannot be null"); } @Test public void setClientCredentialsTokenResponseClientWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() { assertThatIllegalStateException() - .isThrownBy(() -> this.argumentResolver - .setClientCredentialsTokenResponseClient(new DefaultClientCredentialsTokenResponseClient())) - .withMessage("The client cannot be set when the constructor used is " - + "\"OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)\". " - + "Instead, use the constructor \"OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository, " - + "OAuth2AuthorizedClientRepository)\"."); + .isThrownBy(() -> this.argumentResolver + .setClientCredentialsTokenResponseClient(new DefaultClientCredentialsTokenResponseClient())) + .withMessage("The client cannot be set when the constructor used is " + + "\"OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)\". " + + "Instead, use the constructor \"OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository, " + + "OAuth2AuthorizedClientRepository)\"."); } @Test @@ -231,10 +236,10 @@ public class OAuth2AuthorizedClientArgumentResolverTests { public void resolveArgumentWhenRegistrationIdEmptyAndNotOAuth2AuthenticationThenThrowIllegalArgumentException() { MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class); assertThatIllegalArgumentException() - .isThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, null, null)) - .withMessage("Unable to resolve the Client Registration Identifier. It must be provided via " - + "@RegisteredOAuth2AuthorizedClient(\"client1\") or " - + "@RegisteredOAuth2AuthorizedClient(registrationId = \"client1\")."); + .isThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, null, null)) + .withMessage("Unable to resolve the Client Registration Identifier. It must be provided via " + + "@RegisteredOAuth2AuthorizedClient(\"client1\") or " + + "@RegisteredOAuth2AuthorizedClient(registrationId = \"client1\")."); } @Test @@ -246,7 +251,8 @@ public class OAuth2AuthorizedClientArgumentResolverTests { SecurityContextHolder.setContext(securityContext); MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class); assertThat(this.argumentResolver.resolveArgument(methodParameter, null, - new ServletWebRequest(this.request, this.response), null)).isSameAs(this.authorizedClient1); + new ServletWebRequest(this.request, this.response), null)) + .isSameAs(this.authorizedClient1); } @Test @@ -254,7 +260,8 @@ public class OAuth2AuthorizedClientArgumentResolverTests { MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class); assertThat(this.argumentResolver.resolveArgument(methodParameter, null, - new ServletWebRequest(this.request, this.response), null)).isSameAs(this.authorizedClient1); + new ServletWebRequest(this.request, this.response), null)) + .isSameAs(this.authorizedClient1); } @Test @@ -265,7 +272,8 @@ public class OAuth2AuthorizedClientArgumentResolverTests { MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class); assertThat(this.argumentResolver.resolveArgument(methodParameter, null, - new ServletWebRequest(this.request, this.response), null)).isSameAs(this.authorizedClient1); + new ServletWebRequest(this.request, this.response), null)) + .isSameAs(this.authorizedClient1); verify(strategy, atLeastOnce()).getContext(); } @@ -274,19 +282,19 @@ public class OAuth2AuthorizedClientArgumentResolverTests { MethodParameter methodParameter = this.getMethodParameter("registrationIdInvalid", OAuth2AuthorizedClient.class); assertThatIllegalArgumentException() - .isThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, - new ServletWebRequest(this.request, this.response), null)) - .withMessage("Could not find ClientRegistration with id 'invalid'"); + .isThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, + new ServletWebRequest(this.request, this.response), null)) + .withMessage("Could not find ClientRegistration with id 'invalid'"); } @Test public void resolveArgumentWhenAuthorizedClientNotFoundForAuthorizationCodeClientThenThrowClientAuthorizationRequiredException() { given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class))) - .willReturn(null); + .willReturn(null); MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class); assertThatExceptionOfType(ClientAuthorizationRequiredException.class).isThrownBy(() -> this.argumentResolver - .resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null)); + .resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null)); } @SuppressWarnings("unchecked") @@ -302,14 +310,16 @@ public class OAuth2AuthorizedClientArgumentResolverTests { authorizedClientManager.setAuthorizedClientProvider(clientCredentialsAuthorizedClientProvider); this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") - .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .expiresIn(3600) + .build(); given(clientCredentialsTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class))) - .willReturn(null); + .willReturn(null); MethodParameter methodParameter = this.getMethodParameter("clientCredentialsClient", OAuth2AuthorizedClient.class); OAuth2AuthorizedClient authorizedClient = (OAuth2AuthorizedClient) this.argumentResolver - .resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null); + .resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isSameAs(this.registration2); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName); @@ -343,15 +353,17 @@ public class OAuth2AuthorizedClientArgumentResolverTests { }); this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") - .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .expiresIn(3600) + .build(); given(passwordTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any(HttpServletRequest.class))) - .willReturn(null); + .willReturn(null); MethodParameter methodParameter = this.getMethodParameter("passwordClient", OAuth2AuthorizedClient.class); this.request.setParameter(OAuth2ParameterNames.USERNAME, "username"); this.request.setParameter(OAuth2ParameterNames.PASSWORD, "password"); OAuth2AuthorizedClient authorizedClient = (OAuth2AuthorizedClient) this.argumentResolver - .resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null); + .resolveArgument(methodParameter, null, new ServletWebRequest(this.request, this.response), null); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isSameAs(this.registration3); assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principalName); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java index 7e86f68ce2..7e4d1028ec 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionITests.java @@ -145,10 +145,11 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl) - .build(); + ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials() + .tokenUri(this.serverUrl) + .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(clientRegistration)); + .willReturn(Mono.just(clientRegistration)); // @formatter:off this.webClient.get() .uri(this.serverUrl) @@ -162,7 +163,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { // @formatter:on assertThat(this.server.getRequestCount()).isEqualTo(2); ArgumentCaptor authorizedClientCaptor = ArgumentCaptor - .forClass(OAuth2AuthorizedClient.class); + .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), eq(this.authentication), eq(this.exchange)); assertThat(authorizedClientCaptor.getValue().getClientRegistration()).isSameAs(clientRegistration); @@ -183,10 +184,11 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl) - .build(); + ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() + .tokenUri(this.serverUrl) + .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(clientRegistration)); + .willReturn(Mono.just(clientRegistration)); Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant expiresAt = issuedAt.plus(Duration.ofHours(1)); OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, @@ -194,17 +196,21 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, this.authentication.getName(), accessToken, refreshToken); - doReturn(Mono.just(authorizedClient)).when(this.authorizedClientRepository).loadAuthorizedClient( - eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.exchange)); - this.webClient.get().uri(this.serverUrl) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .clientRegistrationId(clientRegistration.getRegistrationId())) - .retrieve().bodyToMono(String.class) - .subscriberContext(Context.of(ServerWebExchange.class, this.exchange)) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block(); + doReturn(Mono.just(authorizedClient)).when(this.authorizedClientRepository) + .loadAuthorizedClient(eq(clientRegistration.getRegistrationId()), eq(this.authentication), + eq(this.exchange)); + this.webClient.get() + .uri(this.serverUrl) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .clientRegistrationId(clientRegistration.getRegistrationId())) + .retrieve() + .bodyToMono(String.class) + .subscriberContext(Context.of(ServerWebExchange.class, this.exchange)) + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)) + .block(); assertThat(this.server.getRequestCount()).isEqualTo(2); ArgumentCaptor authorizedClientCaptor = ArgumentCaptor - .forClass(OAuth2AuthorizedClient.class); + .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), eq(this.authentication), eq(this.exchange)); OAuth2AuthorizedClient refreshedAuthorizedClient = authorizedClientCaptor.getValue(); @@ -229,17 +235,21 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { // Client 1 this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials().registrationId("client-1") - .tokenUri(this.serverUrl).build(); + ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials() + .registrationId("client-1") + .tokenUri(this.serverUrl) + .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId()))) - .willReturn(Mono.just(clientRegistration1)); + .willReturn(Mono.just(clientRegistration1)); // Client 2 this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials().registrationId("client-2") - .tokenUri(this.serverUrl).build(); + ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials() + .registrationId("client-2") + .tokenUri(this.serverUrl) + .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId()))) - .willReturn(Mono.just(clientRegistration2)); + .willReturn(Mono.just(clientRegistration2)); // @formatter:off this.webClient.get() .uri(this.serverUrl) @@ -260,7 +270,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { // @formatter:on assertThat(this.server.getRequestCount()).isEqualTo(4); ArgumentCaptor authorizedClientCaptor = ArgumentCaptor - .forClass(OAuth2AuthorizedClient.class); + .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository, times(2)).saveAuthorizedClient(authorizedClientCaptor.capture(), eq(this.authentication), eq(this.exchange)); assertThat(authorizedClientCaptor.getAllValues().get(0).getClientRegistration()).isSameAs(clientRegistration1); @@ -288,17 +298,19 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { this.server.enqueue(new MockResponse().setResponseCode(HttpStatus.UNAUTHORIZED.value())); this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl) - .build(); + ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials() + .tokenUri(this.serverUrl) + .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) - .willReturn(Mono.just(clientRegistration)); + .willReturn(Mono.just(clientRegistration)); OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("read", "write"); OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, this.authentication.getName(), accessToken, refreshToken); - doReturn(Mono.just(authorizedClient)).doReturn(Mono.empty()).when(this.authorizedClientRepository) - .loadAuthorizedClient(eq(clientRegistration.getRegistrationId()), eq(this.authentication), - eq(this.exchange)); + doReturn(Mono.just(authorizedClient)).doReturn(Mono.empty()) + .when(this.authorizedClientRepository) + .loadAuthorizedClient(eq(clientRegistration.getRegistrationId()), eq(this.authentication), + eq(this.exchange)); // @formatter:off Mono requestMono = this.webClient.get() .uri(this.serverUrl) @@ -323,7 +335,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionITests { requestMono.block(); assertThat(this.server.getRequestCount()).isEqualTo(3); ArgumentCaptor authorizedClientCaptor = ArgumentCaptor - .forClass(OAuth2AuthorizedClient.class); + .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), eq(this.authentication), eq(this.exchange)); assertThat(authorizedClientCaptor.getValue().getClientRegistration()).isSameAs(clientRegistration); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java index 740a888325..b842630286 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunctionTests.java @@ -206,32 +206,33 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void constructorWhenAuthorizedClientManagerIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new ServerOAuth2AuthorizedClientExchangeFilterFunction(null)); + .isThrownBy(() -> new ServerOAuth2AuthorizedClientExchangeFilterFunction(null)); } @Test public void setClientCredentialsTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.function.setClientCredentialsTokenResponseClient(null)) - .withMessage("clientCredentialsTokenResponseClient cannot be null"); + .isThrownBy(() -> this.function.setClientCredentialsTokenResponseClient(null)) + .withMessage("clientCredentialsTokenResponseClient cannot be null"); } @Test public void setClientCredentialsTokenResponseClientWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() { assertThatIllegalStateException() - .isThrownBy(() -> this.function.setClientCredentialsTokenResponseClient( - new WebClientReactiveClientCredentialsTokenResponseClient())) - .withMessage( - "The client cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". " - + "Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\"."); + .isThrownBy(() -> this.function + .setClientCredentialsTokenResponseClient(new WebClientReactiveClientCredentialsTokenResponseClient())) + .withMessage( + "The client cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". " + + "Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\"."); } @Test public void setAccessTokenExpiresSkewWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() { assertThatIllegalStateException() - .isThrownBy(() -> this.function.setAccessTokenExpiresSkew(Duration.ofSeconds(30))).withMessage( - "The accessTokenExpiresSkew cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". " - + "Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\"."); + .isThrownBy(() -> this.function.setAccessTokenExpiresSkew(Duration.ofSeconds(30))) + .withMessage( + "The accessTokenExpiresSkew cannot be set when the constructor used is \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)\". " + + "Instead, use the constructor \"ServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\"."); } @Test @@ -246,14 +247,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .build(); + .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .build(); // @formatter:off this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()) .block(); // @formatter:on assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Bearer " + this.accessToken.getTokenValue()); + .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } @Test @@ -282,7 +283,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { .build(); // @formatter:on given(this.clientCredentialsTokenResponseClient.getTokenResponse(any())) - .willReturn(Mono.just(accessTokenResponse)); + .willReturn(Mono.just(accessTokenResponse)); ClientRegistration registration = TestClientRegistrations.clientCredentials().build(); Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); @@ -340,7 +341,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenRefreshRequiredThenRefresh() { setupMocks(); OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1") - .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .expiresIn(3600) + .refreshToken("refresh-1") + .build(); given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(response)); Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); @@ -380,7 +384,10 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenRefreshRequiredAndEmptyReactiveSecurityContextThenSaved() { setupMocks(); OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1") - .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .expiresIn(3600) + .refreshToken("refresh-1") + .build(); given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(response)); Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); @@ -412,7 +419,9 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { public void filterWhenJwtBearerClientNotAuthorizedThenExchangeToken() { setupMocks(); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("exchanged-token") - .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .expiresIn(360) + .build(); given(this.jwtBearerTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); // @formatter:off ClientRegistration registration = ClientRegistration.withRegistrationId("jwt-bearer") @@ -425,19 +434,21 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { .build(); // @formatter:on given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))) - .willReturn(Mono.just(registration)); + .willReturn(Mono.just(registration)); Jwt jwtAssertion = TestJwts.jwt().build(); Authentication jwtAuthentication = new TestingAuthenticationToken(jwtAssertion, jwtAssertion); given(this.authorizedClientRepository.loadAuthorizedClient(eq(registration.getRegistrationId()), - eq(jwtAuthentication), any())).willReturn(Mono.empty()); + eq(jwtAuthentication), any())) + .willReturn(Mono.empty()); // @formatter:off ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId(registration.getRegistrationId())) .build(); // @formatter:on this.function.filter(request, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(jwtAuthentication)) - .subscriberContext(serverWebExchange()).block(); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(jwtAuthentication)) + .subscriberContext(serverWebExchange()) + .block(); verify(this.jwtBearerTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).loadAuthorizedClient(eq(registration.getRegistrationId()), eq(jwtAuthentication), any()); @@ -500,7 +511,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) - .willReturn(publisherProbe.mono()); + .willReturn(publisherProbe.mono()); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); @@ -515,15 +526,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); assertThat(this.authorizationExceptionCaptor.getValue()) - .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { - assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); - assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token"); - assertThat(ex).hasNoCause(); - assertThat(ex).hasMessageContaining("[invalid_token]"); - }); + .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { + assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); + assertThat(ex.getError().getErrorCode()).isEqualTo("invalid_token"); + assertThat(ex).hasNoCause(); + assertThat(ex).hasMessageContaining("[invalid_token]"); + }); assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class); assertThat(this.attributesCaptor.getValue()) - .containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange)); + .containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange)); } @Test @@ -531,7 +542,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) - .willReturn(publisherProbe.mono()); + .willReturn(publisherProbe.mono()); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); @@ -566,7 +577,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { // @formatter:on assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class); assertThat(this.attributesCaptor.getValue()) - .containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange)); + .containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange)); } @Test @@ -575,7 +586,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) - .willReturn(publisherProbe.mono()); + .willReturn(publisherProbe.mono()); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); @@ -590,15 +601,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); assertThat(this.authorizationExceptionCaptor.getValue()) - .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { - assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); - assertThat(ex.getError().getErrorCode()).isEqualTo("insufficient_scope"); - assertThat(ex).hasNoCause(); - assertThat(ex).hasMessageContaining("[insufficient_scope]"); - }); + .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { + assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); + assertThat(ex.getError().getErrorCode()).isEqualTo("insufficient_scope"); + assertThat(ex).hasNoCause(); + assertThat(ex).hasMessageContaining("[insufficient_scope]"); + }); assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class); assertThat(this.attributesCaptor.getValue()) - .containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange)); + .containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange)); } @Test @@ -606,13 +617,13 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) - .willReturn(publisherProbe.mono()); + .willReturn(publisherProbe.mono()); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .build(); + .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .build(); WebClientResponseException exception = WebClientResponseException.create(HttpStatus.FORBIDDEN.value(), HttpStatus.FORBIDDEN.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8); ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception); @@ -629,15 +640,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); assertThat(this.authorizationExceptionCaptor.getValue()) - .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { - assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); - assertThat(ex.getError().getErrorCode()).isEqualTo("insufficient_scope"); - assertThat(ex).hasCause(exception); - assertThat(ex).hasMessageContaining("[insufficient_scope]"); - }); + .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { + assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); + assertThat(ex.getError().getErrorCode()).isEqualTo("insufficient_scope"); + assertThat(ex).hasCause(exception); + assertThat(ex).hasMessageContaining("[insufficient_scope]"); + }); assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class); assertThat(this.attributesCaptor.getValue()) - .containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange)); + .containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange)); } @Test @@ -645,37 +656,37 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) - .willReturn(publisherProbe.mono()); + .willReturn(publisherProbe.mono()); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .build(); + .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .build(); String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", " + "error_description=\"The request requires higher privileges than provided by the access token.\", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""; ClientResponse.Headers headers = mock(ClientResponse.Headers.class); given(headers.header(eq(HttpHeaders.WWW_AUTHENTICATE))) - .willReturn(Collections.singletonList(wwwAuthenticateHeader)); + .willReturn(Collections.singletonList(wwwAuthenticateHeader)); given(this.exchange.getResponse().headers()).willReturn(headers); this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); assertThat(publisherProbe.wasSubscribed()).isTrue(); verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); assertThat(this.authorizationExceptionCaptor.getValue()) - .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { - assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); - assertThat(ex.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INSUFFICIENT_SCOPE); - assertThat(ex.getError().getDescription()) - .isEqualTo("The request requires higher privileges than provided by the access token."); - assertThat(ex.getError().getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1"); - assertThat(ex).hasNoCause(); - assertThat(ex).hasMessageContaining(OAuth2ErrorCodes.INSUFFICIENT_SCOPE); - }); + .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { + assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); + assertThat(ex.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INSUFFICIENT_SCOPE); + assertThat(ex.getError().getDescription()) + .isEqualTo("The request requires higher privileges than provided by the access token."); + assertThat(ex.getError().getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1"); + assertThat(ex).hasNoCause(); + assertThat(ex).hasMessageContaining(OAuth2ErrorCodes.INSUFFICIENT_SCOPE); + }); assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class); assertThat(this.attributesCaptor.getValue()) - .containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange)); + .containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange)); } @Test @@ -683,26 +694,28 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); PublisherProbe publisherProbe = PublisherProbe.empty(); given(this.authorizationFailureHandler.onAuthorizationFailure(any(), any(), any())) - .willReturn(publisherProbe.mono()); + .willReturn(publisherProbe.mono()); OAuth2RefreshToken refreshToken = new OAuth2RefreshToken("refresh-token", this.accessToken.getIssuedAt()); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .build(); + .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .build(); OAuth2AuthorizationException exception = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, null, null)); ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception); - assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> this.function - .filter(request, throwingExchangeFunction).subscriberContext(serverWebExchange()).block()) - .isEqualTo(exception); + assertThatExceptionOfType(OAuth2AuthorizationException.class) + .isThrownBy(() -> this.function.filter(request, throwingExchangeFunction) + .subscriberContext(serverWebExchange()) + .block()) + .isEqualTo(exception); assertThat(publisherProbe.wasSubscribed()).isTrue(); verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); assertThat(this.authorizationExceptionCaptor.getValue()).isSameAs(exception); assertThat(this.authenticationCaptor.getValue()).isInstanceOf(AnonymousAuthenticationToken.class); assertThat(this.attributesCaptor.getValue()) - .containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange)); + .containsExactly(entry(ServerWebExchange.class.getName(), this.serverWebExchange)); } @Test @@ -713,8 +726,8 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .build(); + .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .build(); given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.BAD_REQUEST.value()); this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); verify(this.authorizationFailureHandler, never()).onAuthorizationFailure(any(), any(), any()); @@ -726,12 +739,15 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { TestingAuthenticationToken authentication = new TestingAuthenticationToken("test", "this"); ClientRegistration registration = TestClientRegistrations.password().build(); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token") - .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .expiresIn(360) + .build(); given(this.passwordTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse)); given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))) - .willReturn(Mono.just(registration)); + .willReturn(Mono.just(registration)); given(this.authorizedClientRepository.loadAuthorizedClient(eq(registration.getRegistrationId()), - eq(authentication), any())).willReturn(Mono.empty()); + eq(authentication), any())) + .willReturn(Mono.empty()); // Set custom contextAttributesMapper capable of mapping the form parameters this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> { ServerWebExchange serverWebExchange = authorizeRequest.getAttribute(ServerWebExchange.class.getName()); @@ -746,16 +762,19 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { return contextAttributes; }); }); - this.serverWebExchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/") - .contentType(MediaType.APPLICATION_FORM_URLENCODED).body("username=username&password=password")) - .build(); + this.serverWebExchange = MockServerWebExchange + .builder(MockServerHttpRequest.post("/") + .contentType(MediaType.APPLICATION_FORM_URLENCODED) + .body("username=username&password=password")) + .build(); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction - .clientRegistrationId(registration.getRegistrationId())) - .build(); + .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction + .clientRegistrationId(registration.getRegistrationId())) + .build(); this.function.filter(request, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) - .subscriberContext(serverWebExchange()).block(); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) + .subscriberContext(serverWebExchange()) + .block(); verify(this.passwordTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(authentication), any()); List requests = this.exchange.getRequests(); @@ -773,11 +792,11 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())) - .willReturn(Mono.just(authorizedClient)); + .willReturn(Mono.just(authorizedClient)); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction - .clientRegistrationId(this.registration.getRegistrationId())) - .build(); + .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction + .clientRegistrationId(this.registration.getRegistrationId())) + .build(); this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); @@ -795,7 +814,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())) - .willReturn(Mono.just(authorizedClient)); + .willReturn(Mono.just(authorizedClient)); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); this.function.filter(request, this.exchange).subscriberContext(serverWebExchange()).block(); List requests = this.exchange.getRequests(); @@ -814,15 +833,16 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())) - .willReturn(Mono.just(authorizedClient)); + .willReturn(Mono.just(authorizedClient)); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); OAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user"); OAuth2AuthenticationToken authentication = new OAuth2AuthenticationToken(user, user.getAuthorities(), "client-id"); this.function.filter(request, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) - .subscriberContext(serverWebExchange()).block(); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) + .subscriberContext(serverWebExchange()) + .block(); List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); ClientRequest request0 = requests.get(0); @@ -855,7 +875,7 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); given(this.authorizedClientRepository.loadAuthorizedClient(any(), any(), any())) - .willReturn(Mono.just(authorizedClient)); + .willReturn(Mono.just(authorizedClient)); // @formatter:off ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId(this.registration.getRegistrationId())) @@ -880,12 +900,14 @@ public class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests { unauthenticatedAuthorizedClientRepository); this.function.setClientCredentialsTokenResponseClient(this.clientCredentialsTokenResponseClient); OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token") - .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .expiresIn(360) + .build(); given(this.clientCredentialsTokenResponseClient.getTokenResponse(any())) - .willReturn(Mono.just(accessTokenResponse)); + .willReturn(Mono.just(accessTokenResponse)); ClientRegistration registration = TestClientRegistrations.clientCredentials().build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))) - .willReturn(Mono.just(registration)); + .willReturn(Mono.just(registration)); // @formatter:off ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) .attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId(registration.getRegistrationId())) diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java index d0a0b8e730..0e45447b9c 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionITests.java @@ -166,17 +166,21 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().tokenUri(this.serverUrl) - .build(); + ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials() + .tokenUri(this.serverUrl) + .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) - .willReturn(clientRegistration); - this.webClient.get().uri(this.serverUrl) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .clientRegistrationId(clientRegistration.getRegistrationId())) - .retrieve().bodyToMono(String.class).block(); + .willReturn(clientRegistration); + this.webClient.get() + .uri(this.serverUrl) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .clientRegistrationId(clientRegistration.getRegistrationId())) + .retrieve() + .bodyToMono(String.class) + .block(); assertThat(this.server.getRequestCount()).isEqualTo(2); ArgumentCaptor authorizedClientCaptor = ArgumentCaptor - .forClass(OAuth2AuthorizedClient.class); + .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), eq(this.authentication), eq(this.request), eq(this.response)); assertThat(authorizedClientCaptor.getValue().getClientRegistration()).isSameAs(clientRegistration); @@ -197,10 +201,11 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { // @formatter:on this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().tokenUri(this.serverUrl) - .build(); + ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration() + .tokenUri(this.serverUrl) + .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration.getRegistrationId()))) - .willReturn(clientRegistration); + .willReturn(clientRegistration); Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant expiresAt = issuedAt.plus(Duration.ofHours(1)); OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, @@ -208,15 +213,19 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { OAuth2RefreshToken refreshToken = TestOAuth2RefreshTokens.refreshToken(); OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(clientRegistration, this.authentication.getName(), accessToken, refreshToken); - doReturn(authorizedClient).when(this.authorizedClientRepository).loadAuthorizedClient( - eq(clientRegistration.getRegistrationId()), eq(this.authentication), eq(this.request)); - this.webClient.get().uri(this.serverUrl) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .clientRegistrationId(clientRegistration.getRegistrationId())) - .retrieve().bodyToMono(String.class).block(); + doReturn(authorizedClient).when(this.authorizedClientRepository) + .loadAuthorizedClient(eq(clientRegistration.getRegistrationId()), eq(this.authentication), + eq(this.request)); + this.webClient.get() + .uri(this.serverUrl) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .clientRegistrationId(clientRegistration.getRegistrationId())) + .retrieve() + .bodyToMono(String.class) + .block(); assertThat(this.server.getRequestCount()).isEqualTo(2); ArgumentCaptor authorizedClientCaptor = ArgumentCaptor - .forClass(OAuth2AuthorizedClient.class); + .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository).saveAuthorizedClient(authorizedClientCaptor.capture(), eq(this.authentication), eq(this.request), eq(this.response)); OAuth2AuthorizedClient refreshedAuthorizedClient = authorizedClientCaptor.getValue(); @@ -241,17 +250,21 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { // Client 1 this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials().registrationId("client-1") - .tokenUri(this.serverUrl).build(); + ClientRegistration clientRegistration1 = TestClientRegistrations.clientCredentials() + .registrationId("client-1") + .tokenUri(this.serverUrl) + .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration1.getRegistrationId()))) - .willReturn(clientRegistration1); + .willReturn(clientRegistration1); // Client 2 this.server.enqueue(jsonResponse(accessTokenResponse)); this.server.enqueue(jsonResponse(clientResponse)); - ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials().registrationId("client-2") - .tokenUri(this.serverUrl).build(); + ClientRegistration clientRegistration2 = TestClientRegistrations.clientCredentials() + .registrationId("client-2") + .tokenUri(this.serverUrl) + .build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(clientRegistration2.getRegistrationId()))) - .willReturn(clientRegistration2); + .willReturn(clientRegistration2); // @formatter:off this.webClient.get() .uri(this.serverUrl) @@ -270,7 +283,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionITests { // @formatter:on assertThat(this.server.getRequestCount()).isEqualTo(4); ArgumentCaptor authorizedClientCaptor = ArgumentCaptor - .forClass(OAuth2AuthorizedClient.class); + .forClass(OAuth2AuthorizedClient.class); verify(this.authorizedClientRepository, times(2)).saveAuthorizedClient(authorizedClientCaptor.capture(), eq(this.authentication), eq(this.request), eq(this.response)); assertThat(authorizedClientCaptor.getAllValues().get(0).getClientRegistration()).isSameAs(clientRegistration1); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java index 278c7e2801..81fb3cebc6 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunctionTests.java @@ -220,36 +220,36 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void constructorWhenAuthorizedClientManagerIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new ServletOAuth2AuthorizedClientExchangeFilterFunction(null)); + .isThrownBy(() -> new ServletOAuth2AuthorizedClientExchangeFilterFunction(null)); } @Test public void setClientCredentialsTokenResponseClientWhenClientIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.function.setClientCredentialsTokenResponseClient(null)) - .withMessage("clientCredentialsTokenResponseClient cannot be null"); + .isThrownBy(() -> this.function.setClientCredentialsTokenResponseClient(null)) + .withMessage("clientCredentialsTokenResponseClient cannot be null"); } @Test public void setClientCredentialsTokenResponseClientWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() { assertThatIllegalStateException() - .isThrownBy(() -> this.function - .setClientCredentialsTokenResponseClient(new DefaultClientCredentialsTokenResponseClient())) - .withMessage("The client cannot be set when the constructor used is " - + "\"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". " - + "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, " - + "OAuth2AuthorizedClientRepository)\"."); + .isThrownBy(() -> this.function + .setClientCredentialsTokenResponseClient(new DefaultClientCredentialsTokenResponseClient())) + .withMessage("The client cannot be set when the constructor used is " + + "\"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". " + + "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, " + + "OAuth2AuthorizedClientRepository)\"."); } @Test public void setAccessTokenExpiresSkewWhenNotDefaultAuthorizedClientManagerThenThrowIllegalStateException() { assertThatIllegalStateException() - .isThrownBy(() -> this.function.setAccessTokenExpiresSkew(Duration.ofSeconds(30))) - .isInstanceOf(IllegalStateException.class) - .withMessage("The accessTokenExpiresSkew cannot be set when the constructor used is " - + "\"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". " - + "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, " - + "OAuth2AuthorizedClientRepository)\"."); + .isThrownBy(() -> this.function.setAccessTokenExpiresSkew(Duration.ofSeconds(30))) + .isInstanceOf(IllegalStateException.class) + .withMessage("The accessTokenExpiresSkew cannot be set when the constructor used is " + + "\"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". " + + "Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, " + + "OAuth2AuthorizedClientRepository)\"."); } @Test @@ -280,7 +280,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { SecurityContextHolder.getContext().setAuthentication(this.authentication); Map attrs = getDefaultRequestAttributes(); assertThat(ServletOAuth2AuthorizedClientExchangeFilterFunction.getAuthentication(attrs)) - .isEqualTo(this.authentication); + .isEqualTo(this.authentication); verifyNoInteractions(this.authorizedClientRepository); } @@ -291,7 +291,7 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { this.function.setSecurityContextHolderStrategy(strategy); Map attrs = getDefaultRequestAttributes(); assertThat(ServletOAuth2AuthorizedClientExchangeFilterFunction.getAuthentication(attrs)) - .isEqualTo(this.authentication); + .isEqualTo(this.authentication); verify(strategy).getContext(); verifyNoInteractions(this.authorizedClientRepository); } @@ -315,16 +315,15 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletRequest(new MockHttpServletRequest())) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletResponse(new MockHttpServletResponse())) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletRequest(new MockHttpServletRequest())) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletResponse(new MockHttpServletResponse())) + .build(); this.function.filter(request, this.exchange).block(); assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Bearer " + this.accessToken.getTokenValue()); + .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } @Test @@ -332,14 +331,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .header(HttpHeaders.AUTHORIZATION, "Existing") - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletRequest(new MockHttpServletRequest())) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletResponse(new MockHttpServletResponse())) - .build(); + .header(HttpHeaders.AUTHORIZATION, "Existing") + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletRequest(new MockHttpServletRequest())) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletResponse(new MockHttpServletResponse())) + .build(); this.function.filter(request, this.exchange).block(); HttpHeaders headers = this.exchange.getRequest().headers(); assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue()); @@ -348,7 +346,10 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenRefreshRequiredThenRefresh() { OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1") - .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .expiresIn(3600) + .refreshToken("refresh-1") + .build(); given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(response); Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); @@ -358,14 +359,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletRequest(new MockHttpServletRequest())) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletResponse(new MockHttpServletResponse())) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletRequest(new MockHttpServletRequest())) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletResponse(new MockHttpServletResponse())) + .build(); this.function.filter(request, this.exchange).block(); verify(this.refreshTokenTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(), @@ -385,12 +385,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenRefreshRequiredThenRefreshAndResponseDoesNotContainRefreshToken() { OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1") - .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600) - // .refreshToken(xxx) // No refreshToken in response - .build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .expiresIn(3600) + // .refreshToken(xxx) // No refreshToken in response + .build(); RestOperations refreshTokenClient = mock(RestOperations.class); given(refreshTokenClient.exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class))) - .willReturn(new ResponseEntity(response, HttpStatus.OK)); + .willReturn(new ResponseEntity(response, HttpStatus.OK)); DefaultRefreshTokenTokenResponseClient refreshTokenTokenResponseClient = new DefaultRefreshTokenTokenResponseClient(); refreshTokenTokenResponseClient.setRestOperations(refreshTokenClient); RefreshTokenOAuth2AuthorizedClientProvider authorizedClientProvider = new RefreshTokenOAuth2AuthorizedClientProvider(); @@ -407,14 +408,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletRequest(new MockHttpServletRequest())) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletResponse(new MockHttpServletResponse())) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletRequest(new MockHttpServletRequest())) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletResponse(new MockHttpServletResponse())) + .build(); this.function.filter(request, this.exchange).block(); verify(refreshTokenClient).exchange(any(RequestEntity.class), eq(OAuth2AccessTokenResponse.class)); verify(this.authorizedClientRepository).saveAuthorizedClient(this.authorizedClientCaptor.capture(), @@ -437,14 +437,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, null); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletRequest(new MockHttpServletRequest())) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletResponse(new MockHttpServletResponse())) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletRequest(new MockHttpServletRequest())) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletResponse(new MockHttpServletResponse())) + .build(); this.function.filter(request, this.exchange).block(); verify(this.authorizedClientRepository, never()).saveAuthorizedClient(any(), eq(this.authentication), any(), any()); @@ -470,14 +469,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, null); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletRequest(new MockHttpServletRequest())) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletResponse(new MockHttpServletResponse())) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletRequest(new MockHttpServletRequest())) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletResponse(new MockHttpServletResponse())) + .build(); this.function.filter(request, this.exchange).block(); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(this.authentication), any(), any()); verify(this.clientCredentialsTokenResponseClient).getTokenResponse(any()); @@ -493,11 +491,13 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenPasswordClientNotAuthorizedThenGetNewToken() { OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("new-token") - .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .expiresIn(360) + .build(); given(this.passwordTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); ClientRegistration registration = TestClientRegistrations.password().build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))) - .willReturn(registration); + .willReturn(registration); // Set custom contextAttributesMapper this.authorizedClientManager.setContextAttributesMapper((authorizeRequest) -> { Map contextAttributes = new HashMap<>(); @@ -515,12 +515,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { servletRequest.setParameter(OAuth2ParameterNames.PASSWORD, "password"); MockHttpServletResponse servletResponse = new MockHttpServletResponse(); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .clientRegistrationId(registration.getRegistrationId())) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .clientRegistrationId(registration.getRegistrationId())) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(this.authentication)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) + .build(); this.function.filter(request, this.exchange).block(); verify(this.passwordTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(this.authentication), any(), any()); @@ -536,7 +536,9 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenJwtBearerClientNotAuthorizedThenExchangeToken() { OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("exchanged-token") - .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .expiresIn(360) + .build(); given(this.jwtBearerTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse); // @formatter:off ClientRegistration registration = ClientRegistration.withRegistrationId("jwt-bearer") @@ -549,18 +551,18 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { .build(); // @formatter:on given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))) - .willReturn(registration); + .willReturn(registration); Jwt jwtAssertion = TestJwts.jwt().build(); Authentication jwtAuthentication = new TestingAuthenticationToken(jwtAssertion, jwtAssertion); MockHttpServletRequest servletRequest = new MockHttpServletRequest(); MockHttpServletResponse servletResponse = new MockHttpServletResponse(); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .clientRegistrationId(registration.getRegistrationId())) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(jwtAuthentication)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .clientRegistrationId(registration.getRegistrationId())) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(jwtAuthentication)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) + .build(); this.function.filter(request, this.exchange).block(); verify(this.jwtBearerTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(jwtAuthentication), any(), any()); @@ -576,7 +578,10 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { @Test public void filterWhenRefreshRequiredAndEmptyReactiveSecurityContextThenSaved() { OAuth2AccessTokenResponse response = OAuth2AccessTokenResponse.withToken("token-1") - .tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(3600).refreshToken("refresh-1").build(); + .tokenType(OAuth2AccessToken.TokenType.BEARER) + .expiresIn(3600) + .refreshToken("refresh-1") + .build(); given(this.refreshTokenTokenResponseClient.getTokenResponse(any())).willReturn(response); Instant issuedAt = Instant.now().minus(Duration.ofDays(1)); Instant accessTokenExpiresAt = issuedAt.plus(Duration.ofHours(1)); @@ -586,13 +591,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletRequest(new MockHttpServletRequest())) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletResponse(new MockHttpServletResponse())) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletRequest(new MockHttpServletRequest())) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletResponse(new MockHttpServletResponse())) + .build(); this.function.filter(request, this.exchange).block(); verify(this.refreshTokenTokenResponseClient).getTokenResponse(any()); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(), any(), any()); @@ -610,13 +614,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletRequest(new MockHttpServletRequest())) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletResponse(new MockHttpServletResponse())) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletRequest(new MockHttpServletRequest())) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletResponse(new MockHttpServletResponse())) + .build(); this.function.filter(request, this.exchange).block(); List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); @@ -633,13 +636,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration, "principalName", this.accessToken, refreshToken); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletRequest(new MockHttpServletRequest())) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction - .httpServletResponse(new MockHttpServletResponse())) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletRequest(new MockHttpServletRequest())) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction + .httpServletResponse(new MockHttpServletResponse())) + .build(); this.function.filter(request, this.exchange).block(); List requests = this.exchange.getRequests(); assertThat(requests).hasSize(1); @@ -664,16 +666,18 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { this.accessToken); given(this.authorizedClientRepository.loadAuthorizedClient( eq(authentication.getAuthorizedClientRegistrationId()), eq(authentication), eq(servletRequest))) - .willReturn(authorizedClient); + .willReturn(authorizedClient); // Default request attributes set final ClientRequest request1 = ClientRequest.create(HttpMethod.GET, URI.create("https://example1.com")) - .attributes((attrs) -> attrs.putAll(getDefaultRequestAttributes())).build(); + .attributes((attrs) -> attrs.putAll(getDefaultRequestAttributes())) + .build(); // Default request attributes NOT set final ClientRequest request2 = ClientRequest.create(HttpMethod.GET, URI.create("https://example2.com")).build(); Context context = context(servletRequest, servletResponse, authentication); this.function.filter(request1, this.exchange) - .flatMap((response) -> this.function.filter(request2, this.exchange)).subscriberContext(context) - .block(); + .flatMap((response) -> this.function.filter(request2, this.exchange)) + .subscriberContext(context) + .block(); List requests = this.exchange.getRequests(); assertThat(requests).hasSize(2); ClientRequest request = requests.get(0); @@ -704,11 +708,10 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { MockHttpServletRequest servletRequest = new MockHttpServletRequest(); MockHttpServletResponse servletResponse = new MockHttpServletResponse(); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) + .build(); given(this.exchange.getResponse().rawStatusCode()).willReturn(httpStatus.value()); given(this.exchange.getResponse().headers()).willReturn(mock(ClientResponse.Headers.class)); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); @@ -716,12 +719,12 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); assertThat(this.authorizationExceptionCaptor.getValue()) - .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { - assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); - assertThat(ex.getError().getErrorCode()).isEqualTo(expectedErrorCode); - assertThat(ex).hasNoCause(); - assertThat(ex).hasMessageContaining(expectedErrorCode); - }); + .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { + assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); + assertThat(ex.getError().getErrorCode()).isEqualTo(expectedErrorCode); + assertThat(ex).hasNoCause(); + assertThat(ex).hasMessageContaining(expectedErrorCode); + }); assertThat(this.authenticationCaptor.getValue().getName()).isEqualTo(authorizedClient.getPrincipalName()); assertThat(this.attributesCaptor.getValue()).containsExactly( entry(HttpServletRequest.class.getName(), servletRequest), @@ -735,32 +738,31 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { MockHttpServletRequest servletRequest = new MockHttpServletRequest(); MockHttpServletResponse servletResponse = new MockHttpServletResponse(); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) + .build(); String wwwAuthenticateHeader = "Bearer error=\"insufficient_scope\", " + "error_description=\"The request requires higher privileges than provided by the access token.\", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""; ClientResponse.Headers headers = mock(ClientResponse.Headers.class); given(headers.header(eq(HttpHeaders.WWW_AUTHENTICATE))) - .willReturn(Collections.singletonList(wwwAuthenticateHeader)); + .willReturn(Collections.singletonList(wwwAuthenticateHeader)); given(this.exchange.getResponse().headers()).willReturn(headers); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); this.function.filter(request, this.exchange).block(); verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); assertThat(this.authorizationExceptionCaptor.getValue()) - .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { - assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); - assertThat(ex.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INSUFFICIENT_SCOPE); - assertThat(ex.getError().getDescription()) - .isEqualTo("The request requires higher privileges than provided by the access token."); - assertThat(ex.getError().getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1"); - assertThat(ex).hasNoCause(); - assertThat(ex).hasMessageContaining(OAuth2ErrorCodes.INSUFFICIENT_SCOPE); - }); + .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { + assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); + assertThat(ex.getError().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INSUFFICIENT_SCOPE); + assertThat(ex.getError().getDescription()) + .isEqualTo("The request requires higher privileges than provided by the access token."); + assertThat(ex.getError().getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1"); + assertThat(ex).hasNoCause(); + assertThat(ex).hasMessageContaining(OAuth2ErrorCodes.INSUFFICIENT_SCOPE); + }); assertThat(this.authenticationCaptor.getValue().getName()).isEqualTo(authorizedClient.getPrincipalName()); assertThat(this.attributesCaptor.getValue()).containsExactly( entry(HttpServletRequest.class.getName(), servletRequest), @@ -786,26 +788,26 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { MockHttpServletRequest servletRequest = new MockHttpServletRequest(); MockHttpServletResponse servletResponse = new MockHttpServletResponse(); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) + .build(); WebClientResponseException exception = WebClientResponseException.create(httpStatus.value(), httpStatus.getReasonPhrase(), HttpHeaders.EMPTY, new byte[0], StandardCharsets.UTF_8); ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(exception); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); assertThatExceptionOfType(WebClientResponseException.class) - .isThrownBy(() -> this.function.filter(request, throwingExchangeFunction).block()).isEqualTo(exception); + .isThrownBy(() -> this.function.filter(request, throwingExchangeFunction).block()) + .isEqualTo(exception); verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); assertThat(this.authorizationExceptionCaptor.getValue()) - .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { - assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); - assertThat(ex.getError().getErrorCode()).isEqualTo(expectedErrorCode); - assertThat(ex).hasCause(exception); - assertThat(ex).hasMessageContaining(expectedErrorCode); - }); + .isInstanceOfSatisfying(ClientAuthorizationException.class, (ex) -> { + assertThat(ex.getClientRegistrationId()).isEqualTo(this.registration.getRegistrationId()); + assertThat(ex.getError().getErrorCode()).isEqualTo(expectedErrorCode); + assertThat(ex).hasCause(exception); + assertThat(ex).hasMessageContaining(expectedErrorCode); + }); assertThat(this.authenticationCaptor.getValue().getName()).isEqualTo(authorizedClient.getPrincipalName()); assertThat(this.attributesCaptor.getValue()).containsExactly( entry(HttpServletRequest.class.getName(), servletRequest), @@ -819,27 +821,25 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { MockHttpServletRequest servletRequest = new MockHttpServletRequest(); MockHttpServletResponse servletResponse = new MockHttpServletResponse(); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) + .build(); OAuth2AuthorizationException authorizationException = new OAuth2AuthorizationException( new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN)); ExchangeFunction throwingExchangeFunction = (r) -> Mono.error(authorizationException); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); assertThatExceptionOfType(OAuth2AuthorizationException.class) - .isThrownBy(() -> this.function.filter(request, throwingExchangeFunction).block()) - .isEqualTo(authorizationException); + .isThrownBy(() -> this.function.filter(request, throwingExchangeFunction).block()) + .isEqualTo(authorizationException); verify(this.authorizationFailureHandler).onAuthorizationFailure(this.authorizationExceptionCaptor.capture(), this.authenticationCaptor.capture(), this.attributesCaptor.capture()); assertThat(this.authorizationExceptionCaptor.getValue()) - .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (ex) -> { - assertThat(ex.getError().getErrorCode()) - .isEqualTo(authorizationException.getError().getErrorCode()); - assertThat(ex).hasNoCause(); - assertThat(ex).hasMessageContaining(OAuth2ErrorCodes.INVALID_TOKEN); - }); + .isInstanceOfSatisfying(OAuth2AuthorizationException.class, (ex) -> { + assertThat(ex.getError().getErrorCode()).isEqualTo(authorizationException.getError().getErrorCode()); + assertThat(ex).hasNoCause(); + assertThat(ex).hasMessageContaining(OAuth2ErrorCodes.INVALID_TOKEN); + }); assertThat(this.authenticationCaptor.getValue().getName()).isEqualTo(authorizedClient.getPrincipalName()); assertThat(this.attributesCaptor.getValue()).containsExactly( entry(HttpServletRequest.class.getName(), servletRequest), @@ -853,11 +853,10 @@ public class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests { MockHttpServletRequest servletRequest = new MockHttpServletRequest(); MockHttpServletResponse servletResponse = new MockHttpServletResponse(); ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .attributes( - ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) - .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) - .build(); + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient(authorizedClient)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)) + .attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)) + .build(); given(this.exchange.getResponse().rawStatusCode()).willReturn(HttpStatus.BAD_REQUEST.value()); given(this.exchange.getResponse().headers()).willReturn(mock(ClientResponse.Headers.class)); this.function.setAuthorizationFailureHandler(this.authorizationFailureHandler); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java index d177e1a87a..89aa2589f5 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java @@ -100,13 +100,13 @@ public class OAuth2AuthorizedClientArgumentResolverTests { @Test public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null, this.authorizedClientRepository)); + .isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null, this.authorizedClientRepository)); } @Test public void constructorWhenOAuth2AuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(this.clientRegistrationRepository, null)); + .isThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(this.clientRegistrationRepository, null)); } @Test @@ -139,16 +139,16 @@ public class OAuth2AuthorizedClientArgumentResolverTests { public void resolveArgumentWhenRegistrationIdEmptyAndNotOAuth2AuthenticationThenThrowIllegalArgumentException() { MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class); assertThatIllegalArgumentException().isThrownBy(() -> resolveArgument(methodParameter)) - .withMessage("The clientRegistrationId could not be resolved. Please provide one"); + .withMessage("The clientRegistrationId could not be resolved. Please provide one"); } @Test public void resolveArgumentWhenRegistrationIdEmptyAndOAuth2AuthenticationThenResolves() { given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any())) - .willReturn(Mono.just(this.authorizedClient)); + .willReturn(Mono.just(this.authorizedClient)); this.authentication = mock(OAuth2AuthenticationToken.class); given(((OAuth2AuthenticationToken) this.authentication).getAuthorizedClientRegistrationId()) - .willReturn("client1"); + .willReturn("client1"); MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class); resolveArgument(methodParameter); } @@ -156,7 +156,7 @@ public class OAuth2AuthorizedClientArgumentResolverTests { @Test public void resolveArgumentWhenParameterTypeOAuth2AuthorizedClientAndCurrentAuthenticationNullThenResolves() { given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any())) - .willReturn(Mono.just(this.authorizedClient)); + .willReturn(Mono.just(this.authorizedClient)); this.authentication = null; MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class); @@ -166,9 +166,9 @@ public class OAuth2AuthorizedClientArgumentResolverTests { @Test public void resolveArgumentWhenOAuth2AuthorizedClientFoundThenResolves() { given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any())) - .willReturn(Mono.just(this.authorizedClient)); + .willReturn(Mono.just(this.authorizedClient)); given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any())) - .willReturn(Mono.just(this.authorizedClient)); + .willReturn(Mono.just(this.authorizedClient)); MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class); assertThat(resolveArgument(methodParameter)).isSameAs(this.authorizedClient); @@ -177,19 +177,20 @@ public class OAuth2AuthorizedClientArgumentResolverTests { @Test public void resolveArgumentWhenOAuth2AuthorizedClientNotFoundThenThrowClientAuthorizationRequiredException() { given(this.clientRegistrationRepository.findByRegistrationId(any())) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); given(this.authorizedClientRepository.loadAuthorizedClient(anyString(), any(), any())).willReturn(Mono.empty()); MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class); assertThatExceptionOfType(ClientAuthorizationRequiredException.class) - .isThrownBy(() -> resolveArgument(methodParameter)); + .isThrownBy(() -> resolveArgument(methodParameter)); } private Object resolveArgument(MethodParameter methodParameter) { return this.argumentResolver.resolveArgument(methodParameter, null, null) - .subscriberContext((this.authentication != null) - ? ReactiveSecurityContextHolder.withAuthentication(this.authentication) : Context.empty()) - .subscriberContext(serverWebExchange()).block(); + .subscriberContext((this.authentication != null) + ? ReactiveSecurityContextHolder.withAuthentication(this.authentication) : Context.empty()) + .subscriberContext(serverWebExchange()) + .block(); } private Context serverWebExchange() { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java index b6089d75a0..b3dde290cb 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests.java @@ -60,19 +60,19 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests { this.authorizedClientRepository = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository( this.authorizedClientService); this.authorizedClientRepository - .setAnonymousAuthorizedClientRepository(this.anonymousAuthorizedClientRepository); + .setAnonymousAuthorizedClientRepository(this.anonymousAuthorizedClientRepository); } @Test public void constructorWhenAuthorizedClientServiceIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(null)); + .isThrownBy(() -> new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(null)); } @Test public void setAuthorizedClientRepositoryWhenAuthorizedClientRepositoryIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientRepository.setAnonymousAuthorizedClientRepository(null)); + .isThrownBy(() -> this.authorizedClientRepository.setAnonymousAuthorizedClientRepository(null)); } @Test @@ -80,17 +80,17 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests { given(this.authorizedClientService.loadAuthorizedClient(any(), any())).willReturn(Mono.empty()); Authentication authentication = this.createAuthenticatedPrincipal(); this.authorizedClientRepository.loadAuthorizedClient(this.registrationId, authentication, this.exchange) - .block(); + .block(); verify(this.authorizedClientService).loadAuthorizedClient(this.registrationId, this.principalName); } @Test public void loadAuthorizedClientWhenAnonymousPrincipalThenLoadFromAnonymousRepository() { given(this.anonymousAuthorizedClientRepository.loadAuthorizedClient(any(), any(), any())) - .willReturn(Mono.empty()); + .willReturn(Mono.empty()); Authentication authentication = this.createAnonymousPrincipal(); this.authorizedClientRepository.loadAuthorizedClient(this.registrationId, authentication, this.exchange) - .block(); + .block(); verify(this.anonymousAuthorizedClientRepository).loadAuthorizedClient(this.registrationId, authentication, this.exchange); } @@ -107,7 +107,7 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests { @Test public void saveAuthorizedClientWhenAnonymousPrincipalThenSaveToAnonymousRepository() { given(this.anonymousAuthorizedClientRepository.saveAuthorizedClient(any(), any(), any())) - .willReturn(Mono.empty()); + .willReturn(Mono.empty()); Authentication authentication = this.createAnonymousPrincipal(); OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authentication, this.exchange).block(); @@ -120,17 +120,17 @@ public class AuthenticatedPrincipalServerOAuth2AuthorizedClientRepositoryTests { given(this.authorizedClientService.removeAuthorizedClient(any(), any())).willReturn(Mono.empty()); Authentication authentication = this.createAuthenticatedPrincipal(); this.authorizedClientRepository.removeAuthorizedClient(this.registrationId, authentication, this.exchange) - .block(); + .block(); verify(this.authorizedClientService).removeAuthorizedClient(this.registrationId, this.principalName); } @Test public void removeAuthorizedClientWhenAnonymousPrincipalThenRemoveFromAnonymousRepository() { given(this.anonymousAuthorizedClientRepository.removeAuthorizedClient(any(), any(), any())) - .willReturn(Mono.empty()); + .willReturn(Mono.empty()); Authentication authentication = this.createAnonymousPrincipal(); this.authorizedClientRepository.removeAuthorizedClient(this.registrationId, authentication, this.exchange) - .block(); + .block(); verify(this.anonymousAuthorizedClientRepository).removeAuthorizedClient(this.registrationId, authentication, this.exchange); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java index 464d641c96..47cc6bcd3e 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java @@ -80,8 +80,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { public void resolveWhenClientRegistrationNotFoundMatchThenBadRequest() { given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty()); assertThatExceptionOfType(ResponseStatusException.class) - .isThrownBy(() -> resolve("/oauth2/authorization/not-found-id")) - .satisfies((ex) -> assertThat(ex.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST)); + .isThrownBy(() -> resolve("/oauth2/authorization/not-found-id")) + .satisfies((ex) -> assertThat(ex.getStatus()).isEqualTo(HttpStatus.BAD_REQUEST)); } @Test @@ -89,8 +89,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(this.registration)); OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/not-found-id"); assertThat(request.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id"); } @Test @@ -104,22 +104,24 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { ServerWebExchange exchange = MockServerWebExchange.from(httpRequest); OAuth2AuthorizationRequest request = this.resolver.resolve(exchange).block(); assertThat(request.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id"); } @Test public void resolveWhenAuthorizationRequestWithValidPublicClientThenResolves() { given(this.clientRegistrationRepository.findByRegistrationId(any())) - .willReturn(Mono.just(TestClientRegistrations.clientRegistration() - .clientAuthenticationMethod(ClientAuthenticationMethod.NONE).clientSecret(null).build())); + .willReturn(Mono.just(TestClientRegistrations.clientRegistration() + .clientAuthenticationMethod(ClientAuthenticationMethod.NONE) + .clientSecret(null) + .build())); OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/registration-id"); assertThat((String) request.getAttribute(PkceParameterNames.CODE_VERIFIER)) - .matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); + .matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); assertThat(request.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id&" - + "code_challenge=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "code_challenge_method=S256"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=read:user&state=.*?&" + "redirect_uri=/login/oauth2/code/registration-id&" + + "code_challenge=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "code_challenge_method=S256"); } // gh-6548 @@ -127,10 +129,10 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { public void resolveWhenAuthorizationRequestApplyPkceToConfidentialClientsThenApplied() { ClientRegistration registration1 = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(registration1.getRegistrationId()))) - .willReturn(Mono.just(registration1)); + .willReturn(Mono.just(registration1)); ClientRegistration registration2 = TestClientRegistrations.clientRegistration2().build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(registration2.getRegistrationId()))) - .willReturn(Mono.just(registration2)); + .willReturn(Mono.just(registration2)); this.resolver.setAuthorizationRequestCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce()); @@ -146,10 +148,10 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { public void resolveWhenAuthorizationRequestApplyPkceToSpecificConfidentialClientThenApplied() { ClientRegistration registration1 = TestClientRegistrations.clientRegistration().build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(registration1.getRegistrationId()))) - .willReturn(Mono.just(registration1)); + .willReturn(Mono.just(registration1)); ClientRegistration registration2 = TestClientRegistrations.clientRegistration2().build(); given(this.clientRegistrationRepository.findByRegistrationId(eq(registration2.getRegistrationId()))) - .willReturn(Mono.just(registration2)); + .willReturn(Mono.just(registration2)); this.resolver.setAuthorizationRequestCustomizer((builder) -> { builder.attributes((attrs) -> { @@ -171,33 +173,33 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { ClientRegistration clientRegistration) { assertThat(authorizationRequest.getAdditionalParameters()).containsKey(PkceParameterNames.CODE_CHALLENGE); assertThat(authorizationRequest.getAdditionalParameters()) - .contains(entry(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256")); + .contains(entry(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256")); assertThat(authorizationRequest.getAttributes()).containsKey(PkceParameterNames.CODE_VERIFIER); assertThat((String) authorizationRequest.getAttribute(PkceParameterNames.CODE_VERIFIER)) - .matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); + .matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "client_id=" - + clientRegistration.getClientId() + "&" + "scope=read:user&" + "state=.{15,}&" - + "redirect_uri=/login/oauth2/code/" + clientRegistration.getRegistrationId() + "&" - + "code_challenge=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "code_challenge_method=S256"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "client_id=" + + clientRegistration.getClientId() + "&" + "scope=read:user&" + "state=.{15,}&" + + "redirect_uri=/login/oauth2/code/" + clientRegistration.getRegistrationId() + "&" + + "code_challenge=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "code_challenge_method=S256"); } private void assertPkceNotApplied(OAuth2AuthorizationRequest authorizationRequest, ClientRegistration clientRegistration) { assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(PkceParameterNames.CODE_CHALLENGE); assertThat(authorizationRequest.getAdditionalParameters()) - .doesNotContainKey(PkceParameterNames.CODE_CHALLENGE_METHOD); + .doesNotContainKey(PkceParameterNames.CODE_CHALLENGE_METHOD); assertThat(authorizationRequest.getAttributes()).doesNotContainKey(PkceParameterNames.CODE_VERIFIER); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "client_id=" - + clientRegistration.getClientId() + "&" + "scope=read:user&" + "state=.{15,}&" - + "redirect_uri=/login/oauth2/code/" + clientRegistration.getRegistrationId()); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&" + "client_id=" + + clientRegistration.getClientId() + "&" + "scope=read:user&" + "state=.{15,}&" + + "redirect_uri=/login/oauth2/code/" + clientRegistration.getRegistrationId()); } @Test public void resolveWhenAuthenticationRequestWithValidOidcClientThenResolves() { given(this.clientRegistrationRepository.findByRegistrationId(any())) - .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); + .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); OAuth2AuthorizationRequest request = resolve("/oauth2/authorization/registration-id"); assertThat((String) request.getAttribute(OidcParameterNames.NONCE)).matches("^([a-zA-Z0-9\\-\\.\\_\\~]){128}$"); assertThat(request.getAuthorizationRequestUri()).matches("https://example.com/login/oauth/authorize\\?" @@ -209,47 +211,47 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { @Test public void resolveWhenAuthorizationRequestCustomizerRemovesNonceThenQueryExcludesNonce() { given(this.clientRegistrationRepository.findByRegistrationId(any())) - .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); + .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); this.resolver.setAuthorizationRequestCustomizer( (builder) -> builder.additionalParameters((params) -> params.remove(OidcParameterNames.NONCE)) - .attributes((attrs) -> attrs.remove(OidcParameterNames.NONCE))); + .attributes((attrs) -> attrs.remove(OidcParameterNames.NONCE))); OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id"); assertThat(authorizationRequest.getAdditionalParameters()).doesNotContainKey(OidcParameterNames.NONCE); assertThat(authorizationRequest.getAttributes()).doesNotContainKey(OidcParameterNames.NONCE); assertThat(authorizationRequest.getAttributes()).containsKey(OAuth2ParameterNames.REGISTRATION_ID); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id"); } @Test public void resolveWhenAuthorizationRequestCustomizerAddsParameterThenQueryIncludesParameter() { given(this.clientRegistrationRepository.findByRegistrationId(any())) - .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); + .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); this.resolver.setAuthorizationRequestCustomizer((builder) -> builder.authorizationRequestUri((uriBuilder) -> { uriBuilder.queryParam("param1", "value1"); return uriBuilder.build(); })); OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id"); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" - + "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id&" - + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "param1=value1"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + + "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id&" + + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "param1=value1"); } @Test public void resolveWhenAuthorizationRequestCustomizerOverridesParameterThenQueryIncludesParameter() { given(this.clientRegistrationRepository.findByRegistrationId(any())) - .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); + .willReturn(Mono.just(TestClientRegistrations.clientRegistration().scope(OidcScopes.OPENID).build())); this.resolver.setAuthorizationRequestCustomizer((builder) -> builder.parameters((params) -> { params.put("appid", params.get("client_id")); params.remove("client_id"); })); OAuth2AuthorizationRequest authorizationRequest = resolve("/oauth2/authorization/registration-id"); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&" - + "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id&" - + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "appid=client-id"); + .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&" + + "scope=openid&state=.{15,}&" + "redirect_uri=/login/oauth2/code/registration-id&" + + "nonce=([a-zA-Z0-9\\-\\.\\_\\~]){43}&" + "appid=client-id"); } private OAuth2AuthorizationRequest resolve(String path) { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java index 9fcb151bbb..f11fdfe1ab 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationCodeGrantWebFilterTests.java @@ -91,24 +91,24 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { public void constructorWhenAuthenticationManagerNullThenIllegalArgumentException() { this.authenticationManager = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager, - this.clientRegistrationRepository, this.authorizedClientRepository)); + .isThrownBy(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager, + this.clientRegistrationRepository, this.authorizedClientRepository)); } @Test public void constructorWhenClientRegistrationRepositoryNullThenIllegalArgumentException() { this.clientRegistrationRepository = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager, - this.clientRegistrationRepository, this.authorizedClientRepository)); + .isThrownBy(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager, + this.clientRegistrationRepository, this.authorizedClientRepository)); } @Test public void constructorWhenAuthorizedClientRepositoryNullThenIllegalArgumentException() { this.authorizedClientRepository = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager, - this.clientRegistrationRepository, this.authorizedClientRepository)); + .isThrownBy(() -> new OAuth2AuthorizationCodeGrantWebFilter(this.authenticationManager, + this.clientRegistrationRepository, this.authorizedClientRepository)); } @Test @@ -133,12 +133,12 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())) - .willReturn(Mono.just(oauth2AuthorizationRequest)); + .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) - .willReturn(Mono.just(oauth2AuthorizationRequest)); + .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); given(this.authenticationManager.authenticate(any())) - .willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated())); + .willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated())); MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), @@ -155,7 +155,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration)); given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); given(this.authenticationManager.authenticate(any())) - .willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated())); + .willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated())); // 1) redirect_uri with query parameters Map parameters = new LinkedHashMap<>(); parameters.put("param1", "value1"); @@ -164,9 +164,9 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())) - .willReturn(Mono.just(oauth2AuthorizationRequest)); + .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) - .willReturn(Mono.just(oauth2AuthorizationRequest)); + .willReturn(Mono.just(oauth2AuthorizationRequest)); MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), @@ -196,7 +196,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())) - .willReturn(Mono.just(oauth2AuthorizationRequest)); + .willReturn(Mono.just(oauth2AuthorizationRequest)); // 1) Parameter value Map parametersNotMatch = new LinkedHashMap<>(parameters); parametersNotMatch.put("param2", "value8"); @@ -230,21 +230,21 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration)); given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty()); given(this.authenticationManager.authenticate(any())) - .willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated())); + .willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated())); MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback"); OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())) - .willReturn(Mono.just(oauth2AuthorizationRequest)); + .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) - .willReturn(Mono.just(oauth2AuthorizationRequest)); + .willReturn(Mono.just(oauth2AuthorizationRequest)); MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); ServerRequestCache requestCache = mock(ServerRequestCache.class); given(requestCache.getRedirectUri(any(ServerWebExchange.class))) - .willReturn(Mono.just(URI.create("/saved-request"))); + .willReturn(Mono.just(URI.create("/saved-request"))); this.filter.setRequestCache(requestCache); this.filter.filter(exchange, chain).block(); verify(requestCache).getRedirectUri(exchange); @@ -260,17 +260,17 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())) - .willReturn(Mono.just(oauth2AuthorizationRequest)); + .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) - .willReturn(Mono.just(oauth2AuthorizationRequest)); + .willReturn(Mono.just(oauth2AuthorizationRequest)); MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.filter.filter(exchange, chain).block()) - .satisfies((ex) -> assertThat(ex.getError()).extracting("errorCode") - .isEqualTo("client_registration_not_found")); + .isThrownBy(() -> this.filter.filter(exchange, chain).block()) + .satisfies((ex) -> assertThat(ex.getError()).extracting("errorCode") + .isEqualTo("client_registration_not_found")); verifyNoInteractions(this.authenticationManager); } @@ -283,18 +283,18 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration); given(this.authorizationRequestRepository.loadAuthorizationRequest(any())) - .willReturn(Mono.just(oauth2AuthorizationRequest)); + .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) - .willReturn(Mono.just(oauth2AuthorizationRequest)); + .willReturn(Mono.just(oauth2AuthorizationRequest)); given(this.authenticationManager.authenticate(any())) - .willReturn(Mono.error(new OAuth2AuthorizationException(new OAuth2Error("authorization_error")))); + .willReturn(Mono.error(new OAuth2AuthorizationException(new OAuth2Error("authorization_error")))); MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest); MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse); DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList()); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.filter.filter(exchange, chain).block()) - .satisfies((ex) -> assertThat(ex.getError()).extracting("errorCode").isEqualTo("authorization_error")); + .isThrownBy(() -> this.filter.filter(exchange, chain).block()) + .satisfies((ex) -> assertThat(ex.getError()).extracting("errorCode").isEqualTo("authorization_error")); } private static OAuth2AuthorizationRequest createOAuth2AuthorizationRequest( @@ -328,7 +328,7 @@ public class OAuth2AuthorizationCodeGrantWebFilterTests { private static MockServerHttpRequest createAuthorizationResponse(MockServerHttpRequest authorizationRequest, Map additionalParameters) { MockServerHttpRequest.BaseBuilder builder = MockServerHttpRequest - .get(authorizationRequest.getURI().toString()); + .get(authorizationRequest.getURI().toString()); builder.queryParam(OAuth2ParameterNames.CODE, "code"); builder.queryParam(OAuth2ParameterNames.STATE, "state"); additionalParameters.forEach(builder::queryParam); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java index 1821cc140f..7ecb85d0e8 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/OAuth2AuthorizationRequestRedirectWebFilterTests.java @@ -86,7 +86,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { public void constructorWhenClientRegistrationRepositoryNullThenIllegalArgumentException() { this.clientRepository = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AuthorizationRequestRedirectWebFilter(this.clientRepository)); + .isThrownBy(() -> new OAuth2AuthorizationRequestRedirectWebFilter(this.clientRepository)); } @Test @@ -107,7 +107,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { @Test public void filterWhenDoesMatchThenClientRegistrationRepositoryNotSubscribed() { given(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId())) - .willReturn(Mono.just(this.registration)); + .willReturn(Mono.just(this.registration)); given(this.authzRequestRepository.saveAuthorizationRequest(any(), any())).willReturn(Mono.empty()); // @formatter:off FluxExchangeResult result = this.client.get() @@ -118,10 +118,14 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { // @formatter:on result.assertWithDiagnostics(() -> { URI location = result.getResponseHeaders().getLocation(); - assertThat(location).hasScheme("https").hasHost("example.com").hasPath("/login/oauth/authorize") - .hasParameter("response_type", "code").hasParameter("client_id", "client-id") - .hasParameter("scope", "read:user").hasParameter("state") - .hasParameter("redirect_uri", "https://example.com/login/oauth2/code/registration-id"); + assertThat(location).hasScheme("https") + .hasHost("example.com") + .hasPath("/login/oauth/authorize") + .hasParameter("response_type", "code") + .hasParameter("client_id", "client-id") + .hasParameter("scope", "read:user") + .hasParameter("state") + .hasParameter("redirect_uri", "https://example.com/login/oauth2/code/registration-id"); }); verify(this.authzRequestRepository).saveAuthorizationRequest(any(), any()); } @@ -130,7 +134,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { @Test public void filterWhenDoesMatchThenResolveRedirectUriExpandedExcludesQueryString() { given(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId())) - .willReturn(Mono.just(this.registration)); + .willReturn(Mono.just(this.registration)); given(this.authzRequestRepository.saveAuthorizationRequest(any(), any())).willReturn(Mono.empty()); // @formatter:off FluxExchangeResult result = this.client.get() @@ -154,7 +158,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { @Test public void filterWhenExceptionThenRedirected() { given(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId())) - .willReturn(Mono.just(this.registration)); + .willReturn(Mono.just(this.registration)); given(this.authzRequestRepository.saveAuthorizationRequest(any(), any())).willReturn(Mono.empty()); FilteringWebHandler webHandler = new FilteringWebHandler( (e) -> Mono.error(new ClientAuthorizationRequiredException(this.registration.getRegistrationId())), @@ -173,7 +177,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { @Test public void filterWhenExceptionThenSaveRequestSessionAttribute() { given(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId())) - .willReturn(Mono.just(this.registration)); + .willReturn(Mono.just(this.registration)); given(this.authzRequestRepository.saveAuthorizationRequest(any(), any())).willReturn(Mono.empty()); this.filter.setRequestCache(this.requestCache); given(this.requestCache.saveRequest(any())).willReturn(Mono.empty()); @@ -195,7 +199,7 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { @Test public void filterWhenPathMatchesThenRequestSessionAttributeNotSaved() { given(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId())) - .willReturn(Mono.just(this.registration)); + .willReturn(Mono.just(this.registration)); given(this.authzRequestRepository.saveAuthorizationRequest(any(), any())).willReturn(Mono.empty()); this.filter.setRequestCache(this.requestCache); // @formatter:off @@ -211,14 +215,15 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { @Test public void filterWhenCustomRedirectStrategySetThenRedirectUriInResponseBody() { given(this.clientRepository.findByRegistrationId(this.registration.getRegistrationId())) - .willReturn(Mono.just(this.registration)); + .willReturn(Mono.just(this.registration)); given(this.authzRequestRepository.saveAuthorizationRequest(any(), any())).willReturn(Mono.empty()); ServerRedirectStrategy customRedirectStrategy = (exchange, location) -> { ServerHttpResponse response = exchange.getResponse(); response.setStatusCode(HttpStatus.OK); response.getHeaders().setContentType(MediaType.TEXT_PLAIN); - DataBuffer buffer = exchange.getResponse().bufferFactory() - .wrap(location.toASCIIString().getBytes(StandardCharsets.UTF_8)); + DataBuffer buffer = exchange.getResponse() + .bufferFactory() + .wrap(location.toASCIIString().getBytes(StandardCharsets.UTF_8)); return exchange.getResponse().writeWith(Flux.just(buffer)); }; @@ -226,8 +231,13 @@ public class OAuth2AuthorizationRequestRedirectWebFilterTests { this.filter.setRequestCache(this.requestCache); FluxExchangeResult result = this.client.get() - .uri("https://example.com/oauth2/authorization/registration-id").exchange().expectHeader() - .contentType(MediaType.TEXT_PLAIN).expectStatus().isOk().returnResult(String.class); + .uri("https://example.com/oauth2/authorization/registration-id") + .exchange() + .expectHeader() + .contentType(MediaType.TEXT_PLAIN) + .expectStatus() + .isOk() + .returnResult(String.class); // @formatter:off StepVerifier.create(result.getResponseBody()) diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java index 9f9c4b70ce..4e37bf3a19 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests.java @@ -104,40 +104,40 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTests { public void applyWhenAttributesMissingThenOAuth2AuthorizationException() { this.authorizationRequest.attributes(Map::clear); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) - .willReturn(Mono.just(this.authorizationRequest.build())); + .willReturn(Mono.just(this.authorizationRequest.build())); assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> applyConverter()) - .withMessageContaining( - ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE); + .withMessageContaining( + ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE); } @Test public void applyWhenClientRegistrationMissingThenOAuth2AuthorizationException() { given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) - .willReturn(Mono.just(this.authorizationRequest.build())); + .willReturn(Mono.just(this.authorizationRequest.build())); given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty()); assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> applyConverter()) - .withMessageContaining( - ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE); + .withMessageContaining( + ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE); } @Test public void applyWhenCodeParameterNotFoundThenErrorCode() { this.request.queryParam(OAuth2ParameterNames.ERROR, "error"); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) - .willReturn(Mono.just(this.authorizationRequest.build())); + .willReturn(Mono.just(this.authorizationRequest.build())); given(this.clientRegistrationRepository.findByRegistrationId(any())) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); assertThat(applyConverter().getAuthorizationExchange().getAuthorizationResponse().getError().getErrorCode()) - .isEqualTo("error"); + .isEqualTo("error"); } @Test public void applyWhenCodeParameterFoundThenCode() { this.request.queryParam(OAuth2ParameterNames.CODE, "code"); given(this.authorizationRequestRepository.removeAuthorizationRequest(any())) - .willReturn(Mono.just(this.authorizationRequest.build())); + .willReturn(Mono.just(this.authorizationRequest.build())); given(this.clientRegistrationRepository.findByRegistrationId(any())) - .willReturn(Mono.just(this.clientRegistration)); + .willReturn(Mono.just(this.clientRegistration)); OAuth2AuthorizationCodeAuthenticationToken result = applyConverter(); OAuth2AuthorizationResponse exchange = result.getAuthorizationExchange().getAuthorizationResponse(); assertThat(exchange.getError()).isNull(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java index 0478e64303..d68de64a48 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests.java @@ -66,46 +66,50 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { public void loadAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() { this.clientRegistrationId = null; assertThatIllegalArgumentException().isThrownBy(() -> this.repository - .loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block()); + .loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) + .block()); } @Test public void loadAuthorizedClientWhenAuthenticationNotNullThenIllegalArgumentException() { this.authentication = new TestingAuthenticationToken("a", "b", "ROLE_USER"); assertThatIllegalArgumentException().isThrownBy(() -> this.repository - .loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block()); + .loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) + .block()); } @Test public void loadAuthorizedClientWhenServerWebExchangeNotNullThenIllegalArgumentException() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); assertThatIllegalArgumentException().isThrownBy(() -> this.repository - .loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block()); + .loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) + .block()); } @Test public void loadAuthorizedClientWhenNotFoundThenEmpty() { assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) - .block()).isNull(); + .block()).isNull(); } @Test public void loadAuthorizedClientWhenFoundThenFound() { this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block(); assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) - .block()).isEqualTo(this.authorizedClient); + .block()).isEqualTo(this.authorizedClient); } @Test public void loadAuthorizedClientWhenMultipleThenFound() { ClientRegistration otherClientRegistration = TestClientRegistrations.clientRegistration() - .registrationId("other-client-registration").build(); + .registrationId("other-client-registration") + .build(); OAuth2AuthorizedClient otherAuthorizedClient = new OAuth2AuthorizedClient(otherClientRegistration, "anonymousUser", this.authorizedClient.getAccessToken()); this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block(); this.repository.saveAuthorizedClient(otherAuthorizedClient, this.authentication, this.exchange).block(); assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) - .block()).isEqualTo(this.authorizedClient); + .block()).isEqualTo(this.authorizedClient); } @Test @@ -113,29 +117,32 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { this.authentication = this.anonymous; this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block(); assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) - .block()).isEqualTo(this.authorizedClient); + .block()).isEqualTo(this.authorizedClient); } // saveAuthorizedClient @Test public void saveAuthorizedClientWhenAuthorizedClientNullThenIllegalArgumentException() { this.authorizedClient = null; - assertThatIllegalArgumentException().isThrownBy(() -> this.repository - .saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block()); + assertThatIllegalArgumentException().isThrownBy( + () -> this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange) + .block()); } @Test public void saveAuthorizedClientWhenAuthenticationNotNullThenIllegalArgumentException() { this.authentication = new TestingAuthenticationToken("a", "b", "ROLE_USER"); - assertThatIllegalArgumentException().isThrownBy(() -> this.repository - .saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block()); + assertThatIllegalArgumentException().isThrownBy( + () -> this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange) + .block()); } @Test public void saveAuthorizedClientWhenServerWebExchangeNotNullThenIllegalArgumentException() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); - assertThatIllegalArgumentException().isThrownBy(() -> this.repository - .saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block()); + assertThatIllegalArgumentException().isThrownBy( + () -> this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange) + .block()); } // removeAuthorizedClient @@ -143,21 +150,24 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { public void removeAuthorizedClientWhenClientRegistrationIdNullThenIllegalArgumentException() { this.clientRegistrationId = null; assertThatIllegalArgumentException().isThrownBy(() -> this.repository - .removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block()); + .removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) + .block()); } @Test public void removeAuthorizedClientWhenAuthenticationNotNullThenIllegalArgumentException() { this.authentication = new TestingAuthenticationToken("a", "b", "ROLE_USER"); assertThatIllegalArgumentException().isThrownBy(() -> this.repository - .removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block()); + .removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) + .block()); } @Test public void removeAuthorizedClientWhenServerWebExchangeNotNullThenIllegalArgumentException() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); assertThatIllegalArgumentException().isThrownBy(() -> this.repository - .removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block()); + .removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) + .block()); } @Test @@ -165,7 +175,7 @@ public class UnAuthenticatedServerOAuth2AuthorizedClientRepositoryTests { this.repository.saveAuthorizedClient(this.authorizedClient, this.authentication, this.exchange).block(); this.repository.removeAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange).block(); assertThat(this.repository.loadAuthorizedClient(this.clientRegistrationId, this.authentication, this.exchange) - .block()).isNull(); + .block()).isNull(); } } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java index 4549f93b72..6e0db6b13d 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionOAuth2ServerAuthorizationRequestRepositoryTests.java @@ -49,7 +49,7 @@ public abstract class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests // @formatter:on protected ServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, "state")); + .from(MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, "state")); @Test public void loadAuthorizationRequestWhenNullExchangeThenIllegalArgumentException() { @@ -106,7 +106,7 @@ public abstract class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests public void saveAuthorizationRequestWhenAuthorizationRequestNullThenThrowsIllegalArgumentException() { this.authorizationRequest = null; assertThatIllegalArgumentException() - .isThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)); + .isThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)); assertSessionStartedIs(false); } @@ -114,14 +114,14 @@ public abstract class WebSessionOAuth2ServerAuthorizationRequestRepositoryTests public void saveAuthorizationRequestWhenExchangeNullThenThrowsIllegalArgumentException() { this.exchange = null; assertThatIllegalArgumentException() - .isThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)); + .isThrownBy(() -> this.repository.saveAuthorizationRequest(this.authorizationRequest, this.exchange)); } @Test public void removeAuthorizationRequestWhenExchangeNullThenThrowsIllegalArgumentException() { this.exchange = null; assertThatIllegalArgumentException() - .isThrownBy(() -> this.repository.removeAuthorizationRequest(this.exchange)); + .isThrownBy(() -> this.repository.removeAuthorizationRequest(this.exchange)); } @Test diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java index 1dbf855eac..55f78d8f04 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/WebSessionServerOAuth2AuthorizedClientRepositoryTests.java @@ -52,8 +52,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { @Test public void loadAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy( - () -> this.authorizedClientRepository.loadAuthorizedClient(null, null, this.exchange).block()); + assertThatIllegalArgumentException() + .isThrownBy(() -> this.authorizedClientRepository.loadAuthorizedClient(null, null, this.exchange).block()); } @Test @@ -70,7 +70,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { @Test public void loadAuthorizedClientWhenClientRegistrationNotFoundThenReturnNull() { OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository - .loadAuthorizedClient("registration-not-found", null, this.exchange).block(); + .loadAuthorizedClient("registration-not-found", null, this.exchange) + .block(); assertThat(authorizedClient).isNull(); } @@ -80,14 +81,15 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.exchange).block(); OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository - .loadAuthorizedClient(this.registrationId1, null, this.exchange).block(); + .loadAuthorizedClient(this.registrationId1, null, this.exchange) + .block(); assertThat(loadedAuthorizedClient).isEqualTo(authorizedClient); } @Test public void saveAuthorizedClientWhenAuthorizedClientIsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy( - () -> this.authorizedClientRepository.saveAuthorizedClient(null, null, this.exchange).block()); + assertThatIllegalArgumentException() + .isThrownBy(() -> this.authorizedClientRepository.saveAuthorizedClient(null, null, this.exchange).block()); } @Test @@ -111,14 +113,15 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(expected, null, this.exchange).block(); OAuth2AuthorizedClient result = this.authorizedClientRepository - .loadAuthorizedClient(this.registrationId2, null, this.exchange).block(); + .loadAuthorizedClient(this.registrationId2, null, this.exchange) + .block(); assertThat(result).isEqualTo(expected); } @Test public void removeAuthorizedClientWhenClientRegistrationIdIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.authorizedClientRepository.removeAuthorizedClient(null, null, this.exchange)); + .isThrownBy(() -> this.authorizedClientRepository.removeAuthorizedClient(null, null, this.exchange)); } @Test @@ -128,8 +131,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { @Test public void removeAuthorizedClientWhenRequestIsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy( - () -> this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, null)); + assertThatIllegalArgumentException() + .isThrownBy(() -> this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, null)); } @Test @@ -146,7 +149,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { // Remove registrationId2 (never added so is not removed either) this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.exchange); OAuth2AuthorizedClient loadedAuthorizedClient1 = this.authorizedClientRepository - .loadAuthorizedClient(this.registrationId1, null, this.exchange).block(); + .loadAuthorizedClient(this.registrationId1, null, this.exchange) + .block(); assertThat(loadedAuthorizedClient1).isNotNull(); assertThat(loadedAuthorizedClient1).isSameAs(authorizedClient1); } @@ -157,11 +161,13 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.exchange).block(); OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository - .loadAuthorizedClient(this.registrationId2, null, this.exchange).block(); + .loadAuthorizedClient(this.registrationId2, null, this.exchange) + .block(); assertThat(loadedAuthorizedClient).isSameAs(authorizedClient); this.authorizedClientRepository.removeAuthorizedClient(this.registrationId2, null, this.exchange).block(); loadedAuthorizedClient = this.authorizedClientRepository - .loadAuthorizedClient(this.registrationId2, null, this.exchange).block(); + .loadAuthorizedClient(this.registrationId2, null, this.exchange) + .block(); assertThat(loadedAuthorizedClient).isNull(); } @@ -171,7 +177,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { mock(OAuth2AccessToken.class)); this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.exchange).block(); OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository - .loadAuthorizedClient(this.registrationId1, null, this.exchange).block(); + .loadAuthorizedClient(this.registrationId1, null, this.exchange) + .block(); assertThat(loadedAuthorizedClient).isSameAs(authorizedClient); this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.exchange).block(); WebSession session = this.exchange.getSession().block(); @@ -189,7 +196,8 @@ public class WebSessionServerOAuth2AuthorizedClientRepositoryTests { this.authorizedClientRepository.saveAuthorizedClient(authorizedClient2, null, this.exchange).block(); this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.exchange).block(); OAuth2AuthorizedClient loadedAuthorizedClient2 = this.authorizedClientRepository - .loadAuthorizedClient(this.registrationId2, null, this.exchange).block(); + .loadAuthorizedClient(this.registrationId2, null, this.exchange) + .block(); assertThat(loadedAuthorizedClient2).isNotNull(); assertThat(loadedAuthorizedClient2).isSameAs(authorizedClient2); } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java index a326bcc994..c24afc6d22 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java @@ -67,7 +67,7 @@ public class OAuth2LoginAuthenticationWebFilterTests { private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration(); private OAuth2AuthorizationResponse.Builder authorizationResponseBldr = OAuth2AuthorizationResponse.success("code") - .state("state"); + .state("state"); @BeforeEach public void setup() { diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java index 61f46f072f..6cf83489c4 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java @@ -160,7 +160,7 @@ public interface ClaimAccessor { TypeDescriptor.valueOf(Object.class)); Object claimValue = getClaims().get(claim); Map convertedValue = (Map) ClaimConversionService.getSharedInstance() - .convert(claimValue, sourceDescriptor, targetDescriptor); + .convert(claimValue, sourceDescriptor, targetDescriptor); Assert.isTrue(convertedValue != null, () -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to Map."); return convertedValue; @@ -184,8 +184,8 @@ public interface ClaimAccessor { final TypeDescriptor targetDescriptor = TypeDescriptor.collection(List.class, TypeDescriptor.valueOf(String.class)); Object claimValue = getClaims().get(claim); - List convertedValue = (List) ClaimConversionService.getSharedInstance().convert(claimValue, - sourceDescriptor, targetDescriptor); + List convertedValue = (List) ClaimConversionService.getSharedInstance() + .convert(claimValue, sourceDescriptor, targetDescriptor); Assert.isTrue(convertedValue != null, () -> "Unable to convert claim '" + claim + "' of type '" + claimValue.getClass() + "' to List."); return convertedValue; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/DefaultMapOAuth2AccessTokenResponseConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/DefaultMapOAuth2AccessTokenResponseConverter.java index 43facab715..1e2220c48f 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/DefaultMapOAuth2AccessTokenResponseConverter.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/DefaultMapOAuth2AccessTokenResponseConverter.java @@ -67,7 +67,7 @@ public final class DefaultMapOAuth2AccessTokenResponseConverter private static OAuth2AccessToken.TokenType getAccessTokenType(Map tokenResponseParameters) { if (OAuth2AccessToken.TokenType.BEARER.getValue() - .equalsIgnoreCase(getParameterValue(tokenResponseParameters, OAuth2ParameterNames.TOKEN_TYPE))) { + .equalsIgnoreCase(getParameterValue(tokenResponseParameters, OAuth2ParameterNames.TOKEN_TYPE))) { return OAuth2AccessToken.TokenType.BEARER; } return null; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java index c09f36e909..acf49a6393 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java @@ -194,8 +194,8 @@ public final class OAuth2AccessTokenResponse { accessTokenResponse.refreshToken = new OAuth2RefreshToken(this.refreshToken, issuedAt); } accessTokenResponse.additionalParameters = Collections - .unmodifiableMap(CollectionUtils.isEmpty(this.additionalParameters) ? Collections.emptyMap() - : this.additionalParameters); + .unmodifiableMap(CollectionUtils.isEmpty(this.additionalParameters) ? Collections.emptyMap() + : this.additionalParameters); return accessTokenResponse; } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java index e5af12f3e2..94ecc8c7ef 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseMapConverter.java @@ -40,7 +40,7 @@ public final class OAuth2AccessTokenResponseMapConverter public Map convert(OAuth2AccessTokenResponse tokenResponse) { Map stringTokenResponseParameters = new HashMap<>(); this.delegate.convert(tokenResponse) - .forEach((key, value) -> stringTokenResponseParameters.put(key, String.valueOf(value))); + .forEach((key, value) -> stringTokenResponseParameters.put(key, String.valueOf(value))); return stringTokenResponseParameters; } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java index 075ae6837e..8b2109de64 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java @@ -89,14 +89,14 @@ public class OAuth2AccessTokenResponseHttpMessageConverter HttpInputMessage inputMessage) throws HttpMessageNotReadableException { try { Map tokenResponseParameters = (Map) this.jsonMessageConverter - .read(STRING_OBJECT_MAP.getType(), null, inputMessage); + .read(STRING_OBJECT_MAP.getType(), null, inputMessage); // Only use deprecated converter if it has been set directly if (this.tokenResponseConverter.getClass() != MapOAuth2AccessTokenResponseConverter.class) { // gh-6463: Parse parameter values as Object in order to handle potential // JSON Object and then convert values to String Map stringTokenResponseParameters = new HashMap<>(); tokenResponseParameters - .forEach((key, value) -> stringTokenResponseParameters.put(key, String.valueOf(value))); + .forEach((key, value) -> stringTokenResponseParameters.put(key, String.valueOf(value))); return this.tokenResponseConverter.convert(stringTokenResponseParameters); } return this.accessTokenResponseConverter.convert(tokenResponseParameters); diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java index aa82f778f9..ba8f29311e 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java @@ -75,9 +75,10 @@ public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverte // gh-8157: Parse parameter values as Object in order to handle potential JSON // Object and then convert values to String Map errorParameters = (Map) this.jsonMessageConverter - .read(STRING_OBJECT_MAP.getType(), null, inputMessage); - return this.errorConverter.convert(errorParameters.entrySet().stream() - .collect(Collectors.toMap(Map.Entry::getKey, (entry) -> String.valueOf(entry.getValue())))); + .read(STRING_OBJECT_MAP.getType(), null, inputMessage); + return this.errorConverter.convert(errorParameters.entrySet() + .stream() + .collect(Collectors.toMap(Map.Entry::getKey, (entry) -> String.valueOf(entry.getValue())))); } catch (Exception ex) { throw new HttpMessageNotReadableException( diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java index 6c3d93c1c0..9ca6ac71bc 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java @@ -62,16 +62,16 @@ class OAuth2AccessTokenResponseBodyExtractor @Override public Mono extract(ReactiveHttpInputMessage inputMessage, Context context) { BodyExtractor>, ReactiveHttpInputMessage> delegate = BodyExtractors - .toMono(STRING_OBJECT_MAP); + .toMono(STRING_OBJECT_MAP); return delegate.extract(inputMessage, context) - .onErrorMap((ex) -> new OAuth2AuthorizationException( - invalidTokenResponse("An error occurred parsing the Access Token response: " + ex.getMessage()), - ex)) - .switchIfEmpty(Mono.error(() -> new OAuth2AuthorizationException( - invalidTokenResponse("Empty OAuth 2.0 Access Token Response")))) - .map(OAuth2AccessTokenResponseBodyExtractor::parse) - .flatMap(OAuth2AccessTokenResponseBodyExtractor::oauth2AccessTokenResponse) - .map(OAuth2AccessTokenResponseBodyExtractor::oauth2AccessTokenResponse); + .onErrorMap((ex) -> new OAuth2AuthorizationException( + invalidTokenResponse("An error occurred parsing the Access Token response: " + ex.getMessage()), + ex)) + .switchIfEmpty(Mono.error(() -> new OAuth2AuthorizationException( + invalidTokenResponse("Empty OAuth 2.0 Access Token Response")))) + .map(OAuth2AccessTokenResponseBodyExtractor::parse) + .flatMap(OAuth2AccessTokenResponseBodyExtractor::oauth2AccessTokenResponse) + .map(OAuth2AccessTokenResponseBodyExtractor::oauth2AccessTokenResponse); } private static TokenResponse parse(Map json) { diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java index 7e3b26cac2..b4bda016e2 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthenticationMethodTests.java @@ -31,7 +31,7 @@ public class AuthenticationMethodTests { @Test public void constructorWhenValueIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> new AuthenticationMethod(null)) - .withMessage("value cannot be empty"); + .withMessage("value cannot be empty"); } @Test diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java index dfbeb1c7d9..24e3b6e458 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/AuthorizationGrantTypeTests.java @@ -56,7 +56,7 @@ public class AuthorizationGrantTypeTests { @Test public void getValueWhenJwtBearerGrantTypeThenReturnJwtBearer() { assertThat(AuthorizationGrantType.JWT_BEARER.getValue()) - .isEqualTo("urn:ietf:params:oauth:grant-type:jwt-bearer"); + .isEqualTo("urn:ietf:params:oauth:grant-type:jwt-bearer"); } } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java index c211d4639d..520ae4a7e5 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/ClaimAccessorTests.java @@ -128,8 +128,8 @@ public class ClaimAccessorTests { Map claimValue = new HashMap<>(); this.claims.put(claimName, claimValue); assertThatIllegalArgumentException().isThrownBy(() -> this.claimAccessor.getClaimAsBoolean(claimName)) - .withMessage("Unable to convert claim '" + claimName + "' of type '" + claimValue.getClass() - + "' to Boolean."); + .withMessage( + "Unable to convert claim '" + claimName + "' of type '" + claimValue.getClass() + "' to Boolean."); } @Test diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java index c619e6f318..16d569f717 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipalTests.java @@ -44,18 +44,19 @@ public class DefaultOAuth2AuthenticatedPrincipalTests { @Test public void constructorWhenAttributesIsNullOrEmptyThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultOAuth2AuthenticatedPrincipal(null, this.authorities)); + .isThrownBy(() -> new DefaultOAuth2AuthenticatedPrincipal(null, this.authorities)); assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultOAuth2AuthenticatedPrincipal(Collections.emptyMap(), this.authorities)); + .isThrownBy(() -> new DefaultOAuth2AuthenticatedPrincipal(Collections.emptyMap(), this.authorities)); } @Test public void constructorWhenAuthoritiesIsNullOrEmptyThenNoAuthorities() { Collection authorities = new DefaultOAuth2AuthenticatedPrincipal(this.attributes, - null).getAuthorities(); + null) + .getAuthorities(); assertThat(authorities).isEmpty(); authorities = new DefaultOAuth2AuthenticatedPrincipal(this.attributes, Collections.emptyList()) - .getAuthorities(); + .getAuthorities(); assertThat(authorities).isEmpty(); } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java index 82aa06722b..b6307f5c45 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidatorTests.java @@ -65,9 +65,9 @@ public class DelegatingOAuth2TokenValidatorTests { OAuth2TokenValidator secondFailure = mock(OAuth2TokenValidator.class); OAuth2Error otherDetail = new OAuth2Error("another-error"); given(firstFailure.validate(any(AbstractOAuth2Token.class))) - .willReturn(OAuth2TokenValidatorResult.failure(DETAIL)); + .willReturn(OAuth2TokenValidatorResult.failure(DETAIL)); given(secondFailure.validate(any(AbstractOAuth2Token.class))) - .willReturn(OAuth2TokenValidatorResult.failure(otherDetail)); + .willReturn(OAuth2TokenValidatorResult.failure(otherDetail)); DelegatingOAuth2TokenValidator tokenValidator = new DelegatingOAuth2TokenValidator<>( firstFailure, secondFailure); AbstractOAuth2Token token = mock(AbstractOAuth2Token.class); diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java index 223f1006a8..8e951a6961 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java @@ -53,13 +53,13 @@ public class OAuth2AccessTokenTests { @Test public void constructorWhenTokenTypeIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AccessToken(null, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT)); + .isThrownBy(() -> new OAuth2AccessToken(null, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT)); } @Test public void constructorWhenTokenValueIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2AccessToken(TOKEN_TYPE, null, ISSUED_AT, EXPIRES_AT)); + .isThrownBy(() -> new OAuth2AccessToken(TOKEN_TYPE, null, ISSUED_AT, EXPIRES_AT)); } @Test diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2RefreshTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2RefreshTokenTests.java index 0d5bb17329..ccb6bfb329 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2RefreshTokenTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2RefreshTokenTests.java @@ -39,23 +39,21 @@ public class OAuth2RefreshTokenTests { @Test public void constructorWhenTokenValueIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> new OAuth2RefreshToken(null, ISSUED_AT, EXPIRES_AT)) - .withMessage("tokenValue cannot be empty"); + .withMessage("tokenValue cannot be empty"); } @Test public void constructorWhenIssuedAtAfterExpiresAtThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy( - () -> new OAuth2RefreshToken(TOKEN_VALUE, Instant.from(EXPIRES_AT).plusSeconds(1), EXPIRES_AT)) - .withMessage("expiresAt must be after issuedAt"); + .isThrownBy(() -> new OAuth2RefreshToken(TOKEN_VALUE, Instant.from(EXPIRES_AT).plusSeconds(1), EXPIRES_AT)) + .withMessage("expiresAt must be after issuedAt"); } @Test public void constructorWhenExpiresAtBeforeIssuedAtThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy( - () -> new OAuth2RefreshToken(TOKEN_VALUE, ISSUED_AT, Instant.from(ISSUED_AT).minusSeconds(1))) - .withMessage("expiresAt must be after issuedAt"); + .isThrownBy(() -> new OAuth2RefreshToken(TOKEN_VALUE, ISSUED_AT, Instant.from(ISSUED_AT).minusSeconds(1))) + .withMessage("expiresAt must be after issuedAt"); } @Test diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java index 8d27597e4b..79ed9fa72a 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimConversionServiceTests.java @@ -101,16 +101,16 @@ public class ClaimConversionServiceTests { public void convertInstantWhenNumberThenConverts() { Instant instant = Instant.now(); assertThat(this.conversionService.convert(instant.getEpochSecond(), Instant.class)) - .isEqualTo(instant.truncatedTo(ChronoUnit.SECONDS)); + .isEqualTo(instant.truncatedTo(ChronoUnit.SECONDS)); } @Test public void convertInstantWhenStringThenConverts() { Instant instant = Instant.now(); assertThat(this.conversionService.convert(String.valueOf(instant.getEpochSecond()), Instant.class)) - .isEqualTo(instant.truncatedTo(ChronoUnit.SECONDS)); + .isEqualTo(instant.truncatedTo(ChronoUnit.SECONDS)); assertThat(this.conversionService.convert(String.valueOf(instant.toString()), Instant.class)) - .isEqualTo(instant); + .isEqualTo(instant); } @Test @@ -155,7 +155,7 @@ public class ClaimConversionServiceTests { @Test public void convertCollectionStringWhenListNumberThenConverts() { assertThat(this.conversionService.convert(Lists.list(1, 2, 3, 4), Collection.class)) - .isEqualTo(Lists.list("1", "2", "3", "4")); + .isEqualTo(Lists.list("1", "2", "3", "4")); } @Test @@ -166,14 +166,14 @@ public class ClaimConversionServiceTests { jsonArray.add("3"); jsonArray.add(null); assertThat(this.conversionService.convert(jsonArray, List.class)).isNotInstanceOf(JSONArray.class) - .isEqualTo(Lists.list("1", "2", "3")); + .isEqualTo(Lists.list("1", "2", "3")); } @Test public void convertCollectionStringWhenNotConvertibleThenReturnSingletonList() { String string = "not-convertible-collection"; assertThat(this.conversionService.convert(string, Collection.class)) - .isEqualTo(Collections.singletonList(string)); + .isEqualTo(Collections.singletonList(string)); } @Test @@ -190,7 +190,7 @@ public class ClaimConversionServiceTests { @Test public void convertListStringWhenListNumberThenConverts() { assertThat(this.conversionService.convert(Lists.list(1, 2, 3, 4), List.class)) - .isEqualTo(Lists.list("1", "2", "3", "4")); + .isEqualTo(Lists.list("1", "2", "3", "4")); } @Test @@ -214,7 +214,7 @@ public class ClaimConversionServiceTests { } }; assertThat(this.conversionService.convert(mapStringObject, Map.class)).isNotSameAs(mapStringObject) - .isEqualTo(mapStringObject); + .isEqualTo(mapStringObject); } @Test @@ -249,7 +249,7 @@ public class ClaimConversionServiceTests { } }; assertThat(this.conversionService.convert(jsonObject, Map.class)).isNotInstanceOf(JSONObject.class) - .isEqualTo(mapStringObject); + .isEqualTo(mapStringObject); } @Test diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java index fd792678b6..8a6496b7bf 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java @@ -90,8 +90,8 @@ public class ClaimTypeConverterTests { private static Converter getConverter(TypeDescriptor targetDescriptor) { final TypeDescriptor sourceDescriptor = TypeDescriptor.valueOf(Object.class); - return (source) -> ClaimConversionService.getSharedInstance().convert(source, sourceDescriptor, - targetDescriptor); + return (source) -> ClaimConversionService.getSharedInstance() + .convert(source, sourceDescriptor, targetDescriptor); } @Test diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java index bc2cdba8a0..c32337fde6 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponseTests.java @@ -77,7 +77,7 @@ public class OAuth2AccessTokenResponseTests { .build(); // @formatter:on assertThat(tokenResponse.getAccessToken().getExpiresAt()) - .isEqualTo(tokenResponse.getAccessToken().getIssuedAt().plusSeconds(1)); + .isEqualTo(tokenResponse.getAccessToken().getIssuedAt().plusSeconds(1)); } @Test @@ -89,7 +89,7 @@ public class OAuth2AccessTokenResponseTests { .build(); // @formatter:on assertThat(tokenResponse.getAccessToken().getExpiresAt()) - .isEqualTo(tokenResponse.getAccessToken().getIssuedAt().plusSeconds(1)); + .isEqualTo(tokenResponse.getAccessToken().getIssuedAt().plusSeconds(1)); } @Test @@ -136,14 +136,14 @@ public class OAuth2AccessTokenResponseTests { // @formatter:on OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse).build(); assertThat(withResponse.getAccessToken().getTokenValue()) - .isEqualTo(tokenResponse.getAccessToken().getTokenValue()); + .isEqualTo(tokenResponse.getAccessToken().getTokenValue()); assertThat(withResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(withResponse.getAccessToken().getIssuedAt()).isEqualTo(tokenResponse.getAccessToken().getIssuedAt()); assertThat(withResponse.getAccessToken().getExpiresAt()) - .isEqualTo(tokenResponse.getAccessToken().getExpiresAt()); + .isEqualTo(tokenResponse.getAccessToken().getExpiresAt()); assertThat(withResponse.getAccessToken().getScopes()).isEqualTo(tokenResponse.getAccessToken().getScopes()); assertThat(withResponse.getRefreshToken().getTokenValue()) - .isEqualTo(tokenResponse.getRefreshToken().getTokenValue()); + .isEqualTo(tokenResponse.getRefreshToken().getTokenValue()); assertThat(withResponse.getAdditionalParameters()).isEqualTo(tokenResponse.getAdditionalParameters()); } @@ -175,9 +175,10 @@ public class OAuth2AccessTokenResponseTests { // @formatter:on long expiresIn = 30; OAuth2AccessTokenResponse withResponse = OAuth2AccessTokenResponse.withResponse(tokenResponse) - .expiresIn(expiresIn).build(); + .expiresIn(expiresIn) + .build(); assertThat(withResponse.getAccessToken().getExpiresAt()) - .isEqualTo(withResponse.getAccessToken().getIssuedAt().plusSeconds(expiresIn)); + .isEqualTo(withResponse.getAccessToken().getIssuedAt().plusSeconds(expiresIn)); } } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java index bdb78830e6..5ceb83463e 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java @@ -36,8 +36,8 @@ public class OAuth2AuthorizationExchangeTests { @Test public void constructorWhenAuthorizationResponseIsNullThenThrowIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy( - () -> new OAuth2AuthorizationExchange(TestOAuth2AuthorizationRequests.request().build(), null)); + assertThatIllegalArgumentException() + .isThrownBy(() -> new OAuth2AuthorizationExchange(TestOAuth2AuthorizationRequests.request().build(), null)); } @Test diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java index 0101ecae59..1da76ce63b 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequestTests.java @@ -220,8 +220,8 @@ public class OAuth2AuthorizationRequestTests { .build(); // @formatter:on assertThat(authorizationRequest.getAuthorizationRequestUri()) - .isEqualTo("https://provider.com/oauth2/authorize?" + "response_type=token&client_id=client-id&" - + "scope=scope1%20scope2&state=state&" + "redirect_uri=https://example.com"); + .isEqualTo("https://provider.com/oauth2/authorize?" + "response_type=token&client_id=client-id&" + + "scope=scope1%20scope2&state=state&" + "redirect_uri=https://example.com"); } @Test @@ -260,8 +260,13 @@ public class OAuth2AuthorizationRequestTests { additionalParameters.put("param1", "value1"); additionalParameters.put("param2", "value2"); OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() - .authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).scopes(SCOPES) - .state(STATE).additionalParameters(additionalParameters).build(); + .authorizationUri(AUTHORIZATION_URI) + .clientId(CLIENT_ID) + .redirectUri(REDIRECT_URI) + .scopes(SCOPES) + .state(STATE) + .additionalParameters(additionalParameters) + .build(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?" + "response_type=code&client_id=client-id&" + "scope=scope1%20scope2&state=state&" @@ -271,9 +276,11 @@ public class OAuth2AuthorizationRequestTests { @Test public void buildWhenRequiredParametersSetThenAuthorizationRequestUriIncludesRequiredParametersOnly() { OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode() - .authorizationUri(AUTHORIZATION_URI).clientId(CLIENT_ID).build(); + .authorizationUri(AUTHORIZATION_URI) + .clientId(CLIENT_ID) + .build(); assertThat(authorizationRequest.getAuthorizationRequestUri()) - .isEqualTo("https://provider.com/oauth2/authorize?response_type=code&client_id=client-id"); + .isEqualTo("https://provider.com/oauth2/authorize?response_type=code&client_id=client-id"); } @Test @@ -303,7 +310,7 @@ public class OAuth2AuthorizationRequestTests { .build(); // @formatter:on assertThat(authorizationRequestCopy.getAuthorizationUri()) - .isEqualTo(authorizationRequest.getAuthorizationUri()); + .isEqualTo(authorizationRequest.getAuthorizationUri()); assertThat(authorizationRequestCopy.getGrantType()).isEqualTo(authorizationRequest.getGrantType()); assertThat(authorizationRequestCopy.getResponseType()).isEqualTo(authorizationRequest.getResponseType()); assertThat(authorizationRequestCopy.getClientId()).isEqualTo(authorizationRequest.getClientId()); @@ -311,16 +318,17 @@ public class OAuth2AuthorizationRequestTests { assertThat(authorizationRequestCopy.getScopes()).isEqualTo(authorizationRequest.getScopes()); assertThat(authorizationRequestCopy.getState()).isEqualTo(authorizationRequest.getState()); assertThat(authorizationRequestCopy.getAdditionalParameters()) - .isEqualTo(authorizationRequest.getAdditionalParameters()); + .isEqualTo(authorizationRequest.getAdditionalParameters()); assertThat(authorizationRequestCopy.getAttributes()).isEqualTo(authorizationRequest.getAttributes()); assertThat(authorizationRequestCopy.getAuthorizationRequestUri()) - .isEqualTo(authorizationRequest.getAuthorizationRequestUri()); + .isEqualTo(authorizationRequest.getAuthorizationRequestUri()); } @Test public void buildWhenAuthorizationUriIncludesQueryParameterThenAuthorizationRequestUrlIncludesIt() { OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .authorizationUri(AUTHORIZATION_URI + "?param1=value1¶m2=value2").build(); + .authorizationUri(AUTHORIZATION_URI + "?param1=value1¶m2=value2") + .build(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?" + "param1=value1¶m2=value2&" + "response_type=code&client_id=client-id&state=state&" @@ -330,9 +338,9 @@ public class OAuth2AuthorizationRequestTests { @Test public void buildWhenAuthorizationUriIncludesEscapedQueryParameterThenAuthorizationRequestUrlIncludesIt() { OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .authorizationUri(AUTHORIZATION_URI - + "?claims=%7B%22userinfo%22%3A%7B%22email_verified%22%3A%7B%22essential%22%3Atrue%7D%7D%7D") - .build(); + .authorizationUri(AUTHORIZATION_URI + + "?claims=%7B%22userinfo%22%3A%7B%22email_verified%22%3A%7B%22essential%22%3Atrue%7D%7D%7D") + .build(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo("https://provider.com/oauth2/authorize?" + "claims=%7B%22userinfo%22%3A%7B%22email_verified%22%3A%7B%22essential%22%3Atrue%7D%7D%7D&" @@ -347,7 +355,8 @@ public class OAuth2AuthorizationRequestTests { additionalParameters.put("item name", "H" + '\u00c5' + "M" + '\u00d6'); additionalParameters.put('\u00e2' + "ge", "4" + '\u00bd'); OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request() - .additionalParameters(additionalParameters).build(); + .additionalParameters(additionalParameters) + .build(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isNotNull(); assertThat(authorizationRequest.getAuthorizationRequestUri()).isEqualTo( "https://example.com/login/oauth/authorize?" + "response_type=code&client_id=client-id&state=state&" diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java index dbe4e533e6..270c031de8 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOAuth2AccessTokenResponses.java @@ -45,7 +45,7 @@ public final class TestOAuth2AccessTokenResponses { Map additionalParameters = new HashMap<>(); additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token"); return accessTokenResponse().scopes(Collections.singleton(OidcScopes.OPENID)) - .additionalParameters(additionalParameters); + .additionalParameters(additionalParameters); } } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java index 842ea51181..570836fed5 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java @@ -71,7 +71,7 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { @Test public void setTokenResponseParametersConverterWhenConverterIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.messageConverter.setTokenResponseParametersConverter(null)); + .isThrownBy(() -> this.messageConverter.setTokenResponseParametersConverter(null)); } @Test @@ -89,11 +89,11 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { // @formatter:on MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK); OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter - .readInternal(OAuth2AccessTokenResponse.class, response); + .readInternal(OAuth2AccessTokenResponse.class, response); assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()) - .isBeforeOrEqualTo(Instant.now().plusSeconds(3600)); + .isBeforeOrEqualTo(Instant.now().plusSeconds(3600)); assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write"); assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo("refresh-token-1234"); assertThat(accessTokenResponse.getAdditionalParameters()).containsExactly( @@ -118,15 +118,17 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { // @formatter:on MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK); OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter - .readInternal(OAuth2AccessTokenResponse.class, response); + .readInternal(OAuth2AccessTokenResponse.class, response); assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()) - .isBeforeOrEqualTo(Instant.now().plusSeconds(3600)); + .isBeforeOrEqualTo(Instant.now().plusSeconds(3600)); assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("read", "write"); assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo("refresh-token-1234"); - Map additionalParameters = accessTokenResponse.getAdditionalParameters().entrySet().stream() - .collect(Collectors.toMap(Map.Entry::getKey, (entry) -> String.valueOf(entry.getValue()))); + Map additionalParameters = accessTokenResponse.getAdditionalParameters() + .entrySet() + .stream() + .collect(Collectors.toMap(Map.Entry::getKey, (entry) -> String.valueOf(entry.getValue()))); assertThat(additionalParameters).containsExactly(entry("custom_object_1", "{name1=value1}"), entry("custom_object_2", "[value1, value2]"), entry("custom_parameter_1", "custom-value-1"), entry("custom_parameter_2", "custom-value-2")); @@ -146,11 +148,11 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { // @formatter:on MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK); OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter - .readInternal(OAuth2AccessTokenResponse.class, response); + .readInternal(OAuth2AccessTokenResponse.class, response); assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234"); assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER); assertThat(accessTokenResponse.getAccessToken().getExpiresAt()) - .isBeforeOrEqualTo(Instant.now().plusSeconds(3600)); + .isBeforeOrEqualTo(Instant.now().plusSeconds(3600)); assertThat(accessTokenResponse.getAccessToken().getScopes()).isEmpty(); assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo("refresh-token-1234"); } @@ -163,8 +165,8 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { String tokenResponse = "{}"; MockClientHttpResponse response = new MockClientHttpResponse(tokenResponse.getBytes(), HttpStatus.OK); assertThatExceptionOfType(HttpMessageNotReadableException.class) - .isThrownBy(() -> this.messageConverter.readInternal(OAuth2AccessTokenResponse.class, response)) - .withMessageContaining("An error occurred reading the OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.messageConverter.readInternal(OAuth2AccessTokenResponse.class, response)) + .withMessageContaining("An error occurred reading the OAuth 2.0 Access Token Response"); } @Test @@ -210,8 +212,8 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests { // @formatter:on MockHttpOutputMessage outputMessage = new MockHttpOutputMessage(); assertThatExceptionOfType(HttpMessageNotWritableException.class) - .isThrownBy(() -> this.messageConverter.writeInternal(accessTokenResponse, outputMessage)) - .withMessageContaining("An error occurred writing the OAuth 2.0 Access Token Response"); + .isThrownBy(() -> this.messageConverter.writeInternal(accessTokenResponse, outputMessage)) + .withMessageContaining("An error occurred writing the OAuth 2.0 Access Token Response"); } } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java index 90aa2de2e4..7e4df6df4c 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverterTests.java @@ -105,8 +105,8 @@ public class OAuth2ErrorHttpMessageConverterTests { String errorResponse = "{}"; MockClientHttpResponse response = new MockClientHttpResponse(errorResponse.getBytes(), HttpStatus.BAD_REQUEST); assertThatExceptionOfType(HttpMessageNotReadableException.class) - .isThrownBy(() -> this.messageConverter.readInternal(OAuth2Error.class, response)) - .withMessageContaining("An error occurred reading the OAuth 2.0 Error"); + .isThrownBy(() -> this.messageConverter.readInternal(OAuth2Error.class, response)) + .withMessageContaining("An error occurred reading the OAuth 2.0 Error"); } @Test @@ -130,8 +130,8 @@ public class OAuth2ErrorHttpMessageConverterTests { "https://tools.ietf.org/html/rfc6749#section-5.2"); MockHttpOutputMessage outputMessage = new MockHttpOutputMessage(); assertThatExceptionOfType(HttpMessageNotWritableException.class) - .isThrownBy(() -> this.messageConverter.writeInternal(oauth2Error, outputMessage)) - .withMessageContaining("An error occurred writing the OAuth 2.0 Error"); + .isThrownBy(() -> this.messageConverter.writeInternal(oauth2Error, outputMessage)) + .withMessageContaining("An error occurred writing the OAuth 2.0 Error"); } } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java index 2027f75196..50c02c7098 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/OidcIdTokenBuilderTests.java @@ -58,7 +58,7 @@ public class OidcIdTokenBuilderTests { idToken = idTokenBuilder.expiresAt(now).build(); assertThat(idToken.getExpiresAt()).isSameAs(now); assertThatIllegalArgumentException() - .isThrownBy(() -> idTokenBuilder.claim(IdTokenClaimNames.EXP, "not an instant").build()); + .isThrownBy(() -> idTokenBuilder.claim(IdTokenClaimNames.EXP, "not an instant").build()); } @Test @@ -70,7 +70,7 @@ public class OidcIdTokenBuilderTests { idToken = idTokenBuilder.issuedAt(now).build(); assertThat(idToken.getIssuedAt()).isSameAs(now); assertThatIllegalArgumentException() - .isThrownBy(() -> idTokenBuilder.claim(IdTokenClaimNames.IAT, "not an instant").build()); + .isThrownBy(() -> idTokenBuilder.claim(IdTokenClaimNames.IAT, "not an instant").build()); } @Test diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java index 9f37b7630e..24f87eb5a1 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java @@ -50,13 +50,13 @@ public class DefaultOAuth2UserTests { @Test public void constructorWhenAttributesIsNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES, null, ATTRIBUTE_NAME_KEY)); + .isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES, null, ATTRIBUTE_NAME_KEY)); } @Test public void constructorWhenAttributesIsEmptyThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES, Collections.emptyMap(), ATTRIBUTE_NAME_KEY)); + .isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES, Collections.emptyMap(), ATTRIBUTE_NAME_KEY)); } @Test @@ -67,7 +67,7 @@ public class DefaultOAuth2UserTests { @Test public void constructorWhenNameAttributeKeyIsInvalidThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, "invalid")); + .isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, "invalid")); } @Test diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java index 4b59b143fb..b90d2dc53e 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthorityTests.java @@ -48,7 +48,7 @@ public class OAuth2UserAuthorityTests { @Test public void constructorWhenAttributesIsEmptyThenThrowIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2UserAuthority(AUTHORITY, Collections.emptyMap())); + .isThrownBy(() -> new OAuth2UserAuthority(AUTHORITY, Collections.emptyMap())); } @Test diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java index 0d0eb9adb1..af00efd093 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractorsTests.java @@ -85,7 +85,7 @@ public class OAuth2BodyExtractorsTests { @Test public void oauth2AccessTokenResponseWhenInvalidJsonThenException() { BodyExtractor, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors - .oauth2AccessTokenResponse(); + .oauth2AccessTokenResponse(); MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK); response.getHeaders().setContentType(MediaType.APPLICATION_JSON); response.setBody("{"); @@ -100,7 +100,7 @@ public class OAuth2BodyExtractorsTests { @Test public void oauth2AccessTokenResponseWhenEmptyThenException() { BodyExtractor, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors - .oauth2AccessTokenResponse(); + .oauth2AccessTokenResponse(); MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK); Mono result = extractor.extract(response, this.context); // @formatter:off @@ -113,7 +113,7 @@ public class OAuth2BodyExtractorsTests { @Test public void oauth2AccessTokenResponseWhenValidThenCreated() { BodyExtractor, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors - .oauth2AccessTokenResponse(); + .oauth2AccessTokenResponse(); MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK); response.getHeaders().setContentType(MediaType.APPLICATION_JSON); // @formatter:off @@ -139,7 +139,7 @@ public class OAuth2BodyExtractorsTests { // gh-6087 public void oauth2AccessTokenResponseWhenMultipleAttributeTypesThenCreated() { BodyExtractor, ReactiveHttpInputMessage> extractor = OAuth2BodyExtractors - .oauth2AccessTokenResponse(); + .oauth2AccessTokenResponse(); MockClientHttpResponse response = new MockClientHttpResponse(HttpStatus.OK); response.getHeaders().setContentType(MediaType.APPLICATION_JSON); // @formatter:off diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java index 03e88e1f2d..3db496064e 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java @@ -96,8 +96,10 @@ final class JwtDecoderProviderConfigurationUtils { } static Set getJWSAlgorithms(JWKSource jwkSource) { - JWKMatcher jwkMatcher = new JWKMatcher.Builder().publicOnly(true).keyUses(KeyUse.SIGNATURE, null) - .keyTypes(KeyType.RSA, KeyType.EC).build(); + JWKMatcher jwkMatcher = new JWKMatcher.Builder().publicOnly(true) + .keyUses(KeyUse.SIGNATURE, null) + .keyTypes(KeyType.RSA, KeyType.EC) + .build(); Set jwsAlgorithms = new HashSet<>(); try { List jwks = jwkSource.get(new JWKSelector(jwkMatcher), null); diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java index 7132ca22bb..8cc95ba1e3 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java @@ -54,7 +54,7 @@ public final class JwtDecoders { public static T fromOidcIssuerLocation(String oidcIssuerLocation) { Assert.hasText(oidcIssuerLocation, "oidcIssuerLocation cannot be empty"); Map configuration = JwtDecoderProviderConfigurationUtils - .getConfigurationForOidcIssuerLocation(oidcIssuerLocation); + .getConfigurationForOidcIssuerLocation(oidcIssuerLocation); return (T) withProviderConfiguration(configuration, oidcIssuerLocation); } @@ -90,7 +90,7 @@ public final class JwtDecoders { public static T fromIssuerLocation(String issuer) { Assert.hasText(issuer, "issuer cannot be empty"); Map configuration = JwtDecoderProviderConfigurationUtils - .getConfigurationForIssuerLocation(issuer); + .getConfigurationForIssuerLocation(issuer); return (T) withProviderConfiguration(configuration, issuer); } @@ -110,7 +110,8 @@ public final class JwtDecoders { OAuth2TokenValidator jwtValidator = JwtValidators.createDefaultWithIssuer(issuer); String jwkSetUri = configuration.get("jwks_uri").toString(); NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri) - .jwtProcessorCustomizer(JwtDecoderProviderConfigurationUtils::addJWSAlgorithms).build(); + .jwtProcessorCustomizer(JwtDecoderProviderConfigurationUtils::addJWSAlgorithms) + .build(); jwtDecoder.setJwtValidator(jwtValidator); return jwtDecoder; } diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java index 33c3999562..66b52e39ef 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java @@ -90,7 +90,7 @@ public final class NimbusJwtDecoder implements JwtDecoder { private final JWTProcessor jwtProcessor; private Converter, Map> claimSetConverter = MappedJwtClaimSetConverter - .withDefaults(Collections.emptyMap()); + .withDefaults(Collections.emptyMap()); private OAuth2TokenValidator jwtValidator = JwtValidators.createDefault(); diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java index 9c84cf3699..3e4682c532 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java @@ -58,7 +58,7 @@ public final class NimbusJwtDecoderJwkSupport implements JwtDecoder { private OAuth2TokenValidator jwtValidator = JwtValidators.createDefault(); private Converter, Map> claimSetConverter = MappedJwtClaimSetConverter - .withDefaults(Collections.emptyMap()); + .withDefaults(Collections.emptyMap()); private NimbusJwtDecoder delegate; @@ -80,7 +80,7 @@ public final class NimbusJwtDecoderJwkSupport implements JwtDecoder { Assert.hasText(jwkSetUrl, "jwkSetUrl cannot be empty"); Assert.hasText(jwsAlgorithm, "jwsAlgorithm cannot be empty"); this.jwtDecoderBuilder = NimbusJwtDecoder.withJwkSetUri(jwkSetUrl) - .jwsAlgorithm(SignatureAlgorithm.from(jwsAlgorithm)); + .jwsAlgorithm(SignatureAlgorithm.from(jwsAlgorithm)); this.delegate = makeDelegate(); } diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java index e3fc0e8597..f5a98543fd 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java @@ -97,7 +97,7 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder { private OAuth2TokenValidator jwtValidator = JwtValidators.createDefault(); private Converter, Map> claimSetConverter = MappedJwtClaimSetConverter - .withDefaults(Collections.emptyMap()); + .withDefaults(Collections.emptyMap()); /** * Constructs a {@code NimbusReactiveJwtDecoder} using the provided parameters. @@ -184,8 +184,10 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder { try { Map headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject()); Map claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims()); - return Jwt.withTokenValue(parsedJwt.getParsedString()).headers((h) -> h.putAll(headers)) - .claims((c) -> c.putAll(claims)).build(); + return Jwt.withTokenValue(parsedJwt.getParsedString()) + .headers((h) -> h.putAll(headers)) + .claims((c) -> c.putAll(claims)) + .build(); } catch (Exception ex) { throw new BadJwtException("An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex); @@ -391,17 +393,17 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder { ReactiveRemoteJWKSource source = new ReactiveRemoteJWKSource(this.jwkSetUri); source.setWebClient(this.webClient); Mono, Function>> jwtProcessorMono = this.jwtProcessorCustomizer - .apply(source, jwtProcessor) - .map((processor) -> Tuples.of(processor, getExpectedJwsAlgorithms(processor.getJWSKeySelector()))) - .cache((processor) -> FOREVER, (ex) -> Duration.ZERO, () -> Duration.ZERO); + .apply(source, jwtProcessor) + .map((processor) -> Tuples.of(processor, getExpectedJwsAlgorithms(processor.getJWSKeySelector()))) + .cache((processor) -> FOREVER, (ex) -> Duration.ZERO, () -> Duration.ZERO); return (jwt) -> { return jwtProcessorMono.flatMap((tuple) -> { JWTProcessor processor = tuple.getT1(); Function expectedJwsAlgorithms = tuple.getT2(); JWKSelector selector = createSelector(expectedJwsAlgorithms, jwt.getHeader()); return source.get(selector) - .onErrorMap((ex) -> new IllegalStateException("Could not obtain the keys", ex)) - .map((jwkList) -> createClaimsSet(processor, jwt, new JWKSecurityContext(jwkList))); + .onErrorMap((ex) -> new IllegalStateException("Could not obtain the keys", ex)) + .map((jwkList) -> createClaimsSet(processor, jwt, new JWKSecurityContext(jwkList))); }); }; } @@ -642,8 +644,9 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder { return (jwt) -> { if (jwt instanceof SignedJWT) { return this.jwkSource.apply((SignedJWT) jwt) - .onErrorMap((e) -> new IllegalStateException("Could not obtain the keys", e)).collectList() - .map((jwks) -> createClaimsSet(jwtProcessor, jwt, new JWKSecurityContext(jwks))); + .onErrorMap((e) -> new IllegalStateException("Could not obtain the keys", e)) + .collectList() + .map((jwks) -> createClaimsSet(jwtProcessor, jwt, new JWKSecurityContext(jwks))); } throw new BadJwtException("Unsupported algorithm of " + jwt.getHeader().getAlgorithm()); }; diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderProviderConfigurationUtils.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderProviderConfigurationUtils.java index 94a8e918d9..faf8e42c14 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderProviderConfigurationUtils.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoderProviderConfigurationUtils.java @@ -45,15 +45,17 @@ final class ReactiveJwtDecoderProviderConfigurationUtils { } JWKSource delegate = ((JWSVerificationKeySelector) selector).getJWKSource(); return getJWSAlgorithms(jwkSource).map((algorithms) -> new JWSVerificationKeySelector<>(algorithms, delegate)) - .map((replacement) -> { - jwtProcessor.setJWSKeySelector(replacement); - return jwtProcessor; - }); + .map((replacement) -> { + jwtProcessor.setJWSKeySelector(replacement); + return jwtProcessor; + }); } static Mono> getJWSAlgorithms(ReactiveRemoteJWKSource jwkSource) { - JWKMatcher jwkMatcher = new JWKMatcher.Builder().publicOnly(true).keyUses(KeyUse.SIGNATURE, null) - .keyTypes(KeyType.RSA, KeyType.EC).build(); + JWKMatcher jwkMatcher = new JWKMatcher.Builder().publicOnly(true) + .keyUses(KeyUse.SIGNATURE, null) + .keyTypes(KeyType.RSA, KeyType.EC) + .build(); return jwkSource.get(new JWKSelector(jwkMatcher)).map((jwks) -> { Set jwsAlgorithms = new HashSet<>(); for (JWK jwk : jwks) { diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java index f702cba0ed..9f231d92f7 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java @@ -52,7 +52,7 @@ public final class ReactiveJwtDecoders { public static ReactiveJwtDecoder fromOidcIssuerLocation(String oidcIssuerLocation) { Assert.hasText(oidcIssuerLocation, "oidcIssuerLocation cannot be empty"); Map configuration = JwtDecoderProviderConfigurationUtils - .getConfigurationForOidcIssuerLocation(oidcIssuerLocation); + .getConfigurationForOidcIssuerLocation(oidcIssuerLocation); return withProviderConfiguration(configuration, oidcIssuerLocation); } @@ -88,7 +88,7 @@ public final class ReactiveJwtDecoders { public static ReactiveJwtDecoder fromIssuerLocation(String issuer) { Assert.hasText(issuer, "issuer cannot be empty"); Map configuration = JwtDecoderProviderConfigurationUtils - .getConfigurationForIssuerLocation(issuer); + .getConfigurationForIssuerLocation(issuer); return withProviderConfiguration(configuration, issuer); } @@ -108,7 +108,8 @@ public final class ReactiveJwtDecoders { OAuth2TokenValidator jwtValidator = JwtValidators.createDefaultWithIssuer(issuer); String jwkSetUri = configuration.get("jwks_uri").toString(); NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withJwkSetUri(jwkSetUri) - .jwtProcessorCustomizer(ReactiveJwtDecoderProviderConfigurationUtils::addJWSAlgorithms).build(); + .jwtProcessorCustomizer(ReactiveJwtDecoderProviderConfigurationUtils::addJWSAlgorithms) + .build(); jwtDecoder.setJwtValidator(jwtValidator); return jwtDecoder; } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwsHeaderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwsHeaderTests.java index a1262a850f..6ca4542f23 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwsHeaderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwsHeaderTests.java @@ -33,13 +33,13 @@ public class JwsHeaderTests { @Test public void withWhenNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> JwsHeader.with(null)) - .withMessage("jwsAlgorithm cannot be null"); + .withMessage("jwsAlgorithm cannot be null"); } @Test public void fromWhenNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> JwsHeader.from(null)) - .withMessage("headers cannot be null"); + .withMessage("headers cannot be null"); } @Test @@ -89,15 +89,15 @@ public class JwsHeaderTests { @Test public void headerWhenNameNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> JwsHeader.with(SignatureAlgorithm.RS256).header(null, "value")) - .withMessage("name cannot be empty"); + .isThrownBy(() -> JwsHeader.with(SignatureAlgorithm.RS256).header(null, "value")) + .withMessage("name cannot be empty"); } @Test public void headerWhenValueNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> JwsHeader.with(SignatureAlgorithm.RS256).header("name", null)) - .withMessage("value cannot be null"); + .isThrownBy(() -> JwsHeader.with(SignatureAlgorithm.RS256).header("name", null)) + .withMessage("value cannot be null"); } @Test @@ -105,7 +105,7 @@ public class JwsHeaderTests { JwsHeader jwsHeader = TestJwsHeaders.jwsHeader().build(); assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> jwsHeader.getHeader(null)) - .withMessage("name cannot be empty"); + .withMessage("name cannot be empty"); } } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java index 4d521ed906..09d13a6e7a 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtBuilderTests.java @@ -72,7 +72,7 @@ public class JwtBuilderTests { jwt = jwtBuilder.expiresAt(now).build(); assertThat(jwt.getExpiresAt()).isSameAs(now); assertThatIllegalArgumentException() - .isThrownBy(() -> jwtBuilder.claim(JwtClaimNames.EXP, "not an instant").build()); + .isThrownBy(() -> jwtBuilder.claim(JwtClaimNames.EXP, "not an instant").build()); } @Test @@ -87,7 +87,7 @@ public class JwtBuilderTests { jwt = jwtBuilder.issuedAt(now).build(); assertThat(jwt.getIssuedAt()).isSameAs(now); assertThatIllegalArgumentException() - .isThrownBy(() -> jwtBuilder.claim(JwtClaimNames.IAT, "not an instant").build()); + .isThrownBy(() -> jwtBuilder.claim(JwtClaimNames.IAT, "not an instant").build()); } @Test diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimsSetTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimsSetTests.java index 3e0c802842..2a1fbf4ac9 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimsSetTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtClaimsSetTests.java @@ -31,7 +31,7 @@ public class JwtClaimsSetTests { @Test public void buildWhenClaimsEmptyThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> JwtClaimsSet.builder().build()) - .withMessage("claims cannot be empty"); + .withMessage("claims cannot be empty"); } @Test @@ -65,7 +65,7 @@ public class JwtClaimsSetTests { @Test public void fromWhenNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> JwtClaimsSet.from(null)) - .withMessage("claims cannot be null"); + .withMessage("claims cannot be null"); } @Test @@ -78,13 +78,15 @@ public class JwtClaimsSetTests { @Test public void claimWhenNameNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> JwtClaimsSet.builder().claim(null, "value")).withMessage("name cannot be empty"); + .isThrownBy(() -> JwtClaimsSet.builder().claim(null, "value")) + .withMessage("name cannot be empty"); } @Test public void claimWhenValueNullThenThrowIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> JwtClaimsSet.builder().claim("name", null)).withMessage("value cannot be null"); + .isThrownBy(() -> JwtClaimsSet.builder().claim("name", null)) + .withMessage("value cannot be null"); } } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtilsTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtilsTests.java index b51bcbb9ce..1b88d6f3f3 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtilsTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtilsTests.java @@ -49,7 +49,8 @@ public class JwtDecoderProviderConfigurationUtilsTests { public void getSignatureAlgorithmsWhenJwkSetSpecifiesAlgorithmThenUses() throws Exception { JWKSource jwkSource = mock(JWKSource.class); RSAKey key = new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY).keyUse(KeyUse.SIGNATURE) - .algorithm(JWSAlgorithm.RS384).build(); + .algorithm(JWSAlgorithm.RS384) + .build(); given(jwkSource.get(any(JWKSelector.class), isNull())).willReturn(Collections.singletonList(key)); Set algorithms = JwtDecoderProviderConfigurationUtils.getSignatureAlgorithms(jwkSource); assertThat(algorithms).containsOnly(SignatureAlgorithm.RS384); @@ -60,7 +61,7 @@ public class JwtDecoderProviderConfigurationUtilsTests { JWKSource jwkSource = mock(JWKSource.class); given(jwkSource.get(any(JWKSelector.class), isNull())).willReturn(Collections.emptyList()); assertThatIllegalArgumentException() - .isThrownBy(() -> JwtDecoderProviderConfigurationUtils.getSignatureAlgorithms(jwkSource)); + .isThrownBy(() -> JwtDecoderProviderConfigurationUtils.getSignatureAlgorithms(jwkSource)); } @Test @@ -68,7 +69,9 @@ public class JwtDecoderProviderConfigurationUtilsTests { JWKSource jwkSource = mock(JWKSource.class); // Test parameters are from Anders Rundgren, public only ECKey ecKey = new ECKey.Builder(Curve.P_256, new Base64URL("3l2Da_flYc-AuUTm2QzxgyvJxYM_2TeB9DMlwz7j1PE"), - new Base64URL("-kjT7Wrfhwsi9SG6H4UXiyUiVE9GHCLauslksZ3-_t0")).keyUse(KeyUse.SIGNATURE).build(); + new Base64URL("-kjT7Wrfhwsi9SG6H4UXiyUiVE9GHCLauslksZ3-_t0")) + .keyUse(KeyUse.SIGNATURE) + .build(); RSAKey rsaKey = new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY).keyUse(KeyUse.ENCRYPTION).build(); given(jwkSource.get(any(JWKSelector.class), isNull())).willReturn(Arrays.asList(ecKey, rsaKey)); Set algorithms = JwtDecoderProviderConfigurationUtils.getSignatureAlgorithms(jwkSource); @@ -80,7 +83,8 @@ public class JwtDecoderProviderConfigurationUtilsTests { public void getSignatureAlgorithmsWhenAlgorithmThenParses() throws Exception { JWKSource jwkSource = mock(JWKSource.class); RSAKey key = new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY).keyUse(KeyUse.SIGNATURE) - .algorithm(new Algorithm(JwsAlgorithms.RS256)).build(); + .algorithm(new Algorithm(JwsAlgorithms.RS256)) + .build(); given(jwkSource.get(any(JWKSelector.class), isNull())).willReturn(Collections.singletonList(key)); Set algorithms = JwtDecoderProviderConfigurationUtils.getSignatureAlgorithms(jwkSource); assertThat(algorithms).containsOnly(SignatureAlgorithm.RS256); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java index dea0818a1f..f343cd2b69 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecodersTests.java @@ -168,7 +168,7 @@ public class JwtDecodersTests { public void issuerWhenResponseIsNonCompliantThenThrowsRuntimeException() { prepareConfigurationResponse("{ \"missing_required_keys\" : \"and_values\" }"); assertThatExceptionOfType(RuntimeException.class) - .isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer)); + .isThrownBy(() -> JwtDecoders.fromOidcIssuerLocation(this.issuer)); } @Test diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java index 11d4b105ec..9c365411b8 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java @@ -50,7 +50,7 @@ public class MappedJwtClaimSetConverterTests { Converter expiresAtConverter = mock(Converter.class); given(expiresAtConverter.convert(any())).willReturn(at); MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter - .withDefaults(Collections.singletonMap(JwtClaimNames.EXP, expiresAtConverter)); + .withDefaults(Collections.singletonMap(JwtClaimNames.EXP, expiresAtConverter)); Map source = new HashMap<>(); Map target = converter.convert(source); assertThat(target.get(JwtClaimNames.IAT)).isEqualTo(Instant.ofEpochMilli(at.toEpochMilli()).minusSeconds(1)); @@ -103,7 +103,7 @@ public class MappedJwtClaimSetConverterTests { public void convertWhenUsingCustomConverterThenAllOtherDefaultsAreStillUsed() { Converter claimConverter = mock(Converter.class); MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter - .withDefaults(Collections.singletonMap(JwtClaimNames.SUB, claimConverter)); + .withDefaults(Collections.singletonMap(JwtClaimNames.SUB, claimConverter)); given(claimConverter.convert(any(Object.class))).willReturn("1234"); Map source = new HashMap<>(); source.put(JwtClaimNames.JTI, 1); @@ -127,7 +127,7 @@ public class MappedJwtClaimSetConverterTests { @Test public void convertWhenConverterReturnsNullThenClaimIsRemoved() { MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter - .withDefaults(Collections.singletonMap(JwtClaimNames.NBF, (nbfClaimValue) -> null)); + .withDefaults(Collections.singletonMap(JwtClaimNames.NBF, (nbfClaimValue) -> null)); Map source = Collections.singletonMap(JwtClaimNames.NBF, Instant.now()); Map target = converter.convert(source); assertThat(target).doesNotContainKey(JwtClaimNames.NBF); @@ -145,7 +145,7 @@ public class MappedJwtClaimSetConverterTests { public void convertWhenConverterReturnsValueWhenEntryIsMissingThenEntryIsAdded() { Converter claimConverter = mock(Converter.class); MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter - .withDefaults(Collections.singletonMap("custom-claim", claimConverter)); + .withDefaults(Collections.singletonMap("custom-claim", claimConverter)); given(claimConverter.convert(any())).willReturn("custom-value"); Map source = new HashMap<>(); Map target = converter.convert(source); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJweEncoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJweEncoderTests.java index cfb1d7cd11..2bc95d6495 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJweEncoderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJweEncoderTests.java @@ -145,7 +145,7 @@ public class NimbusJweEncoderTests { Jwt encodedJweNestedJws = this.jweEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet)); assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.ALG)) - .isEqualTo(DEFAULT_JWE_HEADER.getAlgorithm()); + .isEqualTo(DEFAULT_JWE_HEADER.getAlgorithm()); assertThat(encodedJweNestedJws.getHeaders().get("enc")).isEqualTo(DEFAULT_JWE_HEADER.getHeader("enc")); assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.JKU)).isNull(); assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.JWK)).isNull(); @@ -446,9 +446,11 @@ public class NimbusJweEncoderTests { builder.criticalParams(critical); } - Map customHeaders = headers.getHeaders().entrySet().stream() - .filter((header) -> !JWEHeader.getRegisteredParameterNames().contains(header.getKey())) - .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue)); + Map customHeaders = headers.getHeaders() + .entrySet() + .stream() + .filter((header) -> !JWEHeader.getRegisteredParameterNames().contains(header.getKey())) + .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue)); if (!CollectionUtils.isEmpty(customHeaders)) { builder.customParams(customHeaders); } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java index dd0d8e4636..cfc2678ed0 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupportTests.java @@ -242,7 +242,7 @@ public class NimbusJwtDecoderJwkSupportTests { private static RestOperations mockJwkSetResponse(String response) { RestOperations restOperations = mock(RestOperations.class); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) - .willReturn(new ResponseEntity<>(response, HttpStatus.OK)); + .willReturn(new ResponseEntity<>(response, HttpStatus.OK)); return restOperations; } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java index a4e5a75706..71877d66f3 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java @@ -416,8 +416,9 @@ public class NimbusJwtDecoderTests { @Test public void decodeWhenSignatureMismatchesAlgorithmThenThrowsException() throws Exception { - NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(key()).signatureAlgorithm(SignatureAlgorithm.RS512) - .build(); + NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(key()) + .signatureAlgorithm(SignatureAlgorithm.RS512) + .build(); // @formatter:off assertThatExceptionOfType(BadJwtException.class) .isThrownBy(() -> decoder.decode(RS256_SIGNED_JWT)); @@ -431,7 +432,7 @@ public class NimbusJwtDecoderTests { RSAPrivateKey privateKey = TestKeys.DEFAULT_PRIVATE_KEY; JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(new JOSEObjectType("JWS")).build(); JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plusSeconds(60))) - .build(); + .build(); SignedJWT signedJwt = signedJwt(privateKey, header, claimsSet); // @formatter:off NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(publicKey) @@ -575,7 +576,7 @@ public class NimbusJwtDecoderTests { public void jwsKeySelectorWhenNoAlgorithmThenReturnsRS256Selector() { JWKSource jwkSource = mock(JWKSource.class); JWSKeySelector jwsKeySelector = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI) - .jwsKeySelector(jwkSource); + .jwsKeySelector(jwkSource); assertThat(jwsKeySelector instanceof JWSVerificationKeySelector); JWSVerificationKeySelector jwsVerificationKeySelector = (JWSVerificationKeySelector) jwsKeySelector; assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS256)).isTrue(); @@ -614,7 +615,7 @@ public class NimbusJwtDecoderTests { public void decodeWhenJwkSetRequestedThenAcceptHeaderJsonAndJwkSetJson() { RestOperations restOperations = mock(RestOperations.class); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) - .willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK)); + .willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK)); // @formatter:off JWTProcessor processor = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI) .restOperations(restOperations) @@ -633,7 +634,7 @@ public class NimbusJwtDecoderTests { Cache cache = new ConcurrentMapCache("test-jwk-set-cache"); RestOperations restOperations = mock(RestOperations.class); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) - .willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK)); + .willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK)); // @formatter:off NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI) .restOperations(restOperations) @@ -654,7 +655,7 @@ public class NimbusJwtDecoderTests { Cache cache = new ConcurrentMapCache("test-jwk-set-cache"); RestOperations restOperations = mock(RestOperations.class); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) - .willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK)); + .willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK)); // @formatter:off NimbusJwtDecoder jwtDecoder1 = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI) .restOperations(restOperations) @@ -703,7 +704,7 @@ public class NimbusJwtDecoderTests { given(cache.get(eq(JWK_SET_URI), eq(String.class))).willReturn(JWK_SET); given(cache.get(eq(JWK_SET_URI))).willReturn(new SimpleValueWrapper(JWK_SET)); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) - .willReturn(new ResponseEntity<>(NEW_KID_JWK_SET, HttpStatus.OK)); + .willReturn(new ResponseEntity<>(NEW_KID_JWK_SET, HttpStatus.OK)); // @formatter:off NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI) @@ -754,7 +755,7 @@ public class NimbusJwtDecoderTests { Cache cache = new ConcurrentMapCache("test-jwk-set-cache"); RestOperations restOperations = mock(RestOperations.class); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) - .willThrow(new RestClientException("Cannot retrieve JWK Set")); + .willThrow(new RestClientException("Cannot retrieve JWK Set")); // @formatter:off NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI) .restOperations(restOperations) @@ -793,7 +794,7 @@ public class NimbusJwtDecoderTests { public void withJwkSetUriWhenUsingCustomTypeHeaderThenRefuseOmittedType() throws Exception { RestOperations restOperations = mock(RestOperations.class); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) - .willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK)); + .willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK)); // @formatter:off NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI) .restOperations(restOperations) @@ -847,7 +848,7 @@ public class NimbusJwtDecoderTests { private static JWTProcessor withSigning(String jwkResponse) { RestOperations restOperations = mock(RestOperations.class); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) - .willReturn(new ResponseEntity<>(jwkResponse, HttpStatus.OK)); + .willReturn(new ResponseEntity<>(jwkResponse, HttpStatus.OK)); // @formatter:off return NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI) .restOperations(restOperations) diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtEncoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtEncoderTests.java index 60c99b13ce..526bc511a8 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtEncoderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtEncoderTests.java @@ -75,13 +75,13 @@ public class NimbusJwtEncoderTests { @Test public void constructorWhenJwkSourceNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> new NimbusJwtEncoder(null)) - .withMessage("jwkSource cannot be null"); + .withMessage("jwkSource cannot be null"); } @Test public void encodeWhenParametersNullThenThrowIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.jwtEncoder.encode(null)) - .withMessage("parameters cannot be null"); + .withMessage("parameters cannot be null"); } @Test @@ -89,8 +89,8 @@ public class NimbusJwtEncoderTests { JwsHeader jwsHeader = JwsHeader.with(SignatureAlgorithm.RS256).build(); assertThatIllegalArgumentException() - .isThrownBy(() -> this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, null))) - .withMessage("claims cannot be null"); + .isThrownBy(() -> this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, null))) + .withMessage("claims cannot be null"); } @Test @@ -103,8 +103,8 @@ public class NimbusJwtEncoderTests { JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build(); assertThatExceptionOfType(JwtEncodingException.class) - .isThrownBy(() -> this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet))) - .withMessageContaining("Failed to select a JWK signing key -> key source error"); + .isThrownBy(() -> this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet))) + .withMessageContaining("Failed to select a JWK signing key -> key source error"); } @Test @@ -117,8 +117,8 @@ public class NimbusJwtEncoderTests { JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build(); assertThatExceptionOfType(JwtEncodingException.class) - .isThrownBy(() -> this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet))) - .withMessageContaining("Found multiple JWK signing keys for algorithm 'RS256'"); + .isThrownBy(() -> this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet))) + .withMessageContaining("Found multiple JWK signing keys for algorithm 'RS256'"); } @Test @@ -127,8 +127,8 @@ public class NimbusJwtEncoderTests { JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build(); assertThatExceptionOfType(JwtEncodingException.class) - .isThrownBy(() -> this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet))) - .withMessageContaining("Failed to select a JWK signing key"); + .isThrownBy(() -> this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet))) + .withMessageContaining("Failed to select a JWK signing key"); } @Test @@ -184,13 +184,14 @@ public class NimbusJwtEncoderTests { // @formatter:on JwsHeader jwsHeader = JwsHeader.with(SignatureAlgorithm.RS256) - .x509SHA256Thumbprint(rsaJwk1.getX509CertSHA256Thumbprint().toString()).build(); + .x509SHA256Thumbprint(rsaJwk1.getX509CertSHA256Thumbprint().toString()) + .build(); JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build(); Jwt encodedJws = this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet)); assertThat(encodedJws.getHeaders().get(JoseHeaderNames.X5T_S256)) - .isEqualTo(rsaJwk1.getX509CertSHA256Thumbprint().toString()); + .isEqualTo(rsaJwk1.getX509CertSHA256Thumbprint().toString()); assertThat(encodedJws.getHeaders().get(JoseHeaderNames.KID)).isNull(); } @@ -210,9 +211,9 @@ public class NimbusJwtEncoderTests { JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build(); assertThatExceptionOfType(JwtEncodingException.class) - .isThrownBy(() -> this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet))) - .withMessageContaining( - "Failed to create a JWS Signer -> The JWK use must be sig (signature) or unspecified"); + .isThrownBy(() -> this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet))) + .withMessageContaining( + "Failed to create a JWS Signer -> The JWK use must be sig (signature) or unspecified"); } @Test @@ -238,7 +239,7 @@ public class NimbusJwtEncoderTests { assertThat(encodedJws.getHeaders().get(JoseHeaderNames.X5C)).isNull(); assertThat(encodedJws.getHeaders().get(JoseHeaderNames.X5T)).isNull(); assertThat(encodedJws.getHeaders().get(JoseHeaderNames.X5T_S256)) - .isEqualTo(rsaJwk.getX509CertSHA256Thumbprint().toString()); + .isEqualTo(rsaJwk.getX509CertSHA256Thumbprint().toString()); assertThat(encodedJws.getHeaders().get(JoseHeaderNames.TYP)).isNull(); assertThat(encodedJws.getHeaders().get(JoseHeaderNames.CTY)).isNull(); assertThat(encodedJws.getHeaders().get(JoseHeaderNames.CRIT)).isNull(); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java index 90e2eafc14..f297ecf83e 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java @@ -154,10 +154,10 @@ public class NimbusReactiveJwtDecoderTests { @Test public void decodeWhenRSAPublicKeyThenSuccess() throws Exception { - byte[] bytes = Base64.getDecoder().decode( - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqL48v1clgFw+Evm145pmh8nRYiNt72Gupsshn7Qs8dxEydCRp1DPOV/PahPk1y2nvldBNIhfNL13JOAiJ6BTiF+2ICuICAhDArLMnTH61oL1Hepq8W1xpa9gxsnL1P51thvfmiiT4RTW57koy4xIWmIp8ZXXfYgdH2uHJ9R0CQBuYKe7nEOObjxCFWC8S30huOfW2cYtv0iB23h6w5z2fDLjddX6v/FXM7ktcokgpm3/XmvT/+bL6/GGwz9k6kJOyMTubecr+WT//le8ikY66zlplYXRQh6roFfFCL21Pt8xN5zrk+0AMZUnmi8F2S2ztSBmAVJ7H71ELXsURBVZpwIDAQAB"); + byte[] bytes = Base64.getDecoder() + .decode("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqL48v1clgFw+Evm145pmh8nRYiNt72Gupsshn7Qs8dxEydCRp1DPOV/PahPk1y2nvldBNIhfNL13JOAiJ6BTiF+2ICuICAhDArLMnTH61oL1Hepq8W1xpa9gxsnL1P51thvfmiiT4RTW57koy4xIWmIp8ZXXfYgdH2uHJ9R0CQBuYKe7nEOObjxCFWC8S30huOfW2cYtv0iB23h6w5z2fDLjddX6v/FXM7ktcokgpm3/XmvT/+bL6/GGwz9k6kJOyMTubecr+WT//le8ikY66zlplYXRQh6roFfFCL21Pt8xN5zrk+0AMZUnmi8F2S2ztSBmAVJ7H71ELXsURBVZpwIDAQAB"); RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA") - .generatePublic(new X509EncodedKeySpec(bytes)); + .generatePublic(new X509EncodedKeySpec(bytes)); this.decoder = new NimbusReactiveJwtDecoder(publicKey); String noKeyId = "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6IiIsImV4cCI6OTIyMzM3MjAwNjA5NjM3NX0.hNVuHSUkxdLZrDfqdmKcOi0ggmNaDuB4ZPxPtJl1gwBiXzIGN6Hwl24O2BfBZiHFKUTQDs4_RvzD71mEG3DvUrcKmdYWqIB1l8KNmxQLUDG-cAPIpJmRJgCh50tf8OhOE_Cb9E1HcsOUb47kT9iz-VayNBcmo6BmyZLdEGhsdGBrc3Mkz2dd_0PF38I2Hf_cuSjn9gBjFGtiPEXJvob3PEjVTSx_zvodT8D9p3An1R3YBZf5JSd1cQisrXgDX2k1Jmf7UKKWzgfyCgnEtRWWbsUdPqo3rSEY9GDC1iSQXsFTTC1FT_JJDkwzGf011fsU5O_Ko28TARibmKTCxAKNRQ"; this.decoder.decode(noKeyId).block(); @@ -173,7 +173,7 @@ public class NimbusReactiveJwtDecoderTests { @Test public void decodeWhenExpiredThenFail() { assertThatExceptionOfType(JwtValidationException.class) - .isThrownBy(() -> this.decoder.decode(this.expired).block()); + .isThrownBy(() -> this.decoder.decode(this.expired).block()); } @Test @@ -195,8 +195,9 @@ public class NimbusReactiveJwtDecoderTests { @Test public void decodeWhenInvalidSignatureThenFail() { - assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.decoder - .decode(this.messageReadToken.substring(0, this.messageReadToken.length() - 2)).block()); + assertThatExceptionOfType(BadJwtException.class).isThrownBy( + () -> this.decoder.decode(this.messageReadToken.substring(0, this.messageReadToken.length() - 2)) + .block()); } @Test @@ -308,7 +309,7 @@ public class NimbusReactiveJwtDecoderTests { @Test public void jwsAlgorithmWhenNullThenThrowsException() { NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder builder = NimbusReactiveJwtDecoder - .withJwkSetUri(this.jwkSetUri); + .withJwkSetUri(this.jwkSetUri); assertThatIllegalArgumentException().isThrownBy(() -> builder.jwsAlgorithm(null)); } @@ -328,7 +329,7 @@ public class NimbusReactiveJwtDecoderTests { @Test public void restOperationsWhenNullThenThrowsException() { NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder builder = NimbusReactiveJwtDecoder - .withJwkSetUri(this.jwkSetUri); + .withJwkSetUri(this.jwkSetUri); // @formatter:off assertThatIllegalArgumentException() .isThrownBy(() -> builder.webClient(null)); @@ -474,9 +475,11 @@ public class NimbusReactiveJwtDecoderTests { @Test public void withJwkSourceWhenJwtProcessorCustomizerNullThenThrowsIllegalArgumentException() { - assertThatIllegalArgumentException().isThrownBy(() -> NimbusReactiveJwtDecoder - .withJwkSource((jwt) -> Flux.empty()).jwtProcessorCustomizer(null).build()) - .withMessage("jwtProcessorCustomizer cannot be null"); + assertThatIllegalArgumentException() + .isThrownBy(() -> NimbusReactiveJwtDecoder.withJwkSource((jwt) -> Flux.empty()) + .jwtProcessorCustomizer(null) + .build()) + .withMessage("jwtProcessorCustomizer cannot be null"); } @Test @@ -586,7 +589,8 @@ public class NimbusReactiveJwtDecoderTests { SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY; MacAlgorithm macAlgorithm = MacAlgorithm.HS256; JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject") - .expirationTime(Date.from(Instant.now().plusSeconds(60))).build(); + .expirationTime(Date.from(Instant.now().plusSeconds(60))) + .build(); SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet); // @formatter:off this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey) @@ -601,7 +605,7 @@ public class NimbusReactiveJwtDecoderTests { public void jwsKeySelectorWhenNoAlgorithmThenReturnsRS256Selector() { JWKSource jwkSource = mock(JWKSource.class); JWSKeySelector jwsKeySelector = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri) - .jwsKeySelector(jwkSource); + .jwsKeySelector(jwkSource); assertThat(jwsKeySelector instanceof JWSVerificationKeySelector); JWSVerificationKeySelector jwsVerificationKeySelector = (JWSVerificationKeySelector) jwsKeySelector; assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS256)).isTrue(); @@ -611,7 +615,8 @@ public class NimbusReactiveJwtDecoderTests { public void jwsKeySelectorWhenOneAlgorithmThenReturnsSingleSelector() { JWKSource jwkSource = mock(JWKSource.class); JWSKeySelector jwsKeySelector = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri) - .jwsAlgorithm(SignatureAlgorithm.RS512).jwsKeySelector(jwkSource); + .jwsAlgorithm(SignatureAlgorithm.RS512) + .jwsKeySelector(jwkSource); assertThat(jwsKeySelector instanceof JWSVerificationKeySelector); JWSVerificationKeySelector jwsVerificationKeySelector = (JWSVerificationKeySelector) jwsKeySelector; assertThat(jwsVerificationKeySelector.isAllowed(JWSAlgorithm.RS512)).isTrue(); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/SupplierJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/SupplierJwtDecoderTests.java index 645fe35e27..d3140389cf 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/SupplierJwtDecoderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/SupplierJwtDecoderTests.java @@ -70,7 +70,7 @@ public class SupplierJwtDecoderTests { given(broken.get()).willThrow(RuntimeException.class); JwtDecoder supplierJwtDecoder = new SupplierJwtDecoder(broken); assertThatExceptionOfType(JwtDecoderInitializationException.class) - .isThrownBy(() -> supplierJwtDecoder.decode("token")); + .isThrownBy(() -> supplierJwtDecoder.decode("token")); reset(broken); given(broken.get()).willReturn(jwtDecoder); supplierJwtDecoder.decode("token"); diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/SupplierReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/SupplierReactiveJwtDecoderTests.java index febe62d607..2ebbc8061f 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/SupplierReactiveJwtDecoderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/SupplierReactiveJwtDecoderTests.java @@ -48,7 +48,7 @@ public class SupplierReactiveJwtDecoderTests { given(broken.get()).willThrow(RuntimeException.class); ReactiveJwtDecoder jwtDecoder = new SupplierReactiveJwtDecoder(broken); assertThatExceptionOfType(JwtDecoderInitializationException.class) - .isThrownBy(() -> jwtDecoder.decode("token").block()); + .isThrownBy(() -> jwtDecoder.decode("token").block()); verify(broken).get(); } @@ -73,7 +73,7 @@ public class SupplierReactiveJwtDecoderTests { given(jwtDecoder.decode("token")).willReturn(Mono.empty()); ReactiveJwtDecoder supplierReactiveJwtDecoder = new SupplierReactiveJwtDecoder(broken); assertThatExceptionOfType(JwtDecoderInitializationException.class) - .isThrownBy(() -> supplierReactiveJwtDecoder.decode("token").block()); + .isThrownBy(() -> supplierReactiveJwtDecoder.decode("token").block()); reset(broken); given(broken.get()).willReturn(jwtDecoder); supplierReactiveJwtDecoder.decode("token").block(); diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java index e3641dafe1..30e9d29bde 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java @@ -106,7 +106,7 @@ public final class BearerTokenError extends OAuth2Error { private static boolean isErrorUriValid(String errorUri) { return errorUri == null || errorUri.chars() - .allMatch((c) -> c == 0x21 || withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E)); + .allMatch((c) -> c == 0x21 || withinTheRangeOf(c, 0x23, 0x5B) || withinTheRangeOf(c, 0x5D, 0x7E)); } private static boolean isScopeValid(String scope) { diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java index 333639cd9b..f31949d937 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolver.java @@ -141,9 +141,9 @@ public final class JwtIssuerReactiveAuthenticationManagerResolver "Authentication must be of type BearerTokenAuthenticationToken"); BearerTokenAuthenticationToken token = (BearerTokenAuthenticationToken) authentication; return this.issuerConverter.convert(token) - .flatMap((issuer) -> this.issuerAuthenticationManagerResolver.resolve(issuer).switchIfEmpty( - Mono.error(() -> new InvalidBearerTokenException("Invalid issuer " + issuer)))) - .flatMap((manager) -> manager.authenticate(authentication)); + .flatMap((issuer) -> this.issuerAuthenticationManagerResolver.resolve(issuer) + .switchIfEmpty(Mono.error(() -> new InvalidBearerTokenException("Invalid issuer " + issuer)))) + .flatMap((manager) -> manager.authenticate(authentication)); } } diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/SpringReactiveOpaqueTokenIntrospector.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/SpringReactiveOpaqueTokenIntrospector.java index 187c970260..6eb86f7076 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/SpringReactiveOpaqueTokenIntrospector.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/SpringReactiveOpaqueTokenIntrospector.java @@ -123,15 +123,16 @@ public class SpringReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke // relying solely on the authorization server to validate this token (not checking // 'exp', for example) return responseEntity.bodyToMono(STRING_OBJECT_MAP) - .filter((body) -> (boolean) body.compute(OAuth2TokenIntrospectionClaimNames.ACTIVE, (k, v) -> { - if (v instanceof String) { - return Boolean.parseBoolean((String) v); - } - if (v instanceof Boolean) { - return v; - } - return false; - })).switchIfEmpty(Mono.error(() -> new BadOpaqueTokenException("Provided token isn't active"))); + .filter((body) -> (boolean) body.compute(OAuth2TokenIntrospectionClaimNames.ACTIVE, (k, v) -> { + if (v instanceof String) { + return Boolean.parseBoolean((String) v); + } + if (v instanceof Boolean) { + return v; + } + return false; + })) + .switchIfEmpty(Mono.error(() -> new BadOpaqueTokenException("Provided token isn't active"))); } private OAuth2AuthenticatedPrincipal convertClaimsSet(Map claims) { diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java index 3407356732..d0e111bdef 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.java @@ -55,7 +55,7 @@ public final class DefaultBearerTokenResolver implements BearerTokenResolver { if (authorizationHeaderToken != null) { if (parameterToken != null) { final BearerTokenError error = BearerTokenErrors - .invalidRequest("Found multiple bearer tokens in the request"); + .invalidRequest("Found multiple bearer tokens in the request"); throw new OAuth2AuthenticationException(error); } return authorizationHeaderToken; diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilter.java index 53d56f6af8..ac85f4ba8d 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilter.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilter.java @@ -69,7 +69,7 @@ public class BearerTokenAuthenticationFilter extends OncePerRequestFilter { private final AuthenticationManagerResolver authenticationManagerResolver; private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private AuthenticationEntryPoint authenticationEntryPoint = new BearerTokenAuthenticationEntryPoint(); diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/authentication/ServerBearerTokenAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/authentication/ServerBearerTokenAuthenticationConverter.java index 22d4f82f11..d30cd8e05a 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/authentication/ServerBearerTokenAuthenticationConverter.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/authentication/ServerBearerTokenAuthenticationConverter.java @@ -72,7 +72,7 @@ public class ServerBearerTokenAuthenticationConverter implements ServerAuthentic if (authorizationHeaderToken != null) { if (parameterToken != null) { BearerTokenError error = BearerTokenErrors - .invalidRequest("Found multiple bearer tokens in the request"); + .invalidRequest("Found multiple bearer tokens in the request"); throw new OAuth2AuthenticationException(error); } return authorizationHeaderToken; diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/DelegatingJwtGrantedAuthoritiesConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/DelegatingJwtGrantedAuthoritiesConverterTests.java index 32db277d53..ffdb477058 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/DelegatingJwtGrantedAuthoritiesConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/DelegatingJwtGrantedAuthoritiesConverterTests.java @@ -67,8 +67,8 @@ public class DelegatingJwtGrantedAuthoritiesConverterTests { @Test public void constructorWhenAuthoritiesConverterIsNullThenIllegalArgumentException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> new DelegatingJwtGrantedAuthoritiesConverter( - (Collection>>) null)); + .isThrownBy(() -> new DelegatingJwtGrantedAuthoritiesConverter( + (Collection>>) null)); } private Collection authorityListToOrderedSet(Collection grantedAuthorities) { diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java index bdfa7f24fb..6e35bb3433 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java @@ -54,15 +54,15 @@ public class JwtAuthenticationConverterTests { @Test public void whenSettingNullGrantedAuthoritiesConverter() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(null)) - .withMessage("jwtGrantedAuthoritiesConverter cannot be null"); + .isThrownBy(() -> this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(null)) + .withMessage("jwtGrantedAuthoritiesConverter cannot be null"); } @Test public void convertWithOverriddenGrantedAuthoritiesConverter() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); Converter> grantedAuthoritiesConverter = (token) -> Arrays - .asList(new SimpleGrantedAuthority("blah")); + .asList(new SimpleGrantedAuthority("blah")); this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter); AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt); Collection authorities = authentication.getAuthorities(); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java index 6f9ddf63b6..2695f0f9fd 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationTokenTests.java @@ -55,7 +55,7 @@ public class JwtAuthenticationTokenTests { @Test public void constructorWhenJwtIsNullThenThrowsException() { assertThatIllegalArgumentException().isThrownBy(() -> new JwtAuthenticationToken(null)) - .withMessageContaining("token cannot be null"); + .withMessageContaining("token cannot be null"); } @Test diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java index 3826a922e8..fc9fed19b8 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerAuthenticationManagerResolverTests.java @@ -123,7 +123,7 @@ public class JwtIssuerAuthenticationManagerResolverTests { AuthenticationManager authenticationManager = authenticationManagerResolver.resolve(null); assertThat(authenticationManager).isNotNull(); assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> authenticationManager.authenticate(token)); + .isThrownBy(() -> authenticationManager.authenticate(token)); Authentication authentication = authenticationManager.authenticate(token); assertThat(authentication.isAuthenticated()).isTrue(); } @@ -133,10 +133,12 @@ public class JwtIssuerAuthenticationManagerResolverTests { public void resolveWhenUsingSameIssuerThenReturnsSameAuthenticationManager() throws Exception { try (MockWebServer server = new MockWebServer()) { String issuer = server.url("").toString(); - server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json") - .setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer))); - server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json") - .setBody(JWK_SET)); + server.enqueue(new MockResponse().setResponseCode(200) + .setHeader("Content-Type", "application/json") + .setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer))); + server.enqueue(new MockResponse().setResponseCode(200) + .setHeader("Content-Type", "application/json") + .setBody(JWK_SET)); TrustedIssuerJwtAuthenticationManagerResolver resolver = new TrustedIssuerJwtAuthenticationManagerResolver( (iss) -> iss.equals(issuer)); AuthenticationManager authenticationManager = resolver.resolve(issuer); @@ -231,15 +233,15 @@ public class JwtIssuerAuthenticationManagerResolverTests { @Test public void constructorWhenNullOrEmptyIssuersThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new JwtIssuerAuthenticationManagerResolver((Collection) null)); + .isThrownBy(() -> new JwtIssuerAuthenticationManagerResolver((Collection) null)); assertThatIllegalArgumentException() - .isThrownBy(() -> new JwtIssuerAuthenticationManagerResolver(Collections.emptyList())); + .isThrownBy(() -> new JwtIssuerAuthenticationManagerResolver(Collections.emptyList())); } @Test public void constructorWhenNullAuthenticationManagerResolverThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new JwtIssuerAuthenticationManagerResolver((AuthenticationManagerResolver) null)); + .isThrownBy(() -> new JwtIssuerAuthenticationManagerResolver((AuthenticationManagerResolver) null)); } private Authentication withBearerToken(String token) { diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java index 7b5851018d..a830cbdfd8 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtIssuerReactiveAuthenticationManagerResolverTests.java @@ -74,12 +74,15 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests { public void resolveWhenUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception { try (MockWebServer server = new MockWebServer()) { String issuer = server.url("").toString(); - server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json") - .setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer))); - server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json") - .setBody(JWK_SET)); - server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json") - .setBody(JWK_SET)); + server.enqueue(new MockResponse().setResponseCode(200) + .setHeader("Content-Type", "application/json") + .setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer))); + server.enqueue(new MockResponse().setResponseCode(200) + .setHeader("Content-Type", "application/json") + .setBody(JWK_SET)); + server.enqueue(new MockResponse().setResponseCode(200) + .setHeader("Content-Type", "application/json") + .setBody(JWK_SET)); JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256), new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer)))); jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY)); @@ -116,7 +119,7 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests { assertThat(authenticationManager).isNotNull(); Authentication token = withBearerToken(jws.serialize()); assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> authenticationManager.authenticate(token).block()); + .isThrownBy(() -> authenticationManager.authenticate(token).block()); Authentication authentication = authenticationManager.authenticate(token).block(); assertThat(authentication.isAuthenticated()).isTrue(); } @@ -126,10 +129,12 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests { public void resolveWhenUsingSameIssuerThenReturnsSameAuthenticationManager() throws Exception { try (MockWebServer server = new MockWebServer()) { String issuer = server.url("").toString(); - server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json") - .setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer))); - server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json") - .setBody(JWK_SET)); + server.enqueue(new MockResponse().setResponseCode(200) + .setHeader("Content-Type", "application/json") + .setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer))); + server.enqueue(new MockResponse().setResponseCode(200) + .setHeader("Content-Type", "application/json") + .setBody(JWK_SET)); TrustedIssuerJwtAuthenticationManagerResolver resolver = new TrustedIssuerJwtAuthenticationManagerResolver( (iss) -> iss.equals(issuer)); ReactiveAuthenticationManager authenticationManager = resolver.resolve(issuer).block(); @@ -170,9 +175,10 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests { JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver( (issuer) -> Mono.justOrEmpty(authenticationManagers.get(issuer))); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> authenticationManagerResolver.resolve(null) - .flatMap((manager) -> manager.authenticate(token)).block()) - .withMessageContaining("Invalid issuer"); + .isThrownBy(() -> authenticationManagerResolver.resolve(null) + .flatMap((manager) -> manager.authenticate(token)) + .block()) + .withMessageContaining("Invalid issuer"); ReactiveAuthenticationManager authenticationManager = mock(ReactiveAuthenticationManager.class); given(authenticationManager.authenticate(token)).willReturn(Mono.empty()); authenticationManagers.put("trusted", authenticationManager); @@ -208,9 +214,10 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests { "trusted"); Authentication token = withBearerToken(this.noIssuer); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> authenticationManagerResolver.resolve(null) - .flatMap((manager) -> manager.authenticate(token)).block()) - .withMessageContaining("Missing issuer"); + .isThrownBy(() -> authenticationManagerResolver.resolve(null) + .flatMap((manager) -> manager.authenticate(token)) + .block()) + .withMessageContaining("Missing issuer"); } @Test @@ -230,9 +237,9 @@ public class JwtIssuerReactiveAuthenticationManagerResolverTests { @Test public void constructorWhenNullOrEmptyIssuersThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new JwtIssuerReactiveAuthenticationManagerResolver((Collection) null)); + .isThrownBy(() -> new JwtIssuerReactiveAuthenticationManagerResolver((Collection) null)); assertThatIllegalArgumentException() - .isThrownBy(() -> new JwtIssuerReactiveAuthenticationManagerResolver(Collections.emptyList())); + .isThrownBy(() -> new JwtIssuerReactiveAuthenticationManagerResolver(Collections.emptyList())); } @Test diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java index 88b5395b1a..826488c8dc 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtReactiveAuthenticationManagerTests.java @@ -91,7 +91,7 @@ public class JwtReactiveAuthenticationManagerTests { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); given(this.jwtDecoder.decode(any())).willReturn(Mono.error(new BadJwtException("Oops"))); assertThatExceptionOfType(OAuth2AuthenticationException.class) - .isThrownBy(() -> this.manager.authenticate(token).block()); + .isThrownBy(() -> this.manager.authenticate(token).block()); } // gh-7549 diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java index e1e75ce041..29b55aa381 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java @@ -54,7 +54,7 @@ public class OpaqueTokenAuthenticationProviderTests { @Test public void authenticateWhenActiveTokenThenOk() throws Exception { OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals - .active((attributes) -> attributes.put("extension_field", "twenty-seven")); + .active((attributes) -> attributes.put("extension_field", "twenty-seven")); OpaqueTokenIntrospector introspector = mock(OpaqueTokenIntrospector.class); given(introspector.introspect(any())).willReturn(principal); OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector); @@ -106,7 +106,7 @@ public class OpaqueTokenAuthenticationProviderTests { given(introspector.introspect(any())).willThrow(new OAuth2IntrospectionException("with \"invalid\" chars")); OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector); assertThatExceptionOfType(AuthenticationServiceException.class) - .isThrownBy(() -> provider.authenticate(new BearerTokenAuthenticationToken("token"))); + .isThrownBy(() -> provider.authenticate(new BearerTokenAuthenticationToken("token"))); } @Test @@ -136,7 +136,7 @@ public class OpaqueTokenAuthenticationProviderTests { OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector); OpaqueTokenAuthenticationConverter authenticationConverter = mock(OpaqueTokenAuthenticationConverter.class); given(authenticationConverter.convert(any(), any(OAuth2AuthenticatedPrincipal.class))) - .willReturn(new TestingAuthenticationToken(principal, null, Collections.emptyList())); + .willReturn(new TestingAuthenticationToken(principal, null, Collections.emptyList())); provider.setAuthenticationConverter(authenticationConverter); Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java index 7800693fb7..0d5c1f20be 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManagerTests.java @@ -55,7 +55,7 @@ public class OpaqueTokenReactiveAuthenticationManagerTests { @Test public void authenticateWhenActiveTokenThenOk() throws Exception { OAuth2AuthenticatedPrincipal authority = TestOAuth2AuthenticatedPrincipals - .active((attributes) -> attributes.put("extension_field", "twenty-seven")); + .active((attributes) -> attributes.put("extension_field", "twenty-seven")); ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class); given(introspector.introspect(any())).willReturn(Mono.just(authority)); OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector); @@ -101,10 +101,10 @@ public class OpaqueTokenReactiveAuthenticationManagerTests { public void authenticateWhenIntrospectionEndpointThrowsExceptionThenInvalidToken() { ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class); given(introspector.introspect(any())) - .willReturn(Mono.error(new OAuth2IntrospectionException("with \"invalid\" chars"))); + .willReturn(Mono.error(new OAuth2IntrospectionException("with \"invalid\" chars"))); OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector); assertThatExceptionOfType(AuthenticationServiceException.class) - .isThrownBy(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")).block()); + .isThrownBy(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")).block()); } @Test @@ -135,7 +135,7 @@ public class OpaqueTokenReactiveAuthenticationManagerTests { ReactiveOpaqueTokenAuthenticationConverter authenticationConverter = mock( ReactiveOpaqueTokenAuthenticationConverter.class); given(authenticationConverter.convert(any(), any(OAuth2AuthenticatedPrincipal.class))) - .willReturn(Mono.just(new TestingAuthenticationToken(principal, null, Collections.emptyList()))); + .willReturn(Mono.just(new TestingAuthenticationToken(principal, null, Collections.emptyList()))); provider.setAuthenticationConverter(authenticationConverter); Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block(); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java index 15a7b6d861..8193d8e4db 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterAdapterTests.java @@ -84,8 +84,10 @@ public class ReactiveJwtAuthenticationConverterAdapterTests { @Test public void convertWhenTokenHasBothScopeAndScpThenScopeAttributeIsTranslatedToAuthorities() { - Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")) - .claim("scope", "missive:read missive:write").build(); + Jwt jwt = TestJwts.jwt() + .claim("scp", Arrays.asList("message:read", "message:write")) + .claim("scope", "missive:read missive:write") + .build(); AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); Collection authorities = authentication.getAuthorities(); // @formatter:off diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java index c4e532fe5a..7e5b7ef59e 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtAuthenticationConverterTests.java @@ -53,15 +53,15 @@ public class ReactiveJwtAuthenticationConverterTests { @Test public void whenSettingNullGrantedAuthoritiesConverter() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(null)) - .withMessage("jwtGrantedAuthoritiesConverter cannot be null"); + .isThrownBy(() -> this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(null)) + .withMessage("jwtGrantedAuthoritiesConverter cannot be null"); } @Test public void convertWithOverriddenGrantedAuthoritiesConverter() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); Converter> grantedAuthoritiesConverter = (token) -> Flux - .just(new SimpleGrantedAuthority("blah")); + .just(new SimpleGrantedAuthority("blah")); this.jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter); AbstractAuthenticationToken authentication = this.jwtAuthenticationConverter.convert(jwt).block(); Collection authorities = authentication.getAuthorities(); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java index a8148bd220..442f5a9121 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/ReactiveJwtGrantedAuthoritiesConverterAdapterTests.java @@ -43,9 +43,12 @@ public class ReactiveJwtGrantedAuthoritiesConverterAdapterTests { public void convertWithGrantedAuthoritiesConverter() { Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build(); Converter> grantedAuthoritiesConverter = (token) -> Arrays - .asList(new SimpleGrantedAuthority("blah")); + .asList(new SimpleGrantedAuthority("blah")); Collection authorities = new ReactiveJwtGrantedAuthoritiesConverterAdapter( - grantedAuthoritiesConverter).convert(jwt).toStream().collect(Collectors.toList()); + grantedAuthoritiesConverter) + .convert(jwt) + .toStream() + .collect(Collectors.toList()); assertThat(authorities).containsExactly(new SimpleGrantedAuthority("blah")); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java index 4120394812..1177c44390 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java @@ -165,7 +165,7 @@ public class NimbusOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(introspectUri, CLIENT_ID, "wrong"); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("token")); + .isThrownBy(() -> introspectionClient.introspect("token")); } } @@ -192,7 +192,7 @@ public class NimbusOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) - .willReturn(response(new JSONObject(introspectedValues).toJSONString())); + .willReturn(response(new JSONObject(introspectedValues).toJSONString())); OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token"); // @formatter:off assertThat(authority.getAttributes()) @@ -211,7 +211,7 @@ public class NimbusOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))) - .willThrow(new IllegalStateException("server was unresponsive")); + .willThrow(new IllegalStateException("server was unresponsive")); // @formatter:off assertThatExceptionOfType(OAuth2IntrospectionException.class) .isThrownBy(() -> introspectionClient.introspect("token")) @@ -226,7 +226,7 @@ public class NimbusOpaqueTokenIntrospectorTests { restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(response("malformed")); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("token")); + .isThrownBy(() -> introspectionClient.introspect("token")); } @Test @@ -236,7 +236,7 @@ public class NimbusOpaqueTokenIntrospectorTests { restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(INVALID); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("token")); + .isThrownBy(() -> introspectionClient.introspect("token")); } @Test @@ -246,7 +246,7 @@ public class NimbusOpaqueTokenIntrospectorTests { restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(MALFORMED_ISSUER); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("token")); + .isThrownBy(() -> introspectionClient.introspect("token")); } // gh-7563 @@ -265,25 +265,25 @@ public class NimbusOpaqueTokenIntrospectorTests { @Test public void constructorWhenIntrospectionUriIsNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new NimbusOpaqueTokenIntrospector(null, CLIENT_ID, CLIENT_SECRET)); + .isThrownBy(() -> new NimbusOpaqueTokenIntrospector(null, CLIENT_ID, CLIENT_SECRET)); } @Test public void constructorWhenClientIdIsNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, null, CLIENT_SECRET)); + .isThrownBy(() -> new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, null, CLIENT_SECRET)); } @Test public void constructorWhenClientSecretIsNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null)); + .isThrownBy(() -> new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null)); } @Test public void constructorWhenRestOperationsIsNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, null)); + .isThrownBy(() -> new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, null)); } @Test @@ -292,7 +292,7 @@ public class NimbusOpaqueTokenIntrospectorTests { NimbusOpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> introspectionClient.setRequestEntityConverter(null)); + .isThrownBy(() -> introspectionClient.setRequestEntityConverter(null)); } @SuppressWarnings("unchecked") @@ -324,7 +324,7 @@ public class NimbusOpaqueTokenIntrospectorTests { assumeThat(stubResponse.getHeaders().getContentType()).isNull(); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("sometokenhere")); + .isThrownBy(() -> introspectionClient.introspect("sometokenhere")); } @ParameterizedTest(name = "{displayName} when Content-Type={0}") @@ -332,14 +332,15 @@ public class NimbusOpaqueTokenIntrospectorTests { MediaType.APPLICATION_XML_VALUE, MediaType.APPLICATION_OCTET_STREAM_VALUE }) public void handleNonJsonContentType(String type) { RestOperations restOperations = mock(RestOperations.class); - ResponseEntity stubResponse = ResponseEntity.ok().contentType(MediaType.parseMediaType(type)) - .body(ACTIVE_RESPONSE); + ResponseEntity stubResponse = ResponseEntity.ok() + .contentType(MediaType.parseMediaType(type)) + .body(ACTIVE_RESPONSE); given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(stubResponse); OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("sometokenhere")); + .isThrownBy(() -> introspectionClient.introspect("sometokenhere")); } private static ResponseEntity response(String content) { diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java index 41f7feeec7..d4ae7111c6 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java @@ -135,7 +135,7 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( introspectUri, CLIENT_ID, "wrong"); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("token").block()); + .isThrownBy(() -> introspectionClient.introspect("token").block()); } } @@ -146,8 +146,8 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); assertThatExceptionOfType(BadOpaqueTokenException.class) - .isThrownBy(() -> introspectionClient.introspect("token").block()) - .withMessage("Provided token isn't active"); + .isThrownBy(() -> introspectionClient.introspect("token").block()) + .withMessage("Provided token isn't active"); } @Test @@ -189,7 +189,7 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("token").block()); + .isThrownBy(() -> introspectionClient.introspect("token").block()); } @Test @@ -209,31 +209,31 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { NimbusReactiveOpaqueTokenIntrospector introspectionClient = new NimbusReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("token").block()); + .isThrownBy(() -> introspectionClient.introspect("token").block()); } @Test public void constructorWhenIntrospectionUriIsEmptyThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new NimbusReactiveOpaqueTokenIntrospector("", CLIENT_ID, CLIENT_SECRET)); + .isThrownBy(() -> new NimbusReactiveOpaqueTokenIntrospector("", CLIENT_ID, CLIENT_SECRET)); } @Test public void constructorWhenClientIdIsEmptyThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, "", CLIENT_SECRET)); + .isThrownBy(() -> new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, "", CLIENT_SECRET)); } @Test public void constructorWhenClientSecretIsNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null)); + .isThrownBy(() -> new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null)); } @Test public void constructorWhenRestOperationsIsNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, null)); + .isThrownBy(() -> new NimbusReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, null)); } @Test @@ -244,7 +244,7 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { INTROSPECTION_URL, client); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("sometokenhere").block()); + .isThrownBy(() -> introspectionClient.introspect("sometokenhere").block()); } @ParameterizedTest(name = "{displayName} when Content-Type={0}") @@ -257,7 +257,7 @@ public class NimbusReactiveOpaqueTokenIntrospectorTests { INTROSPECTION_URL, client); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("sometokenhere").block()); + .isThrownBy(() -> introspectionClient.introspect("sometokenhere").block()); } private WebClient mockResponse(String response) { diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java index 1f13f37f43..d7e342dbc4 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipalTests.java @@ -109,15 +109,15 @@ public class OAuth2IntrospectionAuthenticatedPrincipalTests { @Test public void constructorWhenAttributesIsNullOrEmptyThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2IntrospectionAuthenticatedPrincipal(null, AUTHORITIES)); + .isThrownBy(() -> new OAuth2IntrospectionAuthenticatedPrincipal(null, AUTHORITIES)); assertThatIllegalArgumentException() - .isThrownBy(() -> new OAuth2IntrospectionAuthenticatedPrincipal(Collections.emptyMap(), AUTHORITIES)); + .isThrownBy(() -> new OAuth2IntrospectionAuthenticatedPrincipal(Collections.emptyMap(), AUTHORITIES)); } @Test public void constructorWhenAuthoritiesIsNullOrEmptyThenNoAuthorities() { Collection authorities = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, null) - .getAuthorities(); + .getAuthorities(); assertThat(authorities).isEmpty(); authorities = new OAuth2IntrospectionAuthenticatedPrincipal(CLAIMS, Collections.emptyList()).getAuthorities(); assertThat(authorities).isEmpty(); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospectorTests.java index f82cfb327f..f46dbd1edb 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospectorTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospectorTests.java @@ -157,7 +157,7 @@ public class SpringOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new SpringOpaqueTokenIntrospector(introspectUri, CLIENT_ID, "wrong"); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("token")); + .isThrownBy(() -> introspectionClient.introspect("token")); } } @@ -184,7 +184,7 @@ public class SpringOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new SpringOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(STRING_OBJECT_MAP))) - .willReturn(response(introspectedValues)); + .willReturn(response(introspectedValues)); OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token"); // @formatter:off assertThat(authority.getAttributes()) @@ -203,7 +203,7 @@ public class SpringOpaqueTokenIntrospectorTests { OpaqueTokenIntrospector introspectionClient = new SpringOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(STRING_OBJECT_MAP))) - .willThrow(new IllegalStateException("server was unresponsive")); + .willThrow(new IllegalStateException("server was unresponsive")); // @formatter:off assertThatExceptionOfType(OAuth2IntrospectionException.class) .isThrownBy(() -> introspectionClient.introspect("token")) @@ -218,7 +218,7 @@ public class SpringOpaqueTokenIntrospectorTests { restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(STRING_OBJECT_MAP))).willReturn(response("{}")); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("token")); + .isThrownBy(() -> introspectionClient.introspect("token")); } @Test @@ -228,7 +228,7 @@ public class SpringOpaqueTokenIntrospectorTests { restOperations); given(restOperations.exchange(any(RequestEntity.class), eq(STRING_OBJECT_MAP))).willReturn(INVALID); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("token")); + .isThrownBy(() -> introspectionClient.introspect("token")); } // gh-7563 @@ -247,25 +247,25 @@ public class SpringOpaqueTokenIntrospectorTests { @Test public void constructorWhenIntrospectionUriIsNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new SpringOpaqueTokenIntrospector(null, CLIENT_ID, CLIENT_SECRET)); + .isThrownBy(() -> new SpringOpaqueTokenIntrospector(null, CLIENT_ID, CLIENT_SECRET)); } @Test public void constructorWhenClientIdIsNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new SpringOpaqueTokenIntrospector(INTROSPECTION_URL, null, CLIENT_SECRET)); + .isThrownBy(() -> new SpringOpaqueTokenIntrospector(INTROSPECTION_URL, null, CLIENT_SECRET)); } @Test public void constructorWhenClientSecretIsNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new SpringOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null)); + .isThrownBy(() -> new SpringOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null)); } @Test public void constructorWhenRestOperationsIsNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new SpringOpaqueTokenIntrospector(INTROSPECTION_URL, null)); + .isThrownBy(() -> new SpringOpaqueTokenIntrospector(INTROSPECTION_URL, null)); } @Test @@ -274,7 +274,7 @@ public class SpringOpaqueTokenIntrospectorTests { SpringOpaqueTokenIntrospector introspectionClient = new SpringOpaqueTokenIntrospector(INTROSPECTION_URL, restOperations); assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> introspectionClient.setRequestEntityConverter(null)); + .isThrownBy(() -> introspectionClient.setRequestEntityConverter(null)); } @SuppressWarnings("unchecked") diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringReactiveOpaqueTokenIntrospectorTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringReactiveOpaqueTokenIntrospectorTests.java index 6de5470b40..974565affd 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringReactiveOpaqueTokenIntrospectorTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/SpringReactiveOpaqueTokenIntrospectorTests.java @@ -133,7 +133,7 @@ public class SpringReactiveOpaqueTokenIntrospectorTests { SpringReactiveOpaqueTokenIntrospector introspectionClient = new SpringReactiveOpaqueTokenIntrospector( introspectUri, CLIENT_ID, "wrong"); assertThatExceptionOfType(OAuth2IntrospectionException.class) - .isThrownBy(() -> introspectionClient.introspect("token").block()); + .isThrownBy(() -> introspectionClient.introspect("token").block()); } } @@ -144,8 +144,8 @@ public class SpringReactiveOpaqueTokenIntrospectorTests { SpringReactiveOpaqueTokenIntrospector introspectionClient = new SpringReactiveOpaqueTokenIntrospector( INTROSPECTION_URL, webClient); assertThatExceptionOfType(BadOpaqueTokenException.class) - .isThrownBy(() -> introspectionClient.introspect("token").block()) - .withMessage("Provided token isn't active"); + .isThrownBy(() -> introspectionClient.introspect("token").block()) + .withMessage("Provided token isn't active"); } @Test @@ -196,25 +196,25 @@ public class SpringReactiveOpaqueTokenIntrospectorTests { @Test public void constructorWhenIntrospectionUriIsEmptyThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new SpringReactiveOpaqueTokenIntrospector("", CLIENT_ID, CLIENT_SECRET)); + .isThrownBy(() -> new SpringReactiveOpaqueTokenIntrospector("", CLIENT_ID, CLIENT_SECRET)); } @Test public void constructorWhenClientIdIsEmptyThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new SpringReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, "", CLIENT_SECRET)); + .isThrownBy(() -> new SpringReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, "", CLIENT_SECRET)); } @Test public void constructorWhenClientSecretIsNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new SpringReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null)); + .isThrownBy(() -> new SpringReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, CLIENT_ID, null)); } @Test public void constructorWhenRestOperationsIsNullThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new SpringReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, null)); + .isThrownBy(() -> new SpringReactiveOpaqueTokenIntrospector(INTROSPECTION_URL, null)); } private WebClient mockResponse(String response) { diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java index 66f07bc23f..c984d3df9b 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/BearerTokenAuthenticationEntryPointTests.java @@ -83,7 +83,7 @@ public class BearerTokenAuthenticationEntryPointTests { this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); assertThat(response.getStatus()).isEqualTo(400); assertThat(response.getHeader("WWW-Authenticate")) - .isEqualTo("Bearer error=\"invalid_request\", error_description=\"The access token expired\""); + .isEqualTo("Bearer error=\"invalid_request\", error_description=\"The access token expired\""); } @Test @@ -95,7 +95,7 @@ public class BearerTokenAuthenticationEntryPointTests { this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); assertThat(response.getStatus()).isEqualTo(400); assertThat(response.getHeader("WWW-Authenticate")) - .isEqualTo("Bearer error=\"invalid_request\", error_uri=\"https://example.com\""); + .isEqualTo("Bearer error=\"invalid_request\", error_uri=\"https://example.com\""); } @Test @@ -129,7 +129,7 @@ public class BearerTokenAuthenticationEntryPointTests { this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")) - .isEqualTo("Bearer error=\"insufficient_scope\", scope=\"test.read test.write\""); + .isEqualTo("Bearer error=\"insufficient_scope\", scope=\"test.read test.write\""); } @Test @@ -142,9 +142,9 @@ public class BearerTokenAuthenticationEntryPointTests { this.authenticationEntryPoint.setRealmName("test"); this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error)); assertThat(response.getStatus()).isEqualTo(403); - assertThat(response.getHeader("WWW-Authenticate")).isEqualTo( - "Bearer realm=\"test\", error=\"insufficient_scope\", error_description=\"Insufficient scope\", " - + "error_uri=\"https://example.com\", scope=\"test.read test.write\""); + assertThat(response.getHeader("WWW-Authenticate")) + .isEqualTo("Bearer realm=\"test\", error=\"insufficient_scope\", error_description=\"Insufficient scope\", " + + "error_uri=\"https://example.com\", scope=\"test.read test.write\""); } @Test diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java index 9132ab2bd6..f1a672aca3 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolverTests.java @@ -94,7 +94,7 @@ public class DefaultBearerTokenResolverTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer "); assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.resolver.resolve(request)) - .withMessageContaining(("Bearer token is malformed")); + .withMessageContaining(("Bearer token is malformed")); } @Test @@ -102,7 +102,7 @@ public class DefaultBearerTokenResolverTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer an\"invalid\"token"); assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.resolver.resolve(request)) - .withMessageContaining(("Bearer token is malformed")); + .withMessageContaining(("Bearer token is malformed")); } @Test @@ -113,7 +113,7 @@ public class DefaultBearerTokenResolverTests { request.setContentType("application/x-www-form-urlencoded"); request.addParameter("access_token", TEST_TOKEN); assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.resolver.resolve(request)) - .withMessageContaining("Found multiple bearer tokens in the request"); + .withMessageContaining("Found multiple bearer tokens in the request"); } @Test @@ -123,7 +123,7 @@ public class DefaultBearerTokenResolverTests { request.setMethod("GET"); request.addParameter("access_token", TEST_TOKEN); assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.resolver.resolve(request)) - .withMessageContaining("Found multiple bearer tokens in the request"); + .withMessageContaining("Found multiple bearer tokens in the request"); } // gh-10326 @@ -133,7 +133,7 @@ public class DefaultBearerTokenResolverTests { request.setMethod("GET"); request.addParameter("access_token", "token1", "token2"); assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.resolver.resolve(request)) - .withMessageContaining("Found multiple bearer tokens in the request"); + .withMessageContaining("Found multiple bearer tokens in the request"); } // gh-10326 @@ -144,7 +144,7 @@ public class DefaultBearerTokenResolverTests { request.setContentType("application/x-www-form-urlencoded"); request.addParameter("access_token", "token1", "token2"); assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.resolver.resolve(request)) - .withMessageContaining("Found multiple bearer tokens in the request"); + .withMessageContaining("Found multiple bearer tokens in the request"); } // gh-10326 diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java index 8c71163e30..24ec168745 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/access/server/BearerTokenServerAccessDeniedHandlerTests.java @@ -66,7 +66,7 @@ public class BearerTokenServerAccessDeniedHandlerTests { this.accessDeniedHandler.handle(exchange, null).block(); assertThat(exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); assertThat(exchange.getResponse().getHeaders().get("WWW-Authenticate")) - .isEqualTo(Arrays.asList("Bearer realm=\"test\"")); + .isEqualTo(Arrays.asList("Bearer realm=\"test\"")); } @Test diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilterTests.java index f52c55fa07..97cbebffa4 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilterTests.java @@ -107,7 +107,7 @@ public class BearerTokenAuthenticationFilterTests { new BearerTokenAuthenticationFilter(this.authenticationManager)); filter.doFilter(this.request, this.response, this.filterChain); ArgumentCaptor captor = ArgumentCaptor - .forClass(BearerTokenAuthenticationToken.class); + .forClass(BearerTokenAuthenticationToken.class); verify(this.authenticationManager).authenticate(captor.capture()); assertThat(captor.getValue().getPrincipal()).isEqualTo("token"); } @@ -124,7 +124,7 @@ public class BearerTokenAuthenticationFilterTests { filter.setSecurityContextRepository(securityContextRepository); filter.doFilter(this.request, this.response, this.filterChain); ArgumentCaptor captor = ArgumentCaptor - .forClass(BearerTokenAuthenticationToken.class); + .forClass(BearerTokenAuthenticationToken.class); verify(this.authenticationManager).authenticate(captor.capture()); assertThat(captor.getValue().getPrincipal()).isEqualTo(token); ArgumentCaptor contextArg = ArgumentCaptor.forClass(SecurityContext.class); @@ -140,7 +140,7 @@ public class BearerTokenAuthenticationFilterTests { given(this.authenticationManagerResolver.resolve(any())).willReturn(this.authenticationManager); filter.doFilter(this.request, this.response, this.filterChain); ArgumentCaptor captor = ArgumentCaptor - .forClass(BearerTokenAuthenticationToken.class); + .forClass(BearerTokenAuthenticationToken.class); verify(this.authenticationManager).authenticate(captor.capture()); assertThat(captor.getValue().getPrincipal()).isEqualTo("token"); } @@ -198,7 +198,7 @@ public class BearerTokenAuthenticationFilterTests { BearerTokenAuthenticationFilter filter = addMocks( new BearerTokenAuthenticationFilter(this.authenticationManager)); assertThatExceptionOfType(AuthenticationServiceException.class) - .isThrownBy(() -> filter.doFilter(this.request, this.response, this.filterChain)); + .isThrownBy(() -> filter.doFilter(this.request, this.response, this.filterChain)); } @Test diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java index d389ecd637..c9ed02f58e 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunctionTests.java @@ -69,9 +69,10 @@ public class ServerBearerExchangeFilterFunctionTests { public void filterWhenAuthenticatedThenAuthorizationHeaderNull() throws Exception { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); this.function.filter(request, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block(); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)) + .block(); assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Bearer " + this.accessToken.getTokenValue()); + .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } // gh-7353 @@ -80,16 +81,19 @@ public class ServerBearerExchangeFilterFunctionTests { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); TestingAuthenticationToken token = new TestingAuthenticationToken("user", "pass"); this.function.filter(request, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(token)).block(); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(token)) + .block(); assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)).isNull(); } @Test public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .header(HttpHeaders.AUTHORIZATION, "Existing").build(); + .header(HttpHeaders.AUTHORIZATION, "Existing") + .build(); this.function.filter(request, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)).block(); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)) + .block(); HttpHeaders headers = this.exchange.getRequest().headers(); assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue()); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java index 037a76d096..7e2afc371e 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunctionTests.java @@ -83,13 +83,14 @@ public class ServletBearerExchangeFilterFunctionTests { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).build(); this.function.filter(request, this.exchange).subscriberContext(context(this.authentication)).block(); assertThat(this.exchange.getRequest().headers().getFirst(HttpHeaders.AUTHORIZATION)) - .isEqualTo("Bearer " + this.accessToken.getTokenValue()); + .isEqualTo("Bearer " + this.accessToken.getTokenValue()); } @Test public void filterWhenExistingAuthorizationThenSingleAuthorizationHeader() { ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")) - .header(HttpHeaders.AUTHORIZATION, "Existing").build(); + .header(HttpHeaders.AUTHORIZATION, "Existing") + .build(); this.function.filter(request, this.exchange).subscriberContext(context(this.authentication)).block(); HttpHeaders headers = this.exchange.getRequest().headers(); assertThat(headers.get(HttpHeaders.AUTHORIZATION)).containsOnly("Bearer " + this.accessToken.getTokenValue()); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java index 9bff9e7f7b..c8df65119c 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java @@ -53,7 +53,7 @@ public class BearerTokenServerAuthenticationEntryPointTests { this.entryPoint.setRealmName("Realm"); this.entryPoint.commence(this.exchange, new BadCredentialsException("")).block(); assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)) - .isEqualTo("Bearer realm=\"Realm\""); + .isEqualTo("Bearer realm=\"Realm\""); assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); } @@ -63,7 +63,7 @@ public class BearerTokenServerAuthenticationEntryPointTests { OAuth2AuthenticationException exception = new OAuth2AuthenticationException(oauthError); this.entryPoint.commence(this.exchange, exception).block(); assertThat(getResponse().getHeaders().getFirst(HttpHeaders.WWW_AUTHENTICATE)) - .isEqualTo("Bearer error=\"invalid_request\""); + .isEqualTo("Bearer error=\"invalid_request\""); assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/authentication/ServerBearerTokenAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/authentication/ServerBearerTokenAuthenticationConverterTests.java index c4193253ed..6d9c7a5b98 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/authentication/ServerBearerTokenAuthenticationConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/authentication/ServerBearerTokenAuthenticationConverterTests.java @@ -83,8 +83,8 @@ public class ServerBearerTokenAuthenticationConverterTests { // gh-7011 @Test public void resolveWhenValidHeaderIsEmptyStringThenTokenIsResolved() { - MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").header(HttpHeaders.AUTHORIZATION, - "Bearer "); + MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/") + .header(HttpHeaders.AUTHORIZATION, "Bearer "); // @formatter:off assertThatExceptionOfType(OAuth2AuthenticationException.class) .isThrownBy(() -> convertToToken(request)) @@ -205,15 +205,15 @@ public class ServerBearerTokenAuthenticationConverterTests { @Test void resolveWhenQueryParameterHasMultipleAccessTokensThenOAuth2AuthenticationException() { - MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/").queryParam("access_token", - TEST_TOKEN, TEST_TOKEN); + MockServerHttpRequest.BaseBuilder request = MockServerHttpRequest.get("/") + .queryParam("access_token", TEST_TOKEN, TEST_TOKEN); assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> convertToToken(request)) - .satisfies((ex) -> { - BearerTokenError error = (BearerTokenError) ex.getError(); - assertThat(error.getErrorCode()).isEqualTo(BearerTokenErrorCodes.INVALID_REQUEST); - assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1"); - assertThat(error.getHttpStatus()).isEqualTo(HttpStatus.BAD_REQUEST); - }); + .satisfies((ex) -> { + BearerTokenError error = (BearerTokenError) ex.getError(); + assertThat(error.getErrorCode()).isEqualTo(BearerTokenErrorCodes.INVALID_REQUEST); + assertThat(error.getUri()).isEqualTo("https://tools.ietf.org/html/rfc6750#section-3.1"); + assertThat(error.getHttpStatus()).isEqualTo(HttpStatus.BAD_REQUEST); + }); } diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java index 1316b6bf87..7072877c7e 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java @@ -132,7 +132,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer { "DiscoveryInformation is not available. Possible causes are lost session or replay attack"); } List attributesToFetch = (List) request.getSession() - .getAttribute(ATTRIBUTE_LIST_KEY); + .getAttribute(ATTRIBUTE_LIST_KEY); request.getSession().removeAttribute(DISCOVERY_INFO_KEY); request.getSession().removeAttribute(ATTRIBUTE_LIST_KEY); // extract the receiving URL from the HTTP request diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java index c0c3cffbb8..270ecb546d 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java @@ -165,7 +165,8 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing URL url = new URL(returnToUrl); int port = url.getPort(); StringBuilder realmBuffer = new StringBuilder(returnToUrl.length()).append(url.getProtocol()) - .append("://").append(url.getHost()); + .append("://") + .append(url.getHost()); if (port > 0) { realmBuffer.append(":").append(port); } diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java index e7c4450ed2..af6776f75e 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java @@ -18,6 +18,7 @@ package org.springframework.security.openid; /** * Authentication status codes, based on JanRain status codes + * * @author JanRain Inc. * @author Robin Bramley, Opsera Ltd * @author Luke Taylor diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java index 632316954f..c5be4346e6 100644 --- a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java +++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java @@ -68,7 +68,7 @@ public class OpenID4JavaConsumerTests { MockHttpServletRequest request = new MockHttpServletRequest(); consumer.beginConsumption(request, "", "", ""); assertThat(request.getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST")) - .isEqualTo(this.attributes); + .isEqualTo(this.attributes); assertThat(request.getSession().getAttribute(DiscoveryInformation.class.getName())).isEqualTo(di); // Check with empty attribute fetch list consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory()); @@ -82,7 +82,7 @@ public class OpenID4JavaConsumerTests { OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory()); given(mgr.discover(any())).willThrow(new DiscoveryException("msg")); assertThatExceptionOfType(OpenIDConsumerException.class) - .isThrownBy(() -> consumer.beginConsumption(new MockHttpServletRequest(), "", "", "")); + .isThrownBy(() -> consumer.beginConsumption(new MockHttpServletRequest(), "", "", "")); } @Test @@ -90,11 +90,11 @@ public class OpenID4JavaConsumerTests { ConsumerManager mgr = mock(ConsumerManager.class); OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory()); given(mgr.authenticate(ArgumentMatchers.any(), any(), any())) - .willThrow(new MessageException("msg"), new ConsumerException("msg")); + .willThrow(new MessageException("msg"), new ConsumerException("msg")); assertThatExceptionOfType(OpenIDConsumerException.class) - .isThrownBy(() -> consumer.beginConsumption(new MockHttpServletRequest(), "", "", "")); + .isThrownBy(() -> consumer.beginConsumption(new MockHttpServletRequest(), "", "", "")); assertThatExceptionOfType(OpenIDConsumerException.class) - .isThrownBy(() -> consumer.beginConsumption(new MockHttpServletRequest(), "", "", "")); + .isThrownBy(() -> consumer.beginConsumption(new MockHttpServletRequest(), "", "", "")); } @Test @@ -115,7 +115,7 @@ public class OpenID4JavaConsumerTests { ConsumerManager mgr = mock(ConsumerManager.class); OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory()); given(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))) - .willThrow(new MessageException(""), new AssociationException(""), new DiscoveryException("")); + .willThrow(new MessageException(""), new AssociationException(""), new DiscoveryException("")); MockHttpServletRequest request = new MockHttpServletRequest(); request.setQueryString("x=5"); assertThatExceptionOfType(OpenIDConsumerException.class).isThrownBy(() -> consumer.endConsumption(request)); @@ -164,14 +164,14 @@ public class OpenID4JavaConsumerTests { given(msg.getExtension(AxMessage.OPENID_NS_AX)).willThrow(new MessageException("")); given(fr.getAttributeValues("a")).willReturn(Arrays.asList("x", "y")); assertThatExceptionOfType(OpenIDConsumerException.class) - .isThrownBy(() -> consumer.fetchAxAttributes(msg, this.attributes)); + .isThrownBy(() -> consumer.fetchAxAttributes(msg, this.attributes)); } @Test public void missingDiscoveryInformationThrowsException() throws Exception { OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(new NullAxFetchListFactory()); assertThatExceptionOfType(OpenIDConsumerException.class) - .isThrownBy(() -> consumer.endConsumption(new MockHttpServletRequest())); + .isThrownBy(() -> consumer.endConsumption(new MockHttpServletRequest())); } @Test diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java index 8a90e41597..5b8a8a6364 100644 --- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java +++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java @@ -62,7 +62,8 @@ public class OpenIDAuthenticationProviderTests { null); assertThat(preAuth.isAuthenticated()).isFalse(); assertThatExceptionOfType(AuthenticationCancelledException.class) - .isThrownBy(() -> provider.authenticate(preAuth)).withMessage("Log in cancelled"); + .isThrownBy(() -> provider.authenticate(preAuth)) + .withMessage("Log in cancelled"); } /* @@ -77,7 +78,7 @@ public class OpenIDAuthenticationProviderTests { Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.ERROR, USERNAME, "", null); assertThat(preAuth.isAuthenticated()).isFalse(); assertThatExceptionOfType(AuthenticationServiceException.class).isThrownBy(() -> provider.authenticate(preAuth)) - .withMessage("Error message from server: "); + .withMessage("Error message from server: "); } /* @@ -88,12 +89,12 @@ public class OpenIDAuthenticationProviderTests { @Test public void testAuthenticateFailure() { OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); - provider.setAuthenticationUserDetailsService( - new UserDetailsByNameServiceWrapper<>(new MockUserDetailsService())); + provider + .setAuthenticationUserDetailsService(new UserDetailsByNameServiceWrapper<>(new MockUserDetailsService())); Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, USERNAME, "", null); assertThat(preAuth.isAuthenticated()).isFalse(); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> provider.authenticate(preAuth)) - .withMessage("Log in failed - identity could not be verified"); + .withMessage("Log in failed - identity could not be verified"); } /* @@ -109,7 +110,7 @@ public class OpenIDAuthenticationProviderTests { null); assertThat(preAuth.isAuthenticated()).isFalse(); assertThatExceptionOfType(AuthenticationServiceException.class).isThrownBy(() -> provider.authenticate(preAuth)) - .withMessage("The server responded setup was needed, which shouldn't happen"); + .withMessage("The server responded setup was needed, which shouldn't happen"); } /* diff --git a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java index 3056c87f77..467fe100bb 100644 --- a/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java +++ b/remoting/src/test/java/org/springframework/security/remoting/dns/JndiDnsResolverTests.java @@ -64,9 +64,9 @@ public class JndiDnsResolverTests { @Test public void testResolveIpAddressNotExisting() throws Exception { given(this.context.getAttributes(any(String.class), any(String[].class))) - .willThrow(new NameNotFoundException("not found")); + .willThrow(new NameNotFoundException("not found")); assertThatExceptionOfType(DnsEntryNotFoundException.class) - .isThrownBy(() -> this.dnsResolver.resolveIpAddress("notexisting.ansdansdugiuzgguzgioansdiandwq.foo")); + .isThrownBy(() -> this.dnsResolver.resolveIpAddress("notexisting.ansdansdugiuzgguzgioansdiandwq.foo")); } @Test @@ -80,9 +80,9 @@ public class JndiDnsResolverTests { @Test public void testResolveServiceEntryNotExisting() throws Exception { given(this.context.getAttributes(any(String.class), any(String[].class))) - .willThrow(new NameNotFoundException("not found")); + .willThrow(new NameNotFoundException("not found")); assertThatExceptionOfType(DnsEntryNotFoundException.class) - .isThrownBy(() -> this.dnsResolver.resolveServiceEntry("wrong", "secpod.de")); + .isThrownBy(() -> this.dnsResolver.resolveServiceEntry("wrong", "secpod.de")); } @Test @@ -108,7 +108,7 @@ public class JndiDnsResolverTests { @Test public void testUnknowError() throws Exception { given(this.context.getAttributes(any(String.class), any(String[].class))) - .willThrow(new NamingException("error")); + .willThrow(new NamingException("error")); assertThatExceptionOfType(DnsLookupException.class).isThrownBy(() -> this.dnsResolver.resolveIpAddress("")); } diff --git a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java index facd4cea0f..03b0c86f33 100644 --- a/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java +++ b/remoting/src/test/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocationTests.java @@ -62,9 +62,10 @@ public class ContextPropagatingRemoteInvocationTests { // Set up the wrong arguments. remoteInvocation.setArguments(new Object[] {}); assertThatIllegalArgumentException() - .isThrownBy(() -> remoteInvocation.invoke(TargetObject.class.newInstance())); + .isThrownBy(() -> remoteInvocation.invoke(TargetObject.class.newInstance())); assertThat(SecurityContextHolder.getContext().getAuthentication()) - .withFailMessage("Authentication must be null").isNull(); + .withFailMessage("Authentication must be null") + .isNull(); } @Test diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java index ae1b9e2846..4bbb96cc41 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptor.java @@ -85,8 +85,8 @@ public class AnonymousPayloadInterceptor implements PayloadInterceptor, Ordered AnonymousAuthenticationToken authentication = new AnonymousAuthenticationToken(this.key, this.principal, this.authorities); return chain.next(exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) - .then(Mono.empty()); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)) + .then(Mono.empty()); })).flatMap((securityContext) -> chain.next(exchange)); } diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java index e4a9ccc8b3..777636cbe2 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadExchangeConverter.java @@ -51,19 +51,19 @@ import org.springframework.util.MimeTypeUtils; public class AuthenticationPayloadExchangeConverter implements PayloadExchangeAuthenticationConverter { private static final MimeType COMPOSITE_METADATA_MIME_TYPE = MimeTypeUtils - .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); + .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); private static final MimeType AUTHENTICATION_MIME_TYPE = MimeTypeUtils - .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString()); + .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString()); private final MetadataExtractor metadataExtractor = createDefaultExtractor(); @Override public Mono convert(PayloadExchange exchange) { return Mono - .fromCallable(() -> this.metadataExtractor.extract(exchange.getPayload(), - AuthenticationPayloadExchangeConverter.COMPOSITE_METADATA_MIME_TYPE)) - .flatMap((metadata) -> Mono.justOrEmpty(authentication(metadata))); + .fromCallable(() -> this.metadataExtractor.extract(exchange.getPayload(), + AuthenticationPayloadExchangeConverter.COMPOSITE_METADATA_MIME_TYPE)) + .flatMap((metadata) -> Mono.justOrEmpty(authentication(metadata))); } private Authentication authentication(Map metadata) { diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java index 0a0aa58777..40a2f2a585 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptor.java @@ -72,9 +72,10 @@ public class AuthenticationPayloadInterceptor implements PayloadInterceptor, Ord @Override public Mono intercept(PayloadExchange exchange, PayloadInterceptorChain chain) { - return this.authenticationConverter.convert(exchange).switchIfEmpty(chain.next(exchange).then(Mono.empty())) - .flatMap((a) -> this.authenticationManager.authenticate(a)) - .flatMap((a) -> onAuthenticationSuccess(chain.next(exchange), a)); + return this.authenticationConverter.convert(exchange) + .switchIfEmpty(chain.next(exchange).then(Mono.empty())) + .flatMap((a) -> this.authenticationManager.authenticate(a)) + .flatMap((a) -> onAuthenticationSuccess(chain.next(exchange), a)); } private Mono onAuthenticationSuccess(Mono payload, Authentication authentication) { diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java index 0d3a9cc76d..bab31bd630 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java @@ -40,17 +40,18 @@ import org.springframework.util.MimeTypeUtils; public class BasicAuthenticationPayloadExchangeConverter implements PayloadExchangeAuthenticationConverter { private MimeType metadataMimetype = MimeTypeUtils - .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); + .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); private MetadataExtractor metadataExtractor = createDefaultExtractor(); @Override public Mono convert(PayloadExchange exchange) { return Mono.fromCallable(() -> this.metadataExtractor.extract(exchange.getPayload(), this.metadataMimetype)) - .flatMap((metadata) -> Mono - .justOrEmpty(metadata.get(UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE.toString()))) - .cast(UsernamePasswordMetadata.class).map((credentials) -> UsernamePasswordAuthenticationToken - .unauthenticated(credentials.getUsername(), credentials.getPassword())); + .flatMap((metadata) -> Mono + .justOrEmpty(metadata.get(UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE.toString()))) + .cast(UsernamePasswordMetadata.class) + .map((credentials) -> UsernamePasswordAuthenticationToken.unauthenticated(credentials.getUsername(), + credentials.getPassword())); } private static MetadataExtractor createDefaultExtractor() { diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java index 05b030afb7..09040041b2 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptor.java @@ -56,12 +56,13 @@ public class AuthorizationPayloadInterceptor implements PayloadInterceptor, Orde @Override public Mono intercept(PayloadExchange exchange, PayloadInterceptorChain chain) { - return ReactiveSecurityContextHolder.getContext().filter((c) -> c.getAuthentication() != null) - .map(SecurityContext::getAuthentication) - .switchIfEmpty(Mono.error(() -> new AuthenticationCredentialsNotFoundException( - "An Authentication (possibly AnonymousAuthenticationToken) is required."))) - .as((authentication) -> this.authorizationManager.verify(authentication, exchange)) - .then(chain.next(exchange)); + return ReactiveSecurityContextHolder.getContext() + .filter((c) -> c.getAuthentication() != null) + .map(SecurityContext::getAuthentication) + .switchIfEmpty(Mono.error(() -> new AuthenticationCredentialsNotFoundException( + "An Authentication (possibly AnonymousAuthenticationToken) is required."))) + .as((authentication) -> this.authorizationManager.verify(authentication, exchange)) + .then(chain.next(exchange)); } } diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java index 295d460b2f..4f13b9fbfa 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java @@ -53,11 +53,14 @@ public final class PayloadExchangeMatcherReactiveAuthorizationManager @Override public Mono check(Mono authentication, PayloadExchange exchange) { return Flux.fromIterable(this.mappings) - .concatMap((mapping) -> mapping.getMatcher().matches(exchange) - .filter(PayloadExchangeMatcher.MatchResult::isMatch).map(MatchResult::getVariables) - .flatMap((variables) -> mapping.getEntry().check(authentication, - new PayloadExchangeAuthorizationContext(exchange, variables)))) - .next().switchIfEmpty(Mono.fromCallable(() -> new AuthorizationDecision(false))); + .concatMap((mapping) -> mapping.getMatcher() + .matches(exchange) + .filter(PayloadExchangeMatcher.MatchResult::isMatch) + .map(MatchResult::getVariables) + .flatMap((variables) -> mapping.getEntry() + .check(authentication, new PayloadExchangeAuthorizationContext(exchange, variables)))) + .next() + .switchIfEmpty(Mono.fromCallable(() -> new AuthorizationDecision(false))); } public static PayloadExchangeMatcherReactiveAuthorizationManager.Builder builder() { diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java index b2ce678c09..44491b2662 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocket.java @@ -72,29 +72,30 @@ class PayloadInterceptorRSocket extends RSocketProxy { @Override public Mono fireAndForget(Payload payload) { return intercept(PayloadExchangeType.FIRE_AND_FORGET, payload) - .flatMap((context) -> this.source.fireAndForget(payload).subscriberContext(context)); + .flatMap((context) -> this.source.fireAndForget(payload).subscriberContext(context)); } @Override public Mono requestResponse(Payload payload) { return intercept(PayloadExchangeType.REQUEST_RESPONSE, payload) - .flatMap((context) -> this.source.requestResponse(payload).subscriberContext(context)); + .flatMap((context) -> this.source.requestResponse(payload).subscriberContext(context)); } @Override public Flux requestStream(Payload payload) { return intercept(PayloadExchangeType.REQUEST_STREAM, payload) - .flatMapMany((context) -> this.source.requestStream(payload).subscriberContext(context)); + .flatMapMany((context) -> this.source.requestStream(payload).subscriberContext(context)); } @Override public Flux requestChannel(Publisher payloads) { return Flux.from(payloads).switchOnFirst((signal, innerFlux) -> { Payload firstPayload = signal.get(); - return intercept(PayloadExchangeType.REQUEST_CHANNEL, firstPayload).flatMapMany( - (context) -> innerFlux.index().concatMap((tuple) -> justOrIntercept(tuple.getT1(), tuple.getT2())) - .transform((securedPayloads) -> this.source.requestChannel(securedPayloads)) - .subscriberContext(context)); + return intercept(PayloadExchangeType.REQUEST_CHANNEL, firstPayload) + .flatMapMany((context) -> innerFlux.index() + .concatMap((tuple) -> justOrIntercept(tuple.getT1(), tuple.getT2())) + .transform((securedPayloads) -> this.source.requestChannel(securedPayloads)) + .subscriberContext(context)); }); } @@ -105,7 +106,7 @@ class PayloadInterceptorRSocket extends RSocketProxy { @Override public Mono metadataPush(Payload payload) { return intercept(PayloadExchangeType.METADATA_PUSH, payload) - .flatMap((c) -> this.source.metadataPush(payload).subscriberContext(c)); + .flatMap((c) -> this.source.metadataPush(payload).subscriberContext(c)); } private Mono intercept(PayloadExchangeType type, Payload payload) { @@ -113,8 +114,10 @@ class PayloadInterceptorRSocket extends RSocketProxy { ContextPayloadInterceptorChain chain = new ContextPayloadInterceptorChain(this.interceptors); DefaultPayloadExchange exchange = new DefaultPayloadExchange(type, payload, this.metadataMimeType, this.dataMimeType); - return chain.next(exchange).then(Mono.fromCallable(() -> chain.getContext())) - .defaultIfEmpty(Context.empty()).subscriberContext(this.context); + return chain.next(exchange) + .then(Mono.fromCallable(() -> chain.getContext())) + .defaultIfEmpty(Context.empty()) + .subscriberContext(this.context); }); } diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java index ebd0ed7d5c..5183db6491 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptor.java @@ -48,7 +48,7 @@ class PayloadSocketAcceptor implements SocketAcceptor { private MimeType defaultDataMimeType; private MimeType defaultMetadataMimeType = MimeTypeUtils - .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); + .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); PayloadSocketAcceptor(SocketAcceptor delegate, List interceptors) { Assert.notNull(delegate, "delegate cannot be null"); @@ -70,11 +70,10 @@ class PayloadSocketAcceptor implements SocketAcceptor { Assert.notNull(metadataMimeType, "No `metadataMimeType` in ConnectionSetupPayload and no default value"); // FIXME do we want to make the sendingSocket available in the PayloadExchange return intercept(setup, dataMimeType, metadataMimeType) - .flatMap( - (ctx) -> this.delegate.accept(setup, sendingSocket) - .map((acceptingSocket) -> new PayloadInterceptorRSocket(acceptingSocket, - this.interceptors, metadataMimeType, dataMimeType, ctx)) - .subscriberContext(ctx)); + .flatMap((ctx) -> this.delegate.accept(setup, sendingSocket) + .map((acceptingSocket) -> new PayloadInterceptorRSocket(acceptingSocket, this.interceptors, + metadataMimeType, dataMimeType, ctx)) + .subscriberContext(ctx)); } private Mono intercept(Payload payload, MimeType dataMimeType, MimeType metadataMimeType) { @@ -82,8 +81,9 @@ class PayloadSocketAcceptor implements SocketAcceptor { ContextPayloadInterceptorChain chain = new ContextPayloadInterceptorChain(this.interceptors); DefaultPayloadExchange exchange = new DefaultPayloadExchange(PayloadExchangeType.SETUP, payload, metadataMimeType, dataMimeType); - return chain.next(exchange).then(Mono.fromCallable(() -> chain.getContext())) - .defaultIfEmpty(Context.empty()); + return chain.next(exchange) + .then(Mono.fromCallable(() -> chain.getContext())) + .defaultIfEmpty(Context.empty()); }); } diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java index 45af27cb83..18351dad8c 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptor.java @@ -42,7 +42,7 @@ public class PayloadSocketAcceptorInterceptor implements SocketAcceptorIntercept private MimeType defaultDataMimeType; private MimeType defaultMetadataMimeType = MimeTypeUtils - .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); + .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); public PayloadSocketAcceptorInterceptor(List interceptors) { this.interceptors = interceptors; diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java index d1b6f739ad..2a7655003e 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BasicAuthenticationEncoder.java @@ -49,7 +49,7 @@ public class BasicAuthenticationEncoder extends AbstractEncoder encode(Publisher inputStream, DataBufferFactory bufferFactory, ResolvableType elementType, MimeType mimeType, Map hints) { return Flux.from(inputStream) - .map((credentials) -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints)); + .map((credentials) -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints)); } @Override diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java index e822fa8bff..c5ce7f13f4 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/BearerTokenAuthenticationEncoder.java @@ -43,7 +43,7 @@ import org.springframework.util.MimeTypeUtils; public class BearerTokenAuthenticationEncoder extends AbstractEncoder { private static final MimeType AUTHENTICATION_MIME_TYPE = MimeTypeUtils - .parseMimeType("message/x.rsocket.authentication.v0"); + .parseMimeType("message/x.rsocket.authentication.v0"); private NettyDataBufferFactory defaultBufferFactory = new NettyDataBufferFactory(ByteBufAllocator.DEFAULT); @@ -55,7 +55,7 @@ public class BearerTokenAuthenticationEncoder extends AbstractEncoder encode(Publisher inputStream, DataBufferFactory bufferFactory, ResolvableType elementType, MimeType mimeType, Map hints) { return Flux.from(inputStream) - .map((credentials) -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints)); + .map((credentials) -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints)); } @Override diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java index 1c31395de7..9b7a17e10d 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/metadata/SimpleAuthenticationEncoder.java @@ -43,7 +43,7 @@ import org.springframework.util.MimeTypeUtils; public class SimpleAuthenticationEncoder extends AbstractEncoder { private static final MimeType AUTHENTICATION_MIME_TYPE = MimeTypeUtils - .parseMimeType("message/x.rsocket.authentication.v0"); + .parseMimeType("message/x.rsocket.authentication.v0"); private NettyDataBufferFactory defaultBufferFactory = new NettyDataBufferFactory(ByteBufAllocator.DEFAULT); @@ -55,7 +55,7 @@ public class SimpleAuthenticationEncoder extends AbstractEncoder encode(Publisher inputStream, DataBufferFactory bufferFactory, ResolvableType elementType, MimeType mimeType, Map hints) { return Flux.from(inputStream) - .map((credentials) -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints)); + .map((credentials) -> encodeValue(credentials, bufferFactory, elementType, mimeType, hints)); } @Override diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java index d4c4ab8dbe..aad1522ddd 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcher.java @@ -52,9 +52,10 @@ public class RoutePayloadExchangeMatcher implements PayloadExchangeMatcher { Map metadata = this.metadataExtractor.extract(exchange.getPayload(), exchange.getMetadataMimeType()); return Optional.ofNullable((String) metadata.get(MetadataExtractor.ROUTE_KEY)) - .map((routeValue) -> this.routeMatcher.parseRoute(routeValue)) - .map((route) -> this.routeMatcher.matchAndExtract(this.pattern, route)).map((v) -> MatchResult.match(v)) - .orElse(MatchResult.notMatch()); + .map((routeValue) -> this.routeMatcher.parseRoute(routeValue)) + .map((route) -> this.routeMatcher.matchAndExtract(this.pattern, route)) + .map((v) -> MatchResult.match(v)) + .orElse(MatchResult.notMatch()); } } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java index 7c652f0249..a422d88195 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AnonymousPayloadInterceptorTests.java @@ -75,7 +75,7 @@ public class AnonymousPayloadInterceptorTests { public void constructorKeyPrincipalAuthoritiesWhenAuthoritiesNullThenException() { List authorities = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new AnonymousPayloadInterceptor("key", "principal", authorities)); + .isThrownBy(() -> new AnonymousPayloadInterceptor("key", "principal", authorities)); } @Test @@ -91,7 +91,8 @@ public class AnonymousPayloadInterceptorTests { AuthenticationPayloadInterceptorChain chain = new AuthenticationPayloadInterceptorChain(); TestingAuthenticationToken expected = new TestingAuthenticationToken("test", "password"); this.interceptor.intercept(this.exchange, chain) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expected)).block(); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(expected)) + .block(); Authentication authentication = chain.getAuthentication(); assertThat(authentication).isEqualTo(expected); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java index e1effd435f..454e8884e1 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorChain.java @@ -33,8 +33,10 @@ class AuthenticationPayloadInterceptorChain implements PayloadInterceptorChain { @Override public Mono next(PayloadExchange exchange) { - return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication) - .doOnNext((a) -> this.setAuthentication(a)).then(); + return ReactiveSecurityContextHolder.getContext() + .map(SecurityContext::getAuthentication) + .doOnNext((a) -> this.setAuthentication(a)) + .then(); } Authentication getAuthentication() { diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java index 82495f2cb9..e41455f2f7 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authentication/AuthenticationPayloadInterceptorTests.java @@ -66,7 +66,7 @@ import static org.mockito.Mockito.verify; public class AuthenticationPayloadInterceptorTests { static final MimeType COMPOSITE_METADATA = MimeTypeUtils - .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); + .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); @Mock ReactiveAuthenticationManager authenticationManager; @@ -89,8 +89,8 @@ public class AuthenticationPayloadInterceptorTests { interceptor.intercept(exchange, authenticationPayloadChain).block(); Authentication authentication = authenticationPayloadChain.getAuthentication(); verify(this.authenticationManager).authenticate(this.authenticationArg.capture()); - assertThat(this.authenticationArg.getValue()).isEqualToComparingFieldByField( - UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); + assertThat(this.authenticationArg.getValue()) + .isEqualToComparingFieldByField(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")); assertThat(authentication).isEqualTo(expectedAuthentication); } @@ -104,7 +104,8 @@ public class AuthenticationPayloadInterceptorTests { PayloadInterceptorChain chain = mock(PayloadInterceptorChain.class); given(chain.next(any())).willReturn(voidResult.mono()); StepVerifier.create(interceptor.intercept(exchange, chain)) - .then(() -> assertThat(voidResult.subscribeCount()).isEqualTo(1)).verifyComplete(); + .then(() -> assertThat(voidResult.subscribeCount()).isEqualTo(1)) + .verifyComplete(); } private Payload createRequestPayload() { diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java index f5d6a7f07b..9505ea0ac3 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/AuthorizationPayloadInterceptorTests.java @@ -63,8 +63,8 @@ public class AuthorizationPayloadInterceptorTests { AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor( AuthenticatedReactiveAuthorizationManager.authenticated()); StepVerifier.create(interceptor.intercept(this.exchange, this.chain)) - .then(() -> this.chainResult.assertWasNotSubscribed()) - .verifyError(AuthenticationCredentialsNotFoundException.class); + .then(() -> this.chainResult.assertWasNotSubscribed()) + .verifyError(AuthenticationCredentialsNotFoundException.class); } @Test @@ -73,7 +73,8 @@ public class AuthorizationPayloadInterceptorTests { given(this.authorizationManager.verify(any(), any())).willReturn(this.managerResult.mono()); AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor(this.authorizationManager); StepVerifier.create(interceptor.intercept(this.exchange, this.chain)) - .then(() -> this.chainResult.assertWasSubscribed()).verifyComplete(); + .then(() -> this.chainResult.assertWasSubscribed()) + .verifyComplete(); } @Test @@ -82,10 +83,11 @@ public class AuthorizationPayloadInterceptorTests { AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor( AuthorityReactiveAuthorizationManager.hasRole("USER")); Context userContext = ReactiveSecurityContextHolder - .withAuthentication(new TestingAuthenticationToken("user", "password")); + .withAuthentication(new TestingAuthenticationToken("user", "password")); Mono intercept = interceptor.intercept(this.exchange, this.chain).subscriberContext(userContext); - StepVerifier.create(intercept).then(() -> this.chainResult.assertWasNotSubscribed()) - .verifyError(AccessDeniedException.class); + StepVerifier.create(intercept) + .then(() -> this.chainResult.assertWasNotSubscribed()) + .verifyError(AccessDeniedException.class); } @Test @@ -94,7 +96,7 @@ public class AuthorizationPayloadInterceptorTests { AuthorizationPayloadInterceptor interceptor = new AuthorizationPayloadInterceptor( AuthenticatedReactiveAuthorizationManager.authenticated()); Context userContext = ReactiveSecurityContextHolder - .withAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); + .withAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); Mono intercept = interceptor.intercept(this.exchange, this.chain).subscriberContext(userContext); StepVerifier.create(intercept).then(() -> this.chainResult.assertWasSubscribed()).verifyComplete(); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java index 0b697180a3..4f8041aeb4 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java @@ -54,8 +54,9 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests { AuthorizationDecision expected = new AuthorizationDecision(true); given(this.authz.check(any(), any())).willReturn(Mono.just(expected)); PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager - .builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)) - .build(); + .builder() + .add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)) + .build(); assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); } @@ -64,8 +65,9 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests { AuthorizationDecision expected = new AuthorizationDecision(false); given(this.authz.check(any(), any())).willReturn(Mono.just(expected)); PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager - .builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)) - .build(); + .builder() + .add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)) + .build(); assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); } @@ -74,10 +76,10 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests { AuthorizationDecision expected = new AuthorizationDecision(true); given(this.authz.check(any(), any())).willReturn(Mono.just(expected)); PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager - .builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)) - .add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), - this.authz2)) - .build(); + .builder() + .add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)) + .add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz2)) + .build(); assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); } @@ -86,10 +88,10 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests { AuthorizationDecision expected = new AuthorizationDecision(true); given(this.authz2.check(any(), any())).willReturn(Mono.just(expected)); PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager - .builder() - .add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), - this.authz)) - .add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz2)).build(); + .builder() + .add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz)) + .add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz2)) + .build(); assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java index b8e54b7aa0..eecfcc2917 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/CaptureSecurityContextSocketAcceptor.java @@ -43,7 +43,8 @@ class CaptureSecurityContextSocketAcceptor implements SocketAcceptor { @Override public Mono accept(ConnectionSetupPayload setup, RSocket sendingSocket) { return ReactiveSecurityContextHolder.getContext() - .doOnNext((securityContext) -> this.securityContext = securityContext).thenReturn(this.accept); + .doOnNext((securityContext) -> this.securityContext = securityContext) + .thenReturn(this.accept); } SecurityContext getSecurityContext() { diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java index 3519bc4b8f..1e53b5a260 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadInterceptorRSocketTests.java @@ -75,7 +75,7 @@ import static org.mockito.Mockito.verifyNoMoreInteractions; public class PayloadInterceptorRSocketTests { static final MimeType COMPOSITE_METADATA = MimeTypeUtils - .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); + .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); @Mock RSocket delegate; @@ -129,8 +129,9 @@ public class PayloadInterceptorRSocketTests { given(this.delegate.fireAndForget(any())).willReturn(this.voidResult.mono()); PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.fireAndForget(this.payload)).then(() -> this.voidResult.assertWasSubscribed()) - .verifyComplete(); + StepVerifier.create(interceptor.fireAndForget(this.payload)) + .then(() -> this.voidResult.assertWasSubscribed()) + .verifyComplete(); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -142,8 +143,8 @@ public class PayloadInterceptorRSocketTests { PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); StepVerifier.create(interceptor.fireAndForget(this.payload)) - .then(() -> this.voidResult.assertWasNotSubscribed()) - .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); + .then(() -> this.voidResult.assertWasNotSubscribed()) + .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -174,8 +175,10 @@ public class PayloadInterceptorRSocketTests { PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); StepVerifier.create(interceptor.requestResponse(this.payload)) - .then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload)) - .expectNext(this.payload).verifyComplete(); + .then(() -> this.payloadResult.assertSubscribers()) + .then(() -> this.payloadResult.emit(this.payload)) + .expectNext(this.payload) + .verifyComplete(); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestResponse(this.payload); @@ -188,7 +191,8 @@ public class PayloadInterceptorRSocketTests { PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); assertThatExceptionOfType(RuntimeException.class) - .isThrownBy(() -> interceptor.requestResponse(this.payload).block()).isEqualTo(expected); + .isThrownBy(() -> interceptor.requestResponse(this.payload).block()) + .isEqualTo(expected); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verifyNoMoreInteractions(this.delegate); @@ -208,8 +212,10 @@ public class PayloadInterceptorRSocketTests { PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); StepVerifier.create(interceptor.requestResponse(this.payload)) - .then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload)) - .expectNext(this.payload).verifyComplete(); + .then(() -> this.payloadResult.assertSubscribers()) + .then(() -> this.payloadResult.emit(this.payload)) + .expectNext(this.payload) + .verifyComplete(); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestResponse(this.payload); @@ -221,8 +227,11 @@ public class PayloadInterceptorRSocketTests { given(this.delegate.requestStream(any())).willReturn(this.payloadResult.flux()); PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestStream(this.payload)).then(() -> this.payloadResult.assertSubscribers()) - .then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete(); + StepVerifier.create(interceptor.requestStream(this.payload)) + .then(() -> this.payloadResult.assertSubscribers()) + .then(() -> this.payloadResult.emit(this.payload)) + .expectNext(this.payload) + .verifyComplete(); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -234,8 +243,8 @@ public class PayloadInterceptorRSocketTests { PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); StepVerifier.create(interceptor.requestStream(this.payload)) - .then(() -> this.payloadResult.assertNoSubscribers()) - .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); + .then(() -> this.payloadResult.assertNoSubscribers()) + .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -253,8 +262,11 @@ public class PayloadInterceptorRSocketTests { }; PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestStream(this.payload)).then(() -> this.payloadResult.assertSubscribers()) - .then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete(); + StepVerifier.create(interceptor.requestStream(this.payload)) + .then(() -> this.payloadResult.assertSubscribers()) + .then(() -> this.payloadResult.emit(this.payload)) + .expectNext(this.payload) + .verifyComplete(); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestStream(this.payload); @@ -267,8 +279,10 @@ public class PayloadInterceptorRSocketTests { PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); StepVerifier.create(interceptor.requestChannel(Flux.just(this.payload))) - .then(() -> this.payloadResult.assertSubscribers()).then(() -> this.payloadResult.emit(this.payload)) - .expectNext(this.payload).verifyComplete(); + .then(() -> this.payloadResult.assertSubscribers()) + .then(() -> this.payloadResult.emit(this.payload)) + .expectNext(this.payload) + .verifyComplete(); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestChannel(any()); @@ -284,10 +298,11 @@ public class PayloadInterceptorRSocketTests { Context ctx = Context.empty(); Flux payloads = this.payloadResult.flux(); given(this.interceptor.intercept(any(), any())).willReturn(Mono.empty()) - .willReturn(Mono.error(() -> new AccessDeniedException("Access Denied"))); + .willReturn(Mono.error(() -> new AccessDeniedException("Access Denied"))); given(this.delegate.requestChannel(any())).willAnswer((invocation) -> { Flux input = invocation.getArgument(0); - return Flux.from(input).switchOnFirst((signal, innerFlux) -> innerFlux.map(Payload::getDataUtf8) + return Flux.from(input) + .switchOnFirst((signal, innerFlux) -> innerFlux.map(Payload::getDataUtf8) .transform((data) -> Flux.create((emitter) -> { Runnable run = () -> data.subscribe(new CoreSubscriber() { @Override @@ -311,15 +326,16 @@ public class PayloadInterceptorRSocketTests { } }); executors.execute(run); - })).map(DefaultPayload::create)); + })) + .map(DefaultPayload::create)); }); PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType, ctx); StepVerifier.create(interceptor.requestChannel(payloads).doOnDiscard(Payload.class, Payload::release)) - .then(() -> this.payloadResult.assertSubscribers()) - .then(() -> this.payloadResult.emit(payload, payloadTwo, payloadThree)) - .assertNext((next) -> assertThat(next.getDataUtf8()).isEqualTo(payload.getDataUtf8())) - .verifyError(AccessDeniedException.class); + .then(() -> this.payloadResult.assertSubscribers()) + .then(() -> this.payloadResult.emit(payload, payloadTwo, payloadThree)) + .assertNext((next) -> assertThat(next.getDataUtf8()).isEqualTo(payload.getDataUtf8())) + .verifyError(AccessDeniedException.class); verify(this.interceptor, times(2)).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(payloadTwo); verify(this.delegate).requestChannel(any()); @@ -332,8 +348,8 @@ public class PayloadInterceptorRSocketTests { PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); StepVerifier.create(interceptor.requestChannel(Flux.just(this.payload))) - .then(() -> this.payloadResult.assertNoSubscribers()) - .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); + .then(() -> this.payloadResult.assertNoSubscribers()) + .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -352,8 +368,11 @@ public class PayloadInterceptorRSocketTests { }; PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(assertAuthentication, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.requestChannel(payload)).then(() -> this.payloadResult.assertSubscribers()) - .then(() -> this.payloadResult.emit(this.payload)).expectNext(this.payload).verifyComplete(); + StepVerifier.create(interceptor.requestChannel(payload)) + .then(() -> this.payloadResult.assertSubscribers()) + .then(() -> this.payloadResult.emit(this.payload)) + .expectNext(this.payload) + .verifyComplete(); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.delegate).requestChannel(any()); @@ -365,8 +384,9 @@ public class PayloadInterceptorRSocketTests { given(this.delegate.metadataPush(any())).willReturn(this.voidResult.mono()); PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.metadataPush(this.payload)).then(() -> this.voidResult.assertWasSubscribed()) - .verifyComplete(); + StepVerifier.create(interceptor.metadataPush(this.payload)) + .then(() -> this.voidResult.assertWasSubscribed()) + .verifyComplete(); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -377,8 +397,9 @@ public class PayloadInterceptorRSocketTests { given(this.interceptor.intercept(any(), any())).willReturn(Mono.error(expected)); PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor), this.metadataMimeType, this.dataMimeType); - StepVerifier.create(interceptor.metadataPush(this.payload)).then(() -> this.voidResult.assertWasNotSubscribed()) - .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); + StepVerifier.create(interceptor.metadataPush(this.payload)) + .then(() -> this.voidResult.assertWasNotSubscribed()) + .verifyErrorSatisfies((e) -> assertThat(e).isEqualTo(expected)); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); } @@ -439,7 +460,8 @@ public class PayloadInterceptorRSocketTests { PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType); assertThatExceptionOfType(RuntimeException.class) - .isThrownBy(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected); + .isThrownBy(() -> interceptor.fireAndForget(this.payload).block()) + .isEqualTo(expected); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verifyNoMoreInteractions(this.interceptor2); @@ -454,7 +476,8 @@ public class PayloadInterceptorRSocketTests { PayloadInterceptorRSocket interceptor = new PayloadInterceptorRSocket(this.delegate, Arrays.asList(this.interceptor, this.interceptor2), this.metadataMimeType, this.dataMimeType); assertThatExceptionOfType(RuntimeException.class) - .isThrownBy(() -> interceptor.fireAndForget(this.payload).block()).isEqualTo(expected); + .isThrownBy(() -> interceptor.fireAndForget(this.payload).block()) + .isEqualTo(expected); verify(this.interceptor).intercept(this.exchange.capture(), any()); assertThat(this.exchange.getValue().getPayload()).isEqualTo(this.payload); verify(this.interceptor2).intercept(any(), any()); @@ -462,16 +485,18 @@ public class PayloadInterceptorRSocketTests { } private Mono assertAuthentication(Authentication authentication) { - return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication) - .doOnNext((a) -> assertThat(a).isEqualTo(authentication)); + return ReactiveSecurityContextHolder.getContext() + .map(SecurityContext::getAuthentication) + .doOnNext((a) -> assertThat(a).isEqualTo(authentication)); } private Answer withAuthenticated(Authentication authentication) { return (invocation) -> { PayloadInterceptorChain c = (PayloadInterceptorChain) invocation.getArguments()[1]; - return c.next(new DefaultPayloadExchange(PayloadExchangeType.REQUEST_CHANNEL, this.payload, - this.metadataMimeType, this.dataMimeType)) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)); + return c + .next(new DefaultPayloadExchange(PayloadExchangeType.REQUEST_CHANNEL, this.payload, + this.metadataMimeType, this.dataMimeType)) + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication)); }; } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java index 6a8cd0af7b..36775b5553 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorInterceptorTests.java @@ -78,7 +78,7 @@ public class PayloadSocketAcceptorInterceptorTests { given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE); PayloadExchange exchange = captureExchange(); assertThat(exchange.getMetadataMimeType().toString()) - .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); + .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); } @@ -96,7 +96,7 @@ public class PayloadSocketAcceptorInterceptorTests { this.acceptorInterceptor.setDefaultDataMimeType(MediaType.APPLICATION_JSON); PayloadExchange exchange = captureExchange(); assertThat(exchange.getMetadataMimeType().toString()) - .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); + .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java index e7c946873e..c5d7249e6d 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/core/PayloadSocketAcceptorTests.java @@ -84,27 +84,27 @@ public class PayloadSocketAcceptorTests { public void constructorWhenNullDelegateThenException() { this.delegate = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new PayloadSocketAcceptor(this.delegate, this.interceptors)); + .isThrownBy(() -> new PayloadSocketAcceptor(this.delegate, this.interceptors)); } @Test public void constructorWhenNullInterceptorsThenException() { this.interceptors = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new PayloadSocketAcceptor(this.delegate, this.interceptors)); + .isThrownBy(() -> new PayloadSocketAcceptor(this.delegate, this.interceptors)); } @Test public void constructorWhenEmptyInterceptorsThenException() { this.interceptors = Collections.emptyList(); assertThatIllegalArgumentException() - .isThrownBy(() -> new PayloadSocketAcceptor(this.delegate, this.interceptors)); + .isThrownBy(() -> new PayloadSocketAcceptor(this.delegate, this.interceptors)); } @Test public void acceptWhenDataMimeTypeNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.acceptor.accept(this.setupPayload, this.rSocket).block()); + .isThrownBy(() -> this.acceptor.accept(this.setupPayload, this.rSocket).block()); } @Test @@ -112,7 +112,7 @@ public class PayloadSocketAcceptorTests { given(this.setupPayload.dataMimeType()).willReturn(MediaType.APPLICATION_JSON_VALUE); PayloadExchange exchange = captureExchange(); assertThat(exchange.getMetadataMimeType().toString()) - .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); + .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); } @@ -130,7 +130,7 @@ public class PayloadSocketAcceptorTests { this.acceptor.setDefaultDataMimeType(MediaType.APPLICATION_JSON); PayloadExchange exchange = captureExchange(); assertThat(exchange.getMetadataMimeType().toString()) - .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); + .isEqualTo(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); assertThat(exchange.getDataMimeType()).isEqualTo(MediaType.APPLICATION_JSON); } @@ -154,7 +154,7 @@ public class PayloadSocketAcceptorTests { this.rSocket); PayloadInterceptor authenticateInterceptor = (exchange, chain) -> { Context withSecurityContext = ReactiveSecurityContextHolder - .withSecurityContext(Mono.just(expectedSecurityContext)); + .withSecurityContext(Mono.just(expectedSecurityContext)); return chain.next(exchange).subscriberContext(withSecurityContext); }; List interceptors = Arrays.asList(authenticateInterceptor); diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java index aea03d174e..7c38154f79 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/metadata/BasicAuthenticationDecoderTests.java @@ -44,7 +44,8 @@ public class BasicAuthenticationDecoderTests { Map hints = null; DataBuffer dataBuffer = encoder.encodeValue(expectedCredentials, factory, elementType, mimeType, hints); UsernamePasswordMetadata actualCredentials = decoder - .decodeToMono(Mono.just(dataBuffer), elementType, mimeType, hints).block(); + .decodeToMono(Mono.just(dataBuffer), elementType, mimeType, hints) + .block(); assertThat(actualCredentials).isEqualToComparingFieldByField(expectedCredentials); } diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java index 8476be2c41..420b85e2a4 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/util/matcher/RoutePayloadExchangeMatcherTests.java @@ -47,7 +47,7 @@ import static org.mockito.BDDMockito.given; public class RoutePayloadExchangeMatcherTests { static final MimeType COMPOSITE_METADATA = MimeTypeUtils - .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); + .parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_COMPOSITE_METADATA.getString()); @Mock private MetadataExtractor metadataExtractor; @@ -86,7 +86,7 @@ public class RoutePayloadExchangeMatcherTests { public void matchesWhenNotMatchThenNotMatch() { String route = "route"; given(this.metadataExtractor.extract(any(), any())) - .willReturn(Collections.singletonMap(MetadataExtractor.ROUTE_KEY, route)); + .willReturn(Collections.singletonMap(MetadataExtractor.ROUTE_KEY, route)); PayloadExchangeMatcher.MatchResult result = this.matcher.matches(this.exchange).block(); assertThat(result.isMatch()).isFalse(); } @@ -95,7 +95,7 @@ public class RoutePayloadExchangeMatcherTests { public void matchesWhenMatchAndNoVariablesThenMatch() { String route = "route"; given(this.metadataExtractor.extract(any(), any())) - .willReturn(Collections.singletonMap(MetadataExtractor.ROUTE_KEY, route)); + .willReturn(Collections.singletonMap(MetadataExtractor.ROUTE_KEY, route)); given(this.routeMatcher.parseRoute(any())).willReturn(this.route); given(this.routeMatcher.matchAndExtract(any(), any())).willReturn(Collections.emptyMap()); PayloadExchangeMatcher.MatchResult result = this.matcher.matches(this.exchange).block(); @@ -107,7 +107,7 @@ public class RoutePayloadExchangeMatcherTests { String route = "route"; Map variables = Collections.singletonMap("a", "b"); given(this.metadataExtractor.extract(any(), any())) - .willReturn(Collections.singletonMap(MetadataExtractor.ROUTE_KEY, route)); + .willReturn(Collections.singletonMap(MetadataExtractor.ROUTE_KEY, route)); given(this.routeMatcher.parseRoute(any())).willReturn(this.route); given(this.routeMatcher.matchAndExtract(any(), any())).willReturn(variables); PayloadExchangeMatcher.MatchResult result = this.matcher.matches(this.exchange).block(); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlVerificationUtils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlVerificationUtils.java index 5b8d029587..bcd27b3f95 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlVerificationUtils.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlVerificationUtils.java @@ -187,24 +187,23 @@ final class OpenSamlVerificationUtils { byte[] getContent() { if (this.request.getParameter(Saml2ParameterNames.RELAY_STATE) != null) { return String - .format("%s=%s&%s=%s&%s=%s", this.objectParameterName, - UriUtils.encode(this.request.getParameter(this.objectParameterName), - StandardCharsets.ISO_8859_1), - Saml2ParameterNames.RELAY_STATE, - UriUtils.encode(this.request.getParameter(Saml2ParameterNames.RELAY_STATE), - StandardCharsets.ISO_8859_1), - Saml2ParameterNames.SIG_ALG, - UriUtils.encode(getAlgorithm(), StandardCharsets.ISO_8859_1)) - .getBytes(StandardCharsets.UTF_8); + .format("%s=%s&%s=%s&%s=%s", this.objectParameterName, UriUtils + .encode(this.request.getParameter(this.objectParameterName), StandardCharsets.ISO_8859_1), + Saml2ParameterNames.RELAY_STATE, + UriUtils.encode(this.request.getParameter(Saml2ParameterNames.RELAY_STATE), + StandardCharsets.ISO_8859_1), + Saml2ParameterNames.SIG_ALG, + UriUtils.encode(getAlgorithm(), StandardCharsets.ISO_8859_1)) + .getBytes(StandardCharsets.UTF_8); } else { return String - .format("%s=%s&%s=%s", this.objectParameterName, - UriUtils.encode(this.request.getParameter(this.objectParameterName), - StandardCharsets.ISO_8859_1), - Saml2ParameterNames.SIG_ALG, - UriUtils.encode(getAlgorithm(), StandardCharsets.ISO_8859_1)) - .getBytes(StandardCharsets.UTF_8); + .format("%s=%s&%s=%s", this.objectParameterName, + UriUtils.encode(this.request.getParameter(this.objectParameterName), + StandardCharsets.ISO_8859_1), + Saml2ParameterNames.SIG_ALG, + UriUtils.encode(getAlgorithm(), StandardCharsets.ISO_8859_1)) + .getBytes(StandardCharsets.UTF_8); } } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java index 8007cbca9d..979b1823c1 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequest.java @@ -114,8 +114,9 @@ public final class Saml2AuthenticationRequest { */ public static Builder withAuthenticationRequestContext(Saml2AuthenticationRequestContext context) { return new Builder().assertionConsumerServiceUrl(context.getAssertionConsumerServiceUrl()) - .issuer(context.getIssuer()).destination(context.getDestination()) - .credentials((c) -> c.addAll(context.getRelyingPartyRegistration().getCredentials())); + .issuer(context.getIssuer()) + .destination(context.getDestination()) + .credentials((c) -> c.addAll(context.getRelyingPartyRegistration().getCredentials())); } /** diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactory.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactory.java index 7ae6c3dc70..e0d7c1f8ad 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactory.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationRequestFactory.java @@ -82,11 +82,12 @@ public interface Saml2AuthenticationRequestFactory { Saml2AuthenticationRequestContext context) { // backwards compatible with 5.2.x settings Saml2AuthenticationRequest.Builder resultBuilder = Saml2AuthenticationRequest - .withAuthenticationRequestContext(context); + .withAuthenticationRequestContext(context); String samlRequest = createAuthenticationRequest(resultBuilder.build()); samlRequest = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(samlRequest)); - return Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(context).samlRequest(samlRequest) - .build(); + return Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(context) + .samlRequest(samlRequest) + .build(); } /** @@ -110,11 +111,12 @@ public interface Saml2AuthenticationRequestFactory { default Saml2PostAuthenticationRequest createPostAuthenticationRequest(Saml2AuthenticationRequestContext context) { // backwards compatible with 5.2.x settings Saml2AuthenticationRequest.Builder resultBuilder = Saml2AuthenticationRequest - .withAuthenticationRequestContext(context); + .withAuthenticationRequestContext(context); String samlRequest = createAuthenticationRequest(resultBuilder.build()); samlRequest = Saml2Utils.samlEncode(samlRequest.getBytes(StandardCharsets.UTF_8)); - return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(context).samlRequest(samlRequest) - .build(); + return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(context) + .samlRequest(samlRequest) + .build(); } } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java index bdf66a4464..0cb48dac25 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java @@ -97,10 +97,12 @@ public class Saml2AuthenticationToken extends AbstractAuthenticationToken { String localSpEntityId, List credentials) { super(null); this.relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId(idpEntityId) - .entityId(localSpEntityId).assertionConsumerServiceLocation(recipientUri) - .credentials((c) -> c.addAll(credentials)).assertingPartyDetails((assertingParty) -> assertingParty - .entityId(idpEntityId).singleSignOnServiceLocation(idpEntityId)) - .build(); + .entityId(localSpEntityId) + .assertionConsumerServiceLocation(recipientUri) + .credentials((c) -> c.addAll(credentials)) + .assertingPartyDetails( + (assertingParty) -> assertingParty.entityId(idpEntityId).singleSignOnServiceLocation(idpEntityId)) + .build(); this.saml2Response = saml2Response; this.authenticationRequest = null; } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java index a41f7bcb06..221426fe82 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java @@ -54,7 +54,7 @@ public class Saml2PostAuthenticationRequest extends AbstractSaml2AuthenticationR */ public static Builder withAuthenticationRequestContext(Saml2AuthenticationRequestContext context) { return new Builder(context.getRelyingPartyRegistration()).authenticationRequestUri(context.getDestination()) - .relayState(context.getRelayState()); + .relayState(context.getRelayState()); } /** diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java index d58850fcc2..2be0ff96e8 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java @@ -76,7 +76,7 @@ public final class Saml2RedirectAuthenticationRequest extends AbstractSaml2Authe */ public static Builder withAuthenticationRequestContext(Saml2AuthenticationRequestContext context) { return new Builder(context.getRelyingPartyRegistration()).authenticationRequestUri(context.getDestination()) - .relayState(context.getRelayState()); + .relayState(context.getRelayState()); } /** diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutRequestValidator.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutRequestValidator.java index 43c041740a..00875571a3 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutRequestValidator.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutRequestValidator.java @@ -66,7 +66,7 @@ public final class OpenSamlLogoutRequestValidator implements Saml2LogoutRequestV XMLObjectProviderRegistry registry = ConfigurationService.get(XMLObjectProviderRegistry.class); this.parserPool = registry.getParserPool(); this.unmarshaller = (LogoutRequestUnmarshaller) XMLObjectProviderRegistrySupport.getUnmarshallerFactory() - .getUnmarshaller(LogoutRequest.DEFAULT_ELEMENT_NAME); + .getUnmarshaller(LogoutRequest.DEFAULT_ELEMENT_NAME); } /** @@ -79,8 +79,10 @@ public final class OpenSamlLogoutRequestValidator implements Saml2LogoutRequestV Authentication authentication = parameters.getAuthentication(); byte[] b = Saml2Utils.samlDecode(request.getSamlRequest()); LogoutRequest logoutRequest = parse(inflateIfRequired(request, b)); - return Saml2LogoutValidatorResult.withErrors().errors(verifySignature(request, logoutRequest, registration)) - .errors(validateRequest(logoutRequest, registration, authentication)).build(); + return Saml2LogoutValidatorResult.withErrors() + .errors(verifySignature(request, logoutRequest, registration)) + .errors(validateRequest(logoutRequest, registration, authentication)) + .build(); } private String inflateIfRequired(Saml2LogoutRequest request, byte[] b) { @@ -93,7 +95,7 @@ public final class OpenSamlLogoutRequestValidator implements Saml2LogoutRequestV private LogoutRequest parse(String request) throws Saml2Exception { try { Document document = this.parserPool - .parse(new ByteArrayInputStream(request.getBytes(StandardCharsets.UTF_8))); + .parse(new ByteArrayInputStream(request.getBytes(StandardCharsets.UTF_8))); Element element = document.getDocumentElement(); return (LogoutRequest) this.unmarshaller.unmarshall(element); } @@ -133,8 +135,8 @@ public final class OpenSamlLogoutRequestValidator implements Saml2LogoutRequestV } String issuer = request.getIssuer().getValue(); if (!issuer.equals(registration.getAssertingPartyDetails().getEntityId())) { - errors.add( - new Saml2Error(Saml2ErrorCodes.INVALID_ISSUER, "Failed to match issuer to configured issuer")); + errors + .add(new Saml2Error(Saml2ErrorCodes.INVALID_ISSUER, "Failed to match issuer to configured issuer")); } }; } @@ -163,8 +165,8 @@ public final class OpenSamlLogoutRequestValidator implements Saml2LogoutRequestV } NameID nameId = getNameId(request, registration); if (nameId == null) { - errors.add( - new Saml2Error(Saml2ErrorCodes.SUBJECT_NOT_FOUND, "Failed to find subject in LogoutRequest")); + errors + .add(new Saml2Error(Saml2ErrorCodes.SUBJECT_NOT_FOUND, "Failed to find subject in LogoutRequest")); return; } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutResponseValidator.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutResponseValidator.java index 5dd903a066..b718bd04e6 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutResponseValidator.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlLogoutResponseValidator.java @@ -63,7 +63,7 @@ public class OpenSamlLogoutResponseValidator implements Saml2LogoutResponseValid XMLObjectProviderRegistry registry = ConfigurationService.get(XMLObjectProviderRegistry.class); this.parserPool = registry.getParserPool(); this.unmarshaller = (LogoutResponseUnmarshaller) XMLObjectProviderRegistrySupport.getUnmarshallerFactory() - .getUnmarshaller(LogoutResponse.DEFAULT_ELEMENT_NAME); + .getUnmarshaller(LogoutResponse.DEFAULT_ELEMENT_NAME); } /** @@ -76,9 +76,11 @@ public class OpenSamlLogoutResponseValidator implements Saml2LogoutResponseValid RelyingPartyRegistration registration = parameters.getRelyingPartyRegistration(); byte[] b = Saml2Utils.samlDecode(response.getSamlResponse()); LogoutResponse logoutResponse = parse(inflateIfRequired(response, b)); - return Saml2LogoutValidatorResult.withErrors().errors(verifySignature(response, logoutResponse, registration)) - .errors(validateRequest(logoutResponse, registration)) - .errors(validateLogoutRequest(logoutResponse, request.getId())).build(); + return Saml2LogoutValidatorResult.withErrors() + .errors(verifySignature(response, logoutResponse, registration)) + .errors(validateRequest(logoutResponse, registration)) + .errors(validateLogoutRequest(logoutResponse, request.getId())) + .build(); } private String inflateIfRequired(Saml2LogoutResponse response, byte[] b) { @@ -91,7 +93,7 @@ public class OpenSamlLogoutResponseValidator implements Saml2LogoutResponseValid private LogoutResponse parse(String response) throws Saml2Exception { try { Document document = this.parserPool - .parse(new ByteArrayInputStream(response.getBytes(StandardCharsets.UTF_8))); + .parse(new ByteArrayInputStream(response.getBytes(StandardCharsets.UTF_8))); Element element = document.getDocumentElement(); return (LogoutResponse) this.unmarshaller.unmarshall(element); } @@ -131,8 +133,8 @@ public class OpenSamlLogoutResponseValidator implements Saml2LogoutResponseValid } String issuer = response.getIssuer().getValue(); if (!issuer.equals(registration.getAssertingPartyDetails().getEntityId())) { - errors.add( - new Saml2Error(Saml2ErrorCodes.INVALID_ISSUER, "Failed to match issuer to configured issuer")); + errors + .add(new Saml2Error(Saml2ErrorCodes.INVALID_ISSUER, "Failed to match issuer to configured issuer")); } }; } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlVerificationUtils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlVerificationUtils.java index 3f472ac437..0601b0bc6d 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlVerificationUtils.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/OpenSamlVerificationUtils.java @@ -165,7 +165,7 @@ final class OpenSamlVerificationUtils { private SignatureTrustEngine trustEngine(RelyingPartyRegistration registration) { Set credentials = new HashSet<>(); Collection keys = registration.getAssertingPartyDetails() - .getVerificationX509Credentials(); + .getVerificationX509Credentials(); for (Saml2X509Credential key : keys) { BasicX509Credential cred = new BasicX509Credential(key.getCertificate()); cred.setUsageType(UsageType.SIGNING); @@ -193,8 +193,11 @@ final class OpenSamlVerificationUtils { else { this.signature = null; } - Map queryParams = UriComponentsBuilder.newInstance().query(request.getParametersQuery()) - .build(true).getQueryParams().toSingleValueMap(); + Map queryParams = UriComponentsBuilder.newInstance() + .query(request.getParametersQuery()) + .build(true) + .getQueryParams() + .toSingleValueMap(); this.content = getContent(Saml2ParameterNames.SAML_REQUEST, request.getRelayState(), queryParams); } @@ -207,22 +210,26 @@ final class OpenSamlVerificationUtils { this.signature = null; } Map queryParams = UriComponentsBuilder.newInstance() - .query(response.getParametersQuery()).build(true).getQueryParams().toSingleValueMap(); + .query(response.getParametersQuery()) + .build(true) + .getQueryParams() + .toSingleValueMap(); this.content = getContent(Saml2ParameterNames.SAML_RESPONSE, response.getRelayState(), queryParams); } static byte[] getContent(String samlObject, String relayState, final Map queryParams) { if (Objects.nonNull(relayState)) { return String - .format("%s=%s&%s=%s&%s=%s", samlObject, queryParams.get(samlObject), - Saml2ParameterNames.RELAY_STATE, queryParams.get(Saml2ParameterNames.RELAY_STATE), - Saml2ParameterNames.SIG_ALG, queryParams.get(Saml2ParameterNames.SIG_ALG)) - .getBytes(StandardCharsets.UTF_8); + .format("%s=%s&%s=%s&%s=%s", samlObject, queryParams.get(samlObject), + Saml2ParameterNames.RELAY_STATE, queryParams.get(Saml2ParameterNames.RELAY_STATE), + Saml2ParameterNames.SIG_ALG, queryParams.get(Saml2ParameterNames.SIG_ALG)) + .getBytes(StandardCharsets.UTF_8); } else { - return String.format("%s=%s&%s=%s", samlObject, queryParams.get(samlObject), - Saml2ParameterNames.SIG_ALG, queryParams.get(Saml2ParameterNames.SIG_ALG)) - .getBytes(StandardCharsets.UTF_8); + return String + .format("%s=%s&%s=%s", samlObject, queryParams.get(samlObject), Saml2ParameterNames.SIG_ALG, + queryParams.get(Saml2ParameterNames.SIG_ALG)) + .getBytes(StandardCharsets.UTF_8); } } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java index 4e0ad7f6a2..e2c48ab984 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.java @@ -70,7 +70,8 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver { public OpenSamlMetadataResolver() { this.entityDescriptorMarshaller = (EntityDescriptorMarshaller) XMLObjectProviderRegistrySupport - .getMarshallerFactory().getMarshaller(EntityDescriptor.DEFAULT_ELEMENT_NAME); + .getMarshallerFactory() + .getMarshaller(EntityDescriptor.DEFAULT_ELEMENT_NAME); Assert.notNull(this.entityDescriptorMarshaller, "entityDescriptorMarshaller cannot be null"); } @@ -81,7 +82,7 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver { SPSSODescriptor spSsoDescriptor = buildSpSsoDescriptor(relyingPartyRegistration); entityDescriptor.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME).add(spSsoDescriptor); this.entityDescriptorCustomizer - .accept(new EntityDescriptorParameters(entityDescriptor, relyingPartyRegistration)); + .accept(new EntityDescriptorParameters(entityDescriptor, relyingPartyRegistration)); return serialize(entityDescriptor); } @@ -100,9 +101,9 @@ public final class OpenSamlMetadataResolver implements Saml2MetadataResolver { SPSSODescriptor spSsoDescriptor = build(SPSSODescriptor.DEFAULT_ELEMENT_NAME); spSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); spSsoDescriptor.getKeyDescriptors() - .addAll(buildKeys(registration.getSigningX509Credentials(), UsageType.SIGNING)); + .addAll(buildKeys(registration.getSigningX509Credentials(), UsageType.SIGNING)); spSsoDescriptor.getKeyDescriptors() - .addAll(buildKeys(registration.getDecryptionX509Credentials(), UsageType.ENCRYPTION)); + .addAll(buildKeys(registration.getDecryptionX509Credentials(), UsageType.ENCRYPTION)); spSsoDescriptor.getAssertionConsumerServices().add(buildAssertionConsumerService(registration)); if (registration.getSingleLogoutServiceLocation() != null) { for (Saml2MessageBinding binding : registration.getSingleLogoutServiceBindings()) { diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverter.java index 3bc8d96e04..53c06aa139 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlMetadataAssertingPartyDetailsConverter.java @@ -120,10 +120,11 @@ class OpenSamlMetadataAssertingPartyDetailsConverter { "Metadata response is missing verification certificates, necessary for verifying SAML assertions"); } RelyingPartyRegistration.AssertingPartyDetails.Builder party = OpenSamlAssertingPartyDetails - .withEntityDescriptor(descriptor).entityId(descriptor.getEntityID()) - .wantAuthnRequestsSigned(Boolean.TRUE.equals(idpssoDescriptor.getWantAuthnRequestsSigned())) - .verificationX509Credentials((c) -> c.addAll(verification)) - .encryptionX509Credentials((c) -> c.addAll(encryption)); + .withEntityDescriptor(descriptor) + .entityId(descriptor.getEntityID()) + .wantAuthnRequestsSigned(Boolean.TRUE.equals(idpssoDescriptor.getWantAuthnRequestsSigned())) + .verificationX509Credentials((c) -> c.addAll(verification)) + .encryptionX509Credentials((c) -> c.addAll(encryption)); List signingMethods = signingMethods(idpssoDescriptor); for (SigningMethod method : signingMethods) { party.signingAlgorithms((algorithms) -> algorithms.add(method.getAlgorithm())); @@ -160,7 +161,8 @@ class OpenSamlMetadataAssertingPartyDetailsConverter { String responseLocation = (singleLogoutService.getResponseLocation() == null) ? singleLogoutService.getLocation() : singleLogoutService.getResponseLocation(); party.singleLogoutServiceLocation(singleLogoutService.getLocation()) - .singleLogoutServiceResponseLocation(responseLocation).singleLogoutServiceBinding(binding); + .singleLogoutServiceResponseLocation(responseLocation) + .singleLogoutServiceBinding(binding); break; } return party; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java index 275814fabb..d4d13f0149 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java @@ -443,8 +443,8 @@ public final class RelyingPartyRegistration { public static Builder withAssertingPartyDetails(AssertingPartyDetails assertingPartyDetails) { Assert.notNull(assertingPartyDetails, "assertingPartyDetails cannot be null"); - return withRegistrationId(assertingPartyDetails.getEntityId()).assertingPartyDetails((party) -> party - .entityId(assertingPartyDetails.getEntityId()) + return withRegistrationId(assertingPartyDetails.getEntityId()) + .assertingPartyDetails((party) -> party.entityId(assertingPartyDetails.getEntityId()) .wantAuthnRequestsSigned(assertingPartyDetails.getWantAuthnRequestsSigned()) .signingAlgorithms((algorithms) -> algorithms.addAll(assertingPartyDetails.getSigningAlgorithms())) .verificationX509Credentials((c) -> c.addAll(assertingPartyDetails.getVerificationX509Credentials())) @@ -465,33 +465,29 @@ public final class RelyingPartyRegistration { public static Builder withRelyingPartyRegistration(RelyingPartyRegistration registration) { Assert.notNull(registration, "registration cannot be null"); return withRegistrationId(registration.getRegistrationId()).entityId(registration.getEntityId()) - .signingX509Credentials((c) -> c.addAll(registration.getSigningX509Credentials())) - .decryptionX509Credentials((c) -> c.addAll(registration.getDecryptionX509Credentials())) - .assertionConsumerServiceLocation(registration.getAssertionConsumerServiceLocation()) - .assertionConsumerServiceBinding(registration.getAssertionConsumerServiceBinding()) - .singleLogoutServiceLocation(registration.getSingleLogoutServiceLocation()) - .singleLogoutServiceResponseLocation(registration.getSingleLogoutServiceResponseLocation()) - .singleLogoutServiceBindings((c) -> c.addAll(registration.getSingleLogoutServiceBindings())) - .nameIdFormat(registration.getNameIdFormat()) - .assertingPartyDetails((assertingParty) -> assertingParty - .entityId(registration.getAssertingPartyDetails().getEntityId()) - .wantAuthnRequestsSigned(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) - .signingAlgorithms((algorithms) -> algorithms - .addAll(registration.getAssertingPartyDetails().getSigningAlgorithms())) - .verificationX509Credentials((c) -> c - .addAll(registration.getAssertingPartyDetails().getVerificationX509Credentials())) - .encryptionX509Credentials( - (c) -> c.addAll(registration.getAssertingPartyDetails().getEncryptionX509Credentials())) - .singleSignOnServiceLocation( - registration.getAssertingPartyDetails().getSingleSignOnServiceLocation()) - .singleSignOnServiceBinding( - registration.getAssertingPartyDetails().getSingleSignOnServiceBinding()) - .singleLogoutServiceLocation( - registration.getAssertingPartyDetails().getSingleLogoutServiceLocation()) - .singleLogoutServiceResponseLocation( - registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation()) - .singleLogoutServiceBinding( - registration.getAssertingPartyDetails().getSingleLogoutServiceBinding())); + .signingX509Credentials((c) -> c.addAll(registration.getSigningX509Credentials())) + .decryptionX509Credentials((c) -> c.addAll(registration.getDecryptionX509Credentials())) + .assertionConsumerServiceLocation(registration.getAssertionConsumerServiceLocation()) + .assertionConsumerServiceBinding(registration.getAssertionConsumerServiceBinding()) + .singleLogoutServiceLocation(registration.getSingleLogoutServiceLocation()) + .singleLogoutServiceResponseLocation(registration.getSingleLogoutServiceResponseLocation()) + .singleLogoutServiceBindings((c) -> c.addAll(registration.getSingleLogoutServiceBindings())) + .nameIdFormat(registration.getNameIdFormat()) + .assertingPartyDetails((assertingParty) -> assertingParty + .entityId(registration.getAssertingPartyDetails().getEntityId()) + .wantAuthnRequestsSigned(registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) + .signingAlgorithms((algorithms) -> algorithms + .addAll(registration.getAssertingPartyDetails().getSigningAlgorithms())) + .verificationX509Credentials( + (c) -> c.addAll(registration.getAssertingPartyDetails().getVerificationX509Credentials())) + .encryptionX509Credentials( + (c) -> c.addAll(registration.getAssertingPartyDetails().getEncryptionX509Credentials())) + .singleSignOnServiceLocation(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation()) + .singleSignOnServiceBinding(registration.getAssertingPartyDetails().getSingleSignOnServiceBinding()) + .singleLogoutServiceLocation(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation()) + .singleLogoutServiceResponseLocation( + registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation()) + .singleLogoutServiceBinding(registration.getAssertingPartyDetails().getSingleLogoutServiceBinding())); } private static Saml2X509Credential fromDeprecated( diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/Saml2MessageBinding.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/Saml2MessageBinding.java index 015aa81d96..ebc53b8c67 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/Saml2MessageBinding.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/Saml2MessageBinding.java @@ -22,12 +22,13 @@ package org.springframework.security.saml2.provider.service.registration; * {@code urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect}. In addition there is * support for {@code urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect} with an XML * signature in the message rather than query parameters. + * * @since 5.3 */ public enum Saml2MessageBinding { - POST("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"), REDIRECT( - "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"); + POST("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"), + REDIRECT("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"); private final String urn; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java index cc5f77c318..076139cd26 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultRelyingPartyRegistrationResolver.java @@ -79,8 +79,9 @@ public final class DefaultRelyingPartyRegistrationResolver this.logger.trace("Attempting to resolve from " + this.registrationRequestMatcher + " since registrationId is null"); } - relyingPartyRegistrationId = this.registrationRequestMatcher.matcher(request).getVariables() - .get("registrationId"); + relyingPartyRegistrationId = this.registrationRequestMatcher.matcher(request) + .getVariables() + .get("registrationId"); } if (relyingPartyRegistrationId == null) { if (this.logger.isTraceEnabled()) { @@ -89,7 +90,7 @@ public final class DefaultRelyingPartyRegistrationResolver return null; } RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository - .findByRegistrationId(relyingPartyRegistrationId); + .findByRegistrationId(relyingPartyRegistrationId); if (relyingPartyRegistration == null) { return null; } @@ -97,15 +98,17 @@ public final class DefaultRelyingPartyRegistrationResolver Function templateResolver = templateResolver(applicationUri, relyingPartyRegistration); String relyingPartyEntityId = templateResolver.apply(relyingPartyRegistration.getEntityId()); String assertionConsumerServiceLocation = templateResolver - .apply(relyingPartyRegistration.getAssertionConsumerServiceLocation()); + .apply(relyingPartyRegistration.getAssertionConsumerServiceLocation()); String singleLogoutServiceLocation = templateResolver - .apply(relyingPartyRegistration.getSingleLogoutServiceLocation()); + .apply(relyingPartyRegistration.getSingleLogoutServiceLocation()); String singleLogoutServiceResponseLocation = templateResolver - .apply(relyingPartyRegistration.getSingleLogoutServiceResponseLocation()); + .apply(relyingPartyRegistration.getSingleLogoutServiceResponseLocation()); return RelyingPartyRegistration.withRelyingPartyRegistration(relyingPartyRegistration) - .entityId(relyingPartyEntityId).assertionConsumerServiceLocation(assertionConsumerServiceLocation) - .singleLogoutServiceLocation(singleLogoutServiceLocation) - .singleLogoutServiceResponseLocation(singleLogoutServiceResponseLocation).build(); + .entityId(relyingPartyEntityId) + .assertionConsumerServiceLocation(assertionConsumerServiceLocation) + .singleLogoutServiceLocation(singleLogoutServiceLocation) + .singleLogoutServiceResponseLocation(singleLogoutServiceResponseLocation) + .build(); } private Function templateResolver(String applicationUri, RelyingPartyRegistration relyingParty) { @@ -119,8 +122,10 @@ public final class DefaultRelyingPartyRegistrationResolver String entityId = relyingParty.getAssertingPartyDetails().getEntityId(); String registrationId = relyingParty.getRegistrationId(); Map uriVariables = new HashMap<>(); - UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(baseUrl).replaceQuery(null).fragment(null) - .build(); + UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(baseUrl) + .replaceQuery(null) + .fragment(null) + .build(); String scheme = uriComponents.getScheme(); uriVariables.put("baseScheme", (scheme != null) ? scheme : ""); String host = uriComponents.getHost(); @@ -141,7 +146,10 @@ public final class DefaultRelyingPartyRegistrationResolver private static String getApplicationUri(HttpServletRequest request) { UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)) - .replacePath(request.getContextPath()).replaceQuery(null).fragment(null).build(); + .replacePath(request.getContextPath()) + .replaceQuery(null) + .fragment(null) + .build(); return uriComponents.toUriString(); } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java index f054a88759..898efb68f8 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/DefaultSaml2AuthenticationRequestContextResolver.java @@ -82,10 +82,12 @@ public final class DefaultSaml2AuthenticationRequestContextResolver private Saml2AuthenticationRequestContext createRedirectAuthenticationRequestContext(HttpServletRequest request, RelyingPartyRegistration relyingParty) { - return Saml2AuthenticationRequestContext.builder().issuer(relyingParty.getEntityId()) - .relyingPartyRegistration(relyingParty) - .assertionConsumerServiceUrl(relyingParty.getAssertionConsumerServiceLocation()) - .relayState(request.getParameter(Saml2ParameterNames.RELAY_STATE)).build(); + return Saml2AuthenticationRequestContext.builder() + .issuer(relyingParty.getEntityId()) + .relyingPartyRegistration(relyingParty) + .assertionConsumerServiceUrl(relyingParty.getAssertionConsumerServiceLocation()) + .relayState(request.getParameter(Saml2ParameterNames.RELAY_STATE)) + .build(); } } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java index 3727b22105..1189a3f961 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/HttpSessionSaml2AuthenticationRequestRepository.java @@ -34,7 +34,8 @@ public class HttpSessionSaml2AuthenticationRequestRepository implements Saml2AuthenticationRequestRepository { private static final String DEFAULT_SAML2_AUTHN_REQUEST_ATTR_NAME = HttpSessionSaml2AuthenticationRequestRepository.class - .getName().concat(".SAML2_AUTHN_REQUEST"); + .getName() + .concat(".SAML2_AUTHN_REQUEST"); private String saml2AuthnRequestAttributeName = DEFAULT_SAML2_AUTHN_REQUEST_ATTR_NAME; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java index cc963783b8..813a049fd9 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.java @@ -163,7 +163,7 @@ public final class Saml2AuthenticationTokenConverter implements AuthenticationCo private static int[] genValueMapping() { byte[] alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" - .getBytes(StandardCharsets.ISO_8859_1); + .getBytes(StandardCharsets.ISO_8859_1); int[] values = new int[256]; Arrays.fill(values, -1); @@ -188,14 +188,14 @@ public final class Saml2AuthenticationTokenConverter implements AuthenticationCo // in cases of an incomplete final chunk, ensure the unused bits are zero switch (goodChars % 4) { - case 0: - return true; - case 2: - return (lastGoodCharVal & 0b1111) == 0; - case 3: - return (lastGoodCharVal & 0b11) == 0; - default: - return false; + case 0: + return true; + case 2: + return (lastGoodCharVal & 0b1111) == 0; + case 3: + return (lastGoodCharVal & 0b11) == 0; + default: + return false; } } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilter.java index 7803d789f1..9cd0cfcb0e 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilter.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilter.java @@ -101,7 +101,8 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter } try { return (Saml2AuthenticationRequestFactory) ClassUtils.forName(opensamlClassName, null) - .getDeclaredConstructor().newInstance(); + .getDeclaredConstructor() + .newInstance(); } catch (Exception ex) { throw new IllegalStateException(ex); @@ -198,7 +199,7 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter Saml2RedirectAuthenticationRequest authenticationRequest) throws IOException { this.authenticationRequestRepository.saveAuthenticationRequest(authenticationRequest, request, response); UriComponentsBuilder uriBuilder = UriComponentsBuilder - .fromUriString(authenticationRequest.getAuthenticationRequestUri()); + .fromUriString(authenticationRequest.getAuthenticationRequestUri()); addParameter(Saml2ParameterNames.SAML_REQUEST, authenticationRequest.getSamlRequest(), uriBuilder); addParameter(Saml2ParameterNames.RELAY_STATE, authenticationRequest.getRelayState(), uriBuilder); addParameter(Saml2ParameterNames.SIG_ALG, authenticationRequest.getSigAlg(), uriBuilder); @@ -231,7 +232,7 @@ public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter html.append("\n"); html.append("\n").append(" \n"); html.append(" this.filter.setMetadataFilename(" ")) - .withMessage("metadataFilename cannot be empty"); + .withMessage("metadataFilename cannot be empty"); } @Test public void setMetadataFilenameWhenMissingRegistrationIdVariableThenThrowsException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> this.filter.setMetadataFilename("metadata-filename.xml")) - .withMessage("metadataFilename must contain a {registrationId} match variable"); + .isThrownBy(() -> this.filter.setMetadataFilename("metadata-filename.xml")) + .withMessage("metadataFilename must contain a {registrationId} match variable"); } } diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilterTests.java index df450dea92..fea3bdef40 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2WebSsoAuthenticationRequestFilterTests.java @@ -95,9 +95,10 @@ public class Saml2WebSsoAuthenticationRequestFilterTests { } }; this.rpBuilder = RelyingPartyRegistration.withRegistrationId("registration-id") - .providerDetails((c) -> c.entityId("idp-entity-id")).providerDetails((c) -> c.webSsoUrl(IDP_SSO_URL)) - .assertionConsumerServiceUrlTemplate("template") - .credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential())); + .providerDetails((c) -> c.entityId("idp-entity-id")) + .providerDetails((c) -> c.webSsoUrl(IDP_SSO_URL)) + .assertionConsumerServiceUrlTemplate("template") + .credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential())); this.filter.setAuthenticationRequestRepository(this.authenticationRequestRepository); } @@ -117,20 +118,23 @@ public class Saml2WebSsoAuthenticationRequestFilterTests { private static Saml2RedirectAuthenticationRequest.Builder redirectAuthenticationRequest( Saml2AuthenticationRequestContext context) { - return Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(context).samlRequest("request") - .authenticationRequestUri(IDP_SSO_URL); + return Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(context) + .samlRequest("request") + .authenticationRequestUri(IDP_SSO_URL); } private static Saml2RedirectAuthenticationRequest.Builder redirectAuthenticationRequest( RelyingPartyRegistration registration) { - return Saml2RedirectAuthenticationRequest.withRelyingPartyRegistration(registration).samlRequest("request") - .authenticationRequestUri(IDP_SSO_URL); + return Saml2RedirectAuthenticationRequest.withRelyingPartyRegistration(registration) + .samlRequest("request") + .authenticationRequestUri(IDP_SSO_URL); } private static Saml2PostAuthenticationRequest.Builder postAuthenticationRequest( Saml2AuthenticationRequestContext context) { - return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(context).samlRequest("request") - .authenticationRequestUri(IDP_SSO_URL); + return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(context) + .samlRequest("request") + .authenticationRequestUri(IDP_SSO_URL); } @Test @@ -153,19 +157,21 @@ public class Saml2WebSsoAuthenticationRequestFilterTests { given(this.factory.createRedirectAuthenticationRequest(any())).willReturn(request); this.filter.doFilterInternal(this.request, this.response, this.filterChain); assertThat(this.response.getHeader("Location")).contains("RelayState=" + relayStateEncoded) - .startsWith(IDP_SSO_URL); + .startsWith(IDP_SSO_URL); } @Test public void doFilterWhenSimpleSignatureSpecifiedThenSignatureParametersAreInTheRedirectURL() throws Exception { Saml2AuthenticationRequestContext context = authenticationRequestContext().build(); Saml2RedirectAuthenticationRequest request = redirectAuthenticationRequest(context).sigAlg("sigalg") - .signature("signature").build(); + .signature("signature") + .build(); given(this.resolver.resolve(any())).willReturn(context); given(this.factory.createRedirectAuthenticationRequest(any())).willReturn(request); this.filter.doFilterInternal(this.request, this.response, this.filterChain); - assertThat(this.response.getHeader("Location")).contains("SigAlg=").contains("Signature=") - .startsWith(IDP_SSO_URL); + assertThat(this.response.getHeader("Location")).contains("SigAlg=") + .contains("Signature=") + .startsWith(IDP_SSO_URL); } @Test @@ -175,8 +181,9 @@ public class Saml2WebSsoAuthenticationRequestFilterTests { given(this.resolver.resolve(any())).willReturn(context); given(this.factory.createRedirectAuthenticationRequest(any())).willReturn(request); this.filter.doFilterInternal(this.request, this.response, this.filterChain); - assertThat(this.response.getHeader("Location")).doesNotContain("SigAlg=").doesNotContain("Signature=") - .startsWith(IDP_SSO_URL); + assertThat(this.response.getHeader("Location")).doesNotContain("SigAlg=") + .doesNotContain("Signature=") + .startsWith(IDP_SSO_URL); } @Test @@ -184,10 +191,11 @@ public class Saml2WebSsoAuthenticationRequestFilterTests { String relayStateValue = "https://my-relay-state.example.com?with=param&other=param&javascript{alert('1');}"; String relayStateEncoded = HtmlUtils.htmlEscape(relayStateValue); RelyingPartyRegistration registration = this.rpBuilder - .assertingPartyDetails((asserting) -> asserting.singleSignOnServiceBinding(Saml2MessageBinding.POST)) - .build(); + .assertingPartyDetails((asserting) -> asserting.singleSignOnServiceBinding(Saml2MessageBinding.POST)) + .build(); Saml2AuthenticationRequestContext context = authenticationRequestContext().relayState(relayStateValue) - .relyingPartyRegistration(registration).build(); + .relyingPartyRegistration(registration) + .build(); Saml2PostAuthenticationRequest request = postAuthenticationRequest(context).build(); given(this.resolver.resolve(any())).willReturn(context); given(this.factory.createPostAuthenticationRequest(any())).willReturn(request); @@ -195,10 +203,10 @@ public class Saml2WebSsoAuthenticationRequestFilterTests { assertThat(this.response.getHeader("Location")).isNull(); assertThat(this.response.getContentAsString()).contains( " "SecurityContextHolder not populated with remember-me token, as it already contained: '" + + this.securityContextHolderStrategy.getContext().getAuthentication() + "'")); chain.doFilter(request, response); return; } @@ -134,9 +134,9 @@ public class RememberMeAuthenticationFilter extends GenericFilterBean implements } catch (AuthenticationException ex) { this.logger.debug(LogMessage - .format("SecurityContextHolder not populated with remember-me token, as AuthenticationManager " - + "rejected Authentication returned by RememberMeServices: '%s'; " - + "invalidating remember-me token", rememberMeAuth), + .format("SecurityContextHolder not populated with remember-me token, as AuthenticationManager " + + "rejected Authentication returned by RememberMeServices: '%s'; " + + "invalidating remember-me token", rememberMeAuth), ex); this.rememberMeServices.loginFail(request, response); onUnsuccessfulAuthentication(request, response, ex); diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java index e624cb5334..f59845d060 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java +++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java @@ -238,8 +238,8 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices { setCookie(new String[] { username, Long.toString(expiryTime), this.encodingAlgorithm.name(), signatureValue }, tokenLifetime, request, response); if (this.logger.isDebugEnabled()) { - this.logger.debug( - "Added remember-me cookie for user '" + username + "', expiry: '" + new Date(expiryTime) + "'"); + this.logger + .debug("Added remember-me cookie for user '" + username + "', expiry: '" + new Date(expiryTime) + "'"); } } diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java index 3f7183b5a7..a6f1ba4fb2 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java +++ b/web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java @@ -127,7 +127,7 @@ public abstract class AbstractSessionFixationProtectionStrategy */ protected void onSessionChange(String originalSessionId, HttpSession newSession, Authentication auth) { this.applicationEventPublisher - .publishEvent(new SessionFixationProtectionEvent(auth, originalSessionId, newSession.getId())); + .publishEvent(new SessionFixationProtectionEvent(auth, originalSessionId, newSession.getId())); } /** diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java index aea3aa9e7d..aefab345ee 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java @@ -119,7 +119,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR"; private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private ApplicationEventPublisher eventPublisher; @@ -258,7 +258,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv Authentication current = this.securityContextHolderStrategy.getContext().getAuthentication(); if (current == null) { throw new AuthenticationCredentialsNotFoundException(this.messages - .getMessage("SwitchUserFilter.noCurrentUser", "No current user associated with this request")); + .getMessage("SwitchUserFilter.noCurrentUser", "No current user associated with this request")); } // check to see if the current user did actual switch to another user // if so, get the original source user so we can switch back @@ -266,7 +266,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv if (original == null) { this.logger.debug("Failed to find original user"); throw new AuthenticationCredentialsNotFoundException(this.messages - .getMessage("SwitchUserFilter.noOriginalAuthentication", "Failed to find original user")); + .getMessage("SwitchUserFilter.noOriginalAuthentication", "Failed to find original user")); } // get the source user details UserDetails originalUser = null; diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java index 06f0955c65..7678da221a 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java @@ -133,7 +133,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean { this.openIDusernameParameter = "openid_identifier"; if (openIDFilter.getRememberMeServices() instanceof AbstractRememberMeServices) { this.openIDrememberMeParameter = ((AbstractRememberMeServices) openIDFilter.getRememberMeServices()) - .getParameter(); + .getParameter(); } } @@ -243,7 +243,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean { HttpSession session = request.getSession(false); if (session != null) { AuthenticationException ex = (AuthenticationException) session - .getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); + .getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); errorMsg = (ex != null) ? ex.getMessage() : "Invalid credentials"; } } @@ -301,7 +301,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean { sb.append(createLogoutSuccess(logoutSuccess)); sb.append("\n"); for (Map.Entry clientAuthenticationUrlToClientName : this.oauth2AuthenticationUrlToClientName - .entrySet()) { + .entrySet()) { sb.append("
"); String url = clientAuthenticationUrlToClientName.getKey(); sb.append(""); @@ -318,7 +318,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean { sb.append(createLogoutSuccess(logoutSuccess)); sb.append("\n"); for (Map.Entry relyingPartyUrlToName : this.saml2AuthenticationUrlToProviderName - .entrySet()) { + .entrySet()) { sb.append("
"); String url = relyingPartyUrlToName.getKey(); sb.append(""); diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java index f7aae1c84a..c4c667c778 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationConverter.java @@ -95,7 +95,7 @@ public class BasicAuthenticationConverter implements AuthenticationConverter { throw new BadCredentialsException("Invalid basic authentication token"); } UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken - .unauthenticated(token.substring(0, delim), token.substring(delim + 1)); + .unauthenticated(token.substring(0, delim), token.substring(delim + 1)); result.setDetails(this.authenticationDetailsSource.buildDetails(request)); return result; } diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java index 79b1985ee8..b2a3b2bdb8 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java @@ -93,7 +93,7 @@ import org.springframework.web.filter.OncePerRequestFilter; public class BasicAuthenticationFilter extends OncePerRequestFilter { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private AuthenticationEntryPoint authenticationEntryPoint; diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java index 1f5793f58d..3301ee463b 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java @@ -96,7 +96,7 @@ public class DigestAuthenticationFilter extends GenericFilterBean implements Mes private static final Log logger = LogFactory.getLog(DigestAuthenticationFilter.class); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); diff --git a/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java b/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java index 5350679cf3..b417e45e7a 100644 --- a/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java +++ b/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java @@ -29,9 +29,9 @@ import org.springframework.security.core.Authentication; * {@link Authentication#getPrincipal()}. This is necessary to signal that the argument * should be resolved to the current user rather than a user that might be edited on a * form. + * * @deprecated Use * {@link org.springframework.security.core.annotation.AuthenticationPrincipal} instead. - * * @author Rob Winch * @since 3.2 */ diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java index 3ee4158749..892bf6d392 100644 --- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java +++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java @@ -94,7 +94,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo protected final Log logger = LogFactory.getLog(this.getClass()); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); /** * SecurityContext instance used to check for equality with default (unauthenticated) @@ -228,8 +228,8 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo } if (this.logger.isTraceEnabled()) { - this.logger.trace( - LogMessage.format("Retrieved %s from %s", contextFromSession, this.springSecurityContextKey)); + this.logger + .trace(LogMessage.format("Retrieved %s from %s", contextFromSession, this.springSecurityContextKey)); } else if (this.logger.isDebugEnabled()) { this.logger.debug(LogMessage.format("Retrieved %s", contextFromSession)); diff --git a/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java index 2a0727af31..2098237e21 100644 --- a/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java +++ b/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java @@ -31,7 +31,7 @@ import org.springframework.util.Assert; public final class NullSecurityContextRepository implements SecurityContextRepository { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); @Override public boolean containsContext(HttpServletRequest request) { diff --git a/web/src/main/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepository.java index f790434754..ac070bdf39 100644 --- a/web/src/main/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepository.java +++ b/web/src/main/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepository.java @@ -47,12 +47,12 @@ public final class RequestAttributeSecurityContextRepository implements Security * The default request attribute name to use. */ public static final String DEFAULT_REQUEST_ATTR_NAME = RequestAttributeSecurityContextRepository.class.getName() - .concat(".SPRING_SECURITY_CONTEXT"); + .concat(".SPRING_SECURITY_CONTEXT"); private final String requestAttributeName; private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); /** * Creates a new instance using {@link #DEFAULT_REQUEST_ATTR_NAME}. diff --git a/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java b/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java index 9831730fd3..f8e2bb54a5 100644 --- a/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java +++ b/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java @@ -49,7 +49,7 @@ import org.springframework.util.Assert; public abstract class SaveContextOnUpdateOrErrorResponseWrapper extends OnCommittedResponseWrapper { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private boolean contextSaved = false; diff --git a/web/src/main/java/org/springframework/security/web/context/SecurityContextHolderFilter.java b/web/src/main/java/org/springframework/security/web/context/SecurityContextHolderFilter.java index 9d5360663c..9dc88b31ea 100644 --- a/web/src/main/java/org/springframework/security/web/context/SecurityContextHolderFilter.java +++ b/web/src/main/java/org/springframework/security/web/context/SecurityContextHolderFilter.java @@ -52,7 +52,7 @@ public class SecurityContextHolderFilter extends GenericFilterBean { private final SecurityContextRepository securityContextRepository; private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); /** * Creates a new instance. diff --git a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java index ec37e4587f..c752a3ad4d 100644 --- a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java +++ b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java @@ -69,7 +69,7 @@ public class SecurityContextPersistenceFilter extends GenericFilterBean { private SecurityContextRepository repo; private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private boolean forceEagerSessionCreation = false; @@ -111,7 +111,7 @@ public class SecurityContextPersistenceFilter extends GenericFilterBean { else { if (this.logger.isDebugEnabled()) { this.logger - .debug(LogMessage.format("Set SecurityContextHolder to %s", contextBeforeChainExecution)); + .debug(LogMessage.format("Set SecurityContextHolder to %s", contextBeforeChainExecution)); } } chain.doFilter(holder.getRequest(), holder.getResponse()); diff --git a/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java b/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java index c0e8993584..c65b144eb4 100644 --- a/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java +++ b/web/src/main/java/org/springframework/security/web/context/request/async/SecurityContextCallableProcessingInterceptor.java @@ -46,7 +46,7 @@ public final class SecurityContextCallableProcessingInterceptor extends Callable private volatile SecurityContext securityContext; private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); /** * Create a new {@link SecurityContextCallableProcessingInterceptor} that uses the diff --git a/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java index d4fffa6f6b..2b3c7bf850 100644 --- a/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java +++ b/web/src/main/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilter.java @@ -46,14 +46,14 @@ public final class WebAsyncManagerIntegrationFilter extends OncePerRequestFilter private static final Object CALLABLE_INTERCEPTOR_KEY = new Object(); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { WebAsyncManager asyncManager = WebAsyncUtils.getAsyncManager(request); SecurityContextCallableProcessingInterceptor securityProcessingInterceptor = (SecurityContextCallableProcessingInterceptor) asyncManager - .getCallableInterceptor(CALLABLE_INTERCEPTOR_KEY); + .getCallableInterceptor(CALLABLE_INTERCEPTOR_KEY); if (securityProcessingInterceptor == null) { SecurityContextCallableProcessingInterceptor interceptor = new SecurityContextCallableProcessingInterceptor(); interceptor.setSecurityContextHolderStrategy(this.securityContextHolderStrategy); diff --git a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java index 1cb38a6a93..72ab064a92 100644 --- a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java +++ b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java @@ -45,7 +45,7 @@ public final class CookieCsrfTokenRepository implements CsrfTokenRepository { static final String DEFAULT_CSRF_HEADER_NAME = "X-XSRF-TOKEN"; private static final String CSRF_TOKEN_REMOVED_ATTRIBUTE_NAME = CookieCsrfTokenRepository.class.getName() - .concat(".REMOVED"); + .concat(".REMOVED"); private String parameterName = DEFAULT_CSRF_PARAMETER_NAME; diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java index 3f966832a4..151c532595 100644 --- a/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java +++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java @@ -122,8 +122,8 @@ public final class CsrfFilter extends OncePerRequestFilter { String actualToken = this.requestHandler.resolveCsrfTokenValue(request, csrfToken); if (!equalsConstantTime(csrfToken.getToken(), actualToken)) { boolean missingToken = deferredCsrfToken.isGenerated(); - this.logger.debug( - LogMessage.of(() -> "Invalid CSRF token found for " + UrlUtils.buildFullRequestUrl(request))); + this.logger + .debug(LogMessage.of(() -> "Invalid CSRF token found for " + UrlUtils.buildFullRequestUrl(request))); AccessDeniedException exception = (!missingToken) ? new InvalidCsrfTokenException(csrfToken, actualToken) : new MissingCsrfTokenException(actualToken); this.accessDeniedHandler.handle(request, response, exception); diff --git a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java index 70c701b60e..468171aed3 100644 --- a/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java +++ b/web/src/main/java/org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.java @@ -38,7 +38,7 @@ public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository private static final String DEFAULT_CSRF_HEADER_NAME = "X-CSRF-TOKEN"; private static final String DEFAULT_CSRF_TOKEN_ATTR_NAME = HttpSessionCsrfTokenRepository.class.getName() - .concat(".CSRF_TOKEN"); + .concat(".CSRF_TOKEN"); private String parameterName = DEFAULT_CSRF_PARAMETER_NAME; diff --git a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java index c6e566a0c3..d3a9f7b334 100644 --- a/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java +++ b/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java @@ -91,19 +91,19 @@ public class StrictHttpFirewall implements HttpFirewall { private static final String PERCENT = "%"; private static final List FORBIDDEN_ENCODED_PERIOD = Collections - .unmodifiableList(Arrays.asList("%2e", "%2E")); + .unmodifiableList(Arrays.asList("%2e", "%2E")); private static final List FORBIDDEN_SEMICOLON = Collections - .unmodifiableList(Arrays.asList(";", "%3b", "%3B")); + .unmodifiableList(Arrays.asList(";", "%3b", "%3B")); private static final List FORBIDDEN_FORWARDSLASH = Collections - .unmodifiableList(Arrays.asList("%2f", "%2F")); + .unmodifiableList(Arrays.asList("%2f", "%2F")); private static final List FORBIDDEN_DOUBLE_FORWARDSLASH = Collections - .unmodifiableList(Arrays.asList("//", "%2f%2f", "%2f%2F", "%2F%2f", "%2F%2F")); + .unmodifiableList(Arrays.asList("//", "%2f%2f", "%2f%2F", "%2F%2f", "%2F%2F")); private static final List FORBIDDEN_BACKSLASH = Collections - .unmodifiableList(Arrays.asList("\\", "%5c", "%5C")); + .unmodifiableList(Arrays.asList("\\", "%5c", "%5C")); private static final List FORBIDDEN_NULL = Collections.unmodifiableList(Arrays.asList("\0", "%00")); @@ -114,7 +114,7 @@ public class StrictHttpFirewall implements HttpFirewall { private static final List FORBIDDEN_LINE_SEPARATOR = Collections.unmodifiableList(Arrays.asList("\u2028")); private static final List FORBIDDEN_PARAGRAPH_SEPARATOR = Collections - .unmodifiableList(Arrays.asList("\u2029")); + .unmodifiableList(Arrays.asList("\u2029")); private Set encodedUrlBlocklist = new HashSet<>(); @@ -125,7 +125,7 @@ public class StrictHttpFirewall implements HttpFirewall { private Predicate allowedHostnames = (hostname) -> true; private static final Pattern ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN = Pattern - .compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*"); + .compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*"); private static final Predicate ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE = ( s) -> ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN.matcher(s).matches(); @@ -513,8 +513,8 @@ public class StrictHttpFirewall implements HttpFirewall { private void rejectNonPrintableAsciiCharactersInFieldName(String toCheck, String propertyName) { if (!containsOnlyPrintableAsciiCharacters(toCheck)) { - throw new RequestRejectedException(String.format( - "The %s was rejected because it can only contain printable ASCII characters.", propertyName)); + throw new RequestRejectedException(String + .format("The %s was rejected because it can only contain printable ASCII characters.", propertyName)); } } diff --git a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java index 440fd94d46..fdb26eaccb 100644 --- a/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java +++ b/web/src/main/java/org/springframework/security/web/jaasapi/JaasApiIntegrationFilter.java @@ -54,7 +54,7 @@ import org.springframework.web.filter.GenericFilterBean; public class JaasApiIntegrationFilter extends GenericFilterBean { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private boolean createEmptySubject; diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java index 2f8009ad5b..aa5db12100 100644 --- a/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java +++ b/web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java @@ -91,7 +91,7 @@ import org.springframework.web.method.support.ModelAndViewContainer; public final class AuthenticationPrincipalArgumentResolver implements HandlerMethodArgumentResolver { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private ExpressionParser parser = new SpelExpressionParser(); diff --git a/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java b/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java index b3b643c6ee..05ef53a59c 100644 --- a/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java +++ b/web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java @@ -77,7 +77,7 @@ import org.springframework.web.method.support.ModelAndViewContainer; public final class CurrentSecurityContextArgumentResolver implements HandlerMethodArgumentResolver { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private ExpressionParser parser = new SpelExpressionParser(); diff --git a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java index 58c0db8e74..1e2d3d5556 100644 --- a/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java +++ b/web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolver.java @@ -73,12 +73,12 @@ public class AuthenticationPrincipalArgumentResolver extends HandlerMethodArgume public Mono resolveArgument(MethodParameter parameter, BindingContext bindingContext, ServerWebExchange exchange) { ReactiveAdapter adapter = getAdapterRegistry().getAdapter(parameter.getParameterType()); - return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication) - .flatMap((authentication) -> { - Mono principal = Mono - .justOrEmpty(resolvePrincipal(parameter, authentication.getPrincipal())); - return (adapter != null) ? Mono.just(adapter.fromPublisher(principal)) : principal; - }); + return ReactiveSecurityContextHolder.getContext() + .map(SecurityContext::getAuthentication) + .flatMap((authentication) -> { + Mono principal = Mono.justOrEmpty(resolvePrincipal(parameter, authentication.getPrincipal())); + return (adapter != null) ? Mono.just(adapter.fromPublisher(principal)) : principal; + }); } private Object resolvePrincipal(MethodParameter parameter, Object principal) { diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java index 9676025514..a44e9304c0 100644 --- a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java +++ b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java @@ -77,9 +77,14 @@ public class CookieRequestCache implements RequestCache { UriComponents uriComponents = UriComponentsBuilder.fromUriString(originalURI).build(); DefaultSavedRequest.Builder builder = new DefaultSavedRequest.Builder(); int port = getPort(uriComponents); - return builder.setScheme(uriComponents.getScheme()).setServerName(uriComponents.getHost()) - .setRequestURI(uriComponents.getPath()).setQueryString(uriComponents.getQuery()).setServerPort(port) - .setMethod(request.getMethod()).setLocales(Collections.list(request.getLocales())).build(); + return builder.setScheme(uriComponents.getScheme()) + .setServerName(uriComponents.getHost()) + .setRequestURI(uriComponents.getPath()) + .setQueryString(uriComponents.getQuery()) + .setServerPort(port) + .setMethod(request.getMethod()) + .setLocales(Collections.list(request.getLocales())) + .build(); } private int getPort(UriComponents uriComponents) { diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java index 620610f681..3c56241977 100644 --- a/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java +++ b/web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java @@ -373,8 +373,12 @@ public class DefaultSavedRequest implements SavedRequest { if (queryString == null || queryString.length() == 0) { return matchingRequestParameterName; } - return UriComponentsBuilder.newInstance().query(queryString).replaceQueryParam(matchingRequestParameterName) - .queryParam(matchingRequestParameterName).build().getQuery(); + return UriComponentsBuilder.newInstance() + .query(queryString) + .replaceQueryParam(matchingRequestParameterName) + .queryParam(matchingRequestParameterName) + .build() + .getQuery(); } /** diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java index 96ee4b467d..50d349ee36 100644 --- a/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java +++ b/web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java @@ -62,8 +62,8 @@ public class HttpSessionRequestCache implements RequestCache { public void saveRequest(HttpServletRequest request, HttpServletResponse response) { if (!this.requestMatcher.matches(request)) { if (this.logger.isTraceEnabled()) { - this.logger.trace( - LogMessage.format("Did not save request since it did not match [%s]", this.requestMatcher)); + this.logger + .trace(LogMessage.format("Did not save request since it did not match [%s]", this.requestMatcher)); } return; } diff --git a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java index 1a3ca56676..3c0da2cd59 100644 --- a/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java +++ b/web/src/main/java/org/springframework/security/web/server/DelegatingServerAuthenticationEntryPoint.java @@ -62,13 +62,15 @@ public class DelegatingServerAuthenticationEntryPoint implements ServerAuthentic @Override public Mono commence(ServerWebExchange exchange, AuthenticationException ex) { - return Flux.fromIterable(this.entryPoints).filterWhen((entry) -> isMatch(exchange, entry)).next() - .map((entry) -> entry.getEntryPoint()) - .doOnNext((entryPoint) -> logger.debug(LogMessage.format("Match found! Executing %s", entryPoint))) - .switchIfEmpty(Mono.just(this.defaultEntryPoint) - .doOnNext((entryPoint) -> logger.debug(LogMessage - .format("No match found. Using default entry point %s", this.defaultEntryPoint)))) - .flatMap((entryPoint) -> entryPoint.commence(exchange, ex)); + return Flux.fromIterable(this.entryPoints) + .filterWhen((entry) -> isMatch(exchange, entry)) + .next() + .map((entry) -> entry.getEntryPoint()) + .doOnNext((entryPoint) -> logger.debug(LogMessage.format("Match found! Executing %s", entryPoint))) + .switchIfEmpty(Mono.just(this.defaultEntryPoint) + .doOnNext((entryPoint) -> logger + .debug(LogMessage.format("No match found. Using default entry point %s", this.defaultEntryPoint)))) + .flatMap((entryPoint) -> entryPoint.commence(exchange, ex)); } private Mono isMatch(ServerWebExchange exchange, DelegateEntry entry) { diff --git a/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java b/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java index f4654ab25f..45eecd0694 100644 --- a/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java +++ b/web/src/main/java/org/springframework/security/web/server/WebFilterChainProxy.java @@ -49,11 +49,13 @@ public class WebFilterChainProxy implements WebFilter { @Override public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { return Flux.fromIterable(this.filters) - .filterWhen((securityWebFilterChain) -> securityWebFilterChain.matches(exchange)).next() - .switchIfEmpty(chain.filter(exchange).then(Mono.empty())) - .flatMap((securityWebFilterChain) -> securityWebFilterChain.getWebFilters().collectList()) - .map((filters) -> new FilteringWebHandler(chain::filter, filters)).map(DefaultWebFilterChain::new) - .flatMap((securedChain) -> securedChain.filter(exchange)); + .filterWhen((securityWebFilterChain) -> securityWebFilterChain.matches(exchange)) + .next() + .switchIfEmpty(chain.filter(exchange).then(Mono.empty())) + .flatMap((securityWebFilterChain) -> securityWebFilterChain.getWebFilters().collectList()) + .map((filters) -> new FilteringWebHandler(chain::filter, filters)) + .map(DefaultWebFilterChain::new) + .flatMap((securedChain) -> securedChain.filter(exchange)); } } diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java index 9f212b2c19..4849d1c409 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilter.java @@ -83,8 +83,8 @@ public class AnonymousAuthenticationWebFilter implements WebFilter { SecurityContext securityContext = new SecurityContextImpl(authentication); logger.debug(LogMessage.format("Populated SecurityContext with anonymous token: '%s'", authentication)); return chain.filter(exchange) - .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) - .then(Mono.empty()); + .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) + .then(Mono.empty()); })).flatMap((securityContext) -> { logger.debug(LogMessage.format("SecurityContext contains anonymous token: '%s'", securityContext.getAuthentication())); diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java index adea58aef4..540c87dd2a 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcher.java @@ -43,8 +43,10 @@ public final class AuthenticationConverterServerWebExchangeMatcher implements Se @Override public Mono matches(ServerWebExchange exchange) { - return this.serverAuthenticationConverter.convert(exchange).flatMap((a) -> MatchResult.match()) - .onErrorResume((ex) -> MatchResult.notMatch()).switchIfEmpty(MatchResult.notMatch()); + return this.serverAuthenticationConverter.convert(exchange) + .flatMap((a) -> MatchResult.match()) + .onErrorResume((ex) -> MatchResult.notMatch()) + .switchIfEmpty(MatchResult.notMatch()); } } diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java index 45178bb078..a1f4cf28e5 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java @@ -82,7 +82,7 @@ public class AuthenticationWebFilter implements WebFilter { new HttpBasicServerAuthenticationEntryPoint()); private ServerSecurityContextRepository securityContextRepository = NoOpServerSecurityContextRepository - .getInstance(); + .getInstance(); private ServerWebExchangeMatcher requiresAuthenticationMatcher = ServerWebExchangeMatchers.anyExchange(); @@ -108,23 +108,24 @@ public class AuthenticationWebFilter implements WebFilter { @Override public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { - return this.requiresAuthenticationMatcher.matches(exchange).filter((matchResult) -> matchResult.isMatch()) - .flatMap((matchResult) -> this.authenticationConverter.convert(exchange)) - .switchIfEmpty(chain.filter(exchange).then(Mono.empty())) - .flatMap((token) -> authenticate(exchange, chain, token)) - .onErrorResume(AuthenticationException.class, (ex) -> this.authenticationFailureHandler - .onAuthenticationFailure(new WebFilterExchange(exchange, chain), ex)); + return this.requiresAuthenticationMatcher.matches(exchange) + .filter((matchResult) -> matchResult.isMatch()) + .flatMap((matchResult) -> this.authenticationConverter.convert(exchange)) + .switchIfEmpty(chain.filter(exchange).then(Mono.empty())) + .flatMap((token) -> authenticate(exchange, chain, token)) + .onErrorResume(AuthenticationException.class, (ex) -> this.authenticationFailureHandler + .onAuthenticationFailure(new WebFilterExchange(exchange, chain), ex)); } private Mono authenticate(ServerWebExchange exchange, WebFilterChain chain, Authentication token) { return this.authenticationManagerResolver.resolve(exchange) - .flatMap((authenticationManager) -> authenticationManager.authenticate(token)) - .switchIfEmpty(Mono.defer( - () -> Mono.error(new IllegalStateException("No provider found for " + token.getClass())))) - .flatMap((authentication) -> onAuthenticationSuccess(authentication, - new WebFilterExchange(exchange, chain))) - .doOnError(AuthenticationException.class, - (ex) -> logger.debug(LogMessage.format("Authentication failed: %s", ex.getMessage()))); + .flatMap((authenticationManager) -> authenticationManager.authenticate(token)) + .switchIfEmpty(Mono + .defer(() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass())))) + .flatMap( + (authentication) -> onAuthenticationSuccess(authentication, new WebFilterExchange(exchange, chain))) + .doOnError(AuthenticationException.class, + (ex) -> logger.debug(LogMessage.format("Authentication failed: %s", ex.getMessage()))); } protected Mono onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange) { @@ -132,8 +133,8 @@ public class AuthenticationWebFilter implements WebFilter { SecurityContextImpl securityContext = new SecurityContextImpl(); securityContext.setAuthentication(authentication); return this.securityContextRepository.save(exchange, securityContext) - .then(this.authenticationSuccessHandler.onAuthenticationSuccess(webFilterExchange, authentication)) - .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))); + .then(this.authenticationSuccessHandler.onAuthenticationSuccess(webFilterExchange, authentication)) + .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))); } /** diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java index edd81bcaf4..851e80620a 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandler.java @@ -45,7 +45,8 @@ public class DelegatingServerAuthenticationSuccessHandler implements ServerAuthe @Override public Mono onAuthenticationSuccess(WebFilterExchange exchange, Authentication authentication) { return Flux.fromIterable(this.delegates) - .concatMap((delegate) -> delegate.onAuthenticationSuccess(exchange, authentication)).then(); + .concatMap((delegate) -> delegate.onAuthenticationSuccess(exchange, authentication)) + .then(); } } diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java index f60ee37a6e..83cc524283 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.java @@ -58,15 +58,18 @@ public class ReactivePreAuthenticatedAuthenticationManager implements ReactiveAu @Override public Mono authenticate(Authentication authentication) { - return Mono.just(authentication).filter(this::supports).map(Authentication::getName) - .flatMap(this.userDetailsService::findByUsername) - .switchIfEmpty(Mono.error(() -> new UsernameNotFoundException("User not found"))) - .doOnNext(this.userDetailsChecker::check).map((userDetails) -> { - PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(userDetails, - authentication.getCredentials(), userDetails.getAuthorities()); - result.setDetails(authentication.getDetails()); - return result; - }); + return Mono.just(authentication) + .filter(this::supports) + .map(Authentication::getName) + .flatMap(this.userDetailsService::findByUsername) + .switchIfEmpty(Mono.error(() -> new UsernameNotFoundException("User not found"))) + .doOnNext(this.userDetailsChecker::check) + .map((userDetails) -> { + PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(userDetails, + authentication.getCredentials(), userDetails.getAuthorities()); + result.setDetails(authentication.getDetails()); + return result; + }); } private boolean supports(Authentication authentication) { diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java index d4eedc4512..c1b091d50a 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationEntryPoint.java @@ -64,7 +64,7 @@ public class RedirectServerAuthenticationEntryPoint implements ServerAuthenticat @Override public Mono commence(ServerWebExchange exchange, AuthenticationException ex) { return this.requestCache.saveRequest(exchange) - .then(this.redirectStrategy.sendRedirect(exchange, this.location)); + .then(this.redirectStrategy.sendRedirect(exchange, this.location)); } /** diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java index 8ef9e8635f..8ad9ecf71b 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandler.java @@ -72,8 +72,9 @@ public class RedirectServerAuthenticationSuccessHandler implements ServerAuthent @Override public Mono onAuthenticationSuccess(WebFilterExchange webFilterExchange, Authentication authentication) { ServerWebExchange exchange = webFilterExchange.getExchange(); - return this.requestCache.getRedirectUri(exchange).defaultIfEmpty(this.location) - .flatMap((location) -> this.redirectStrategy.sendRedirect(exchange, location)); + return this.requestCache.getRedirectUri(exchange) + .defaultIfEmpty(this.location) + .flatMap((location) -> this.redirectStrategy.sendRedirect(exchange, location)); } /** diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.java index a28facf95b..686f891fa1 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.java @@ -48,7 +48,7 @@ public final class ServerWebExchangeDelegatingReactiveAuthenticationManagerResol private final List> authenticationManagers; private ReactiveAuthenticationManager defaultAuthenticationManager = (authentication) -> Mono - .error(new AuthenticationServiceException("Cannot authenticate " + authentication)); + .error(new AuthenticationServiceException("Cannot authenticate " + authentication)); /** * Construct an @@ -78,8 +78,11 @@ public final class ServerWebExchangeDelegatingReactiveAuthenticationManagerResol */ @Override public Mono resolve(ServerWebExchange exchange) { - return Flux.fromIterable(this.authenticationManagers).filterWhen((entry) -> isMatch(exchange, entry)).next() - .map(ServerWebExchangeMatcherEntry::getEntry).defaultIfEmpty(this.defaultAuthenticationManager); + return Flux.fromIterable(this.authenticationManagers) + .filterWhen((entry) -> isMatch(exchange, entry)) + .next() + .map(ServerWebExchangeMatcherEntry::getEntry) + .defaultIfEmpty(this.defaultAuthenticationManager); } /** diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java index cb1ae04807..6bdfe45cbb 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java @@ -158,13 +158,14 @@ public class SwitchUserWebFilter implements WebFilter { public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { final WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain); return switchUser(webFilterExchange).switchIfEmpty(Mono.defer(() -> exitSwitchUser(webFilterExchange))) - .switchIfEmpty(Mono.defer(() -> { - this.logger.trace( - LogMessage.format("Did not attempt to switch user since request did not match [%s] or [%s]", - this.switchUserMatcher, this.exitUserMatcher)); - return chain.filter(exchange).then(Mono.empty()); - })).flatMap((authentication) -> onAuthenticationSuccess(authentication, webFilterExchange)) - .onErrorResume(SwitchUserAuthenticationException.class, (exception) -> Mono.empty()); + .switchIfEmpty(Mono.defer(() -> { + this.logger + .trace(LogMessage.format("Did not attempt to switch user since request did not match [%s] or [%s]", + this.switchUserMatcher, this.exitUserMatcher)); + return chain.filter(exchange).then(Mono.empty()); + })) + .flatMap((authentication) -> onAuthenticationSuccess(authentication, webFilterExchange)) + .onErrorResume(SwitchUserAuthenticationException.class, (exception) -> Mono.empty()); } /** @@ -177,13 +178,15 @@ public class SwitchUserWebFilter implements WebFilter { */ protected Mono switchUser(WebFilterExchange webFilterExchange) { return this.switchUserMatcher.matches(webFilterExchange.getExchange()) - .filter(ServerWebExchangeMatcher.MatchResult::isMatch) - .flatMap((matchResult) -> ReactiveSecurityContextHolder.getContext()) - .map(SecurityContext::getAuthentication).flatMap((currentAuthentication) -> { - String username = getUsername(webFilterExchange.getExchange()); - return attemptSwitchUser(currentAuthentication, username); - }).onErrorResume(AuthenticationException.class, (ex) -> onAuthenticationFailure(ex, webFilterExchange) - .then(Mono.error(new SwitchUserAuthenticationException(ex)))); + .filter(ServerWebExchangeMatcher.MatchResult::isMatch) + .flatMap((matchResult) -> ReactiveSecurityContextHolder.getContext()) + .map(SecurityContext::getAuthentication) + .flatMap((currentAuthentication) -> { + String username = getUsername(webFilterExchange.getExchange()); + return attemptSwitchUser(currentAuthentication, username); + }) + .onErrorResume(AuthenticationException.class, (ex) -> onAuthenticationFailure(ex, webFilterExchange) + .then(Mono.error(new SwitchUserAuthenticationException(ex)))); } /** @@ -196,11 +199,11 @@ public class SwitchUserWebFilter implements WebFilter { */ protected Mono exitSwitchUser(WebFilterExchange webFilterExchange) { return this.exitUserMatcher.matches(webFilterExchange.getExchange()) - .filter(ServerWebExchangeMatcher.MatchResult::isMatch) - .flatMap((matchResult) -> ReactiveSecurityContextHolder.getContext() - .map(SecurityContext::getAuthentication) - .switchIfEmpty(Mono.error(this::noCurrentUserException))) - .map(this::attemptExitUser); + .filter(ServerWebExchangeMatcher.MatchResult::isMatch) + .flatMap((matchResult) -> ReactiveSecurityContextHolder.getContext() + .map(SecurityContext::getAuthentication) + .switchIfEmpty(Mono.error(this::noCurrentUserException))) + .map(this::attemptExitUser); } /** @@ -217,9 +220,9 @@ public class SwitchUserWebFilter implements WebFilter { Assert.notNull(userName, "The userName can not be null."); this.logger.debug(LogMessage.format("Attempting to switch to user [%s]", userName)); return this.userDetailsService.findByUsername(userName) - .switchIfEmpty(Mono.error(this::noTargetAuthenticationException)) - .doOnNext(this.userDetailsChecker::check) - .map((userDetails) -> createSwitchUserToken(userDetails, currentAuthentication)); + .switchIfEmpty(Mono.error(this::noTargetAuthenticationException)) + .doOnNext(this.userDetailsChecker::check) + .map((userDetails) -> createSwitchUserToken(userDetails, currentAuthentication)); } @NonNull @@ -236,9 +239,9 @@ public class SwitchUserWebFilter implements WebFilter { ServerWebExchange exchange = webFilterExchange.getExchange(); SecurityContextImpl securityContext = new SecurityContextImpl(authentication); return this.securityContextRepository.save(exchange, securityContext) - .doOnSuccess((v) -> this.logger.debug(LogMessage.format("Switched user to %s", authentication))) - .then(this.successHandler.onAuthenticationSuccess(webFilterExchange, authentication)) - .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))); + .doOnSuccess((v) -> this.logger.debug(LogMessage.format("Switched user to %s", authentication))) + .then(this.successHandler.onAuthenticationSuccess(webFilterExchange, authentication)) + .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))); } private Mono onAuthenticationFailure(AuthenticationException exception, WebFilterExchange webFilterExchange) { diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandler.java index c05e29d585..11211caeae 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandler.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandler.java @@ -50,8 +50,9 @@ public class DelegatingServerLogoutHandler implements ServerLogoutHandler { @Override public Mono logout(WebFilterExchange exchange, Authentication authentication) { - return Flux.fromIterable(this.delegates).concatMap((delegate) -> delegate.logout(exchange, authentication)) - .then(); + return Flux.fromIterable(this.delegates) + .concatMap((delegate) -> delegate.logout(exchange, authentication)) + .then(); } } diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java index 5f888db0f9..bdf51c0be1 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java @@ -58,12 +58,15 @@ public class LogoutWebFilter implements WebFilter { @Override public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { - return this.requiresLogout.matches(exchange).filter((result) -> result.isMatch()) - .switchIfEmpty(chain.filter(exchange).then(Mono.empty())).map((result) -> exchange) - .flatMap(this::flatMapAuthentication).flatMap((authentication) -> { - WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain); - return logout(webFilterExchange, authentication); - }); + return this.requiresLogout.matches(exchange) + .filter((result) -> result.isMatch()) + .switchIfEmpty(chain.filter(exchange).then(Mono.empty())) + .map((result) -> exchange) + .flatMap(this::flatMapAuthentication) + .flatMap((authentication) -> { + WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain); + return logout(webFilterExchange, authentication); + }); } private Mono flatMapAuthentication(ServerWebExchange exchange) { @@ -73,8 +76,8 @@ public class LogoutWebFilter implements WebFilter { private Mono logout(WebFilterExchange webFilterExchange, Authentication authentication) { logger.debug(LogMessage.format("Logging out user '%s' and transferring to logout destination", authentication)); return this.logoutHandler.logout(webFilterExchange, authentication) - .then(this.logoutSuccessHandler.onLogoutSuccess(webFilterExchange, authentication)) - .subscriberContext(ReactiveSecurityContextHolder.clearContext()); + .then(this.logoutSuccessHandler.onLogoutSuccess(webFilterExchange, authentication)) + .subscriberContext(ReactiveSecurityContextHolder.clearContext()); } /** diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java index 6b8ee79eb5..6dc4cef0fc 100644 --- a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java @@ -46,13 +46,14 @@ public class AuthorizationWebFilter implements WebFilter { @Override public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { - return ReactiveSecurityContextHolder.getContext().filter((c) -> c.getAuthentication() != null) - .map(SecurityContext::getAuthentication) - .as((authentication) -> this.authorizationManager.verify(authentication, exchange)) - .doOnSuccess((it) -> logger.debug("Authorization successful")) - .doOnError(AccessDeniedException.class, - (ex) -> logger.debug(LogMessage.format("Authorization failed: %s", ex.getMessage()))) - .switchIfEmpty(chain.filter(exchange)); + return ReactiveSecurityContextHolder.getContext() + .filter((c) -> c.getAuthentication() != null) + .map(SecurityContext::getAuthentication) + .as((authentication) -> this.authorizationManager.verify(authentication, exchange)) + .doOnSuccess((it) -> logger.debug("Authorization successful")) + .doOnError(AccessDeniedException.class, + (ex) -> logger.debug(LogMessage.format("Authorization failed: %s", ex.getMessage()))) + .switchIfEmpty(chain.filter(exchange)); } } diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java index bfc0ff5a50..7e61d9911e 100644 --- a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java +++ b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java @@ -50,13 +50,19 @@ public final class DelegatingReactiveAuthorizationManager implements ReactiveAut @Override public Mono check(Mono authentication, ServerWebExchange exchange) { - return Flux.fromIterable(this.mappings).concatMap((mapping) -> mapping.getMatcher().matches(exchange) - .filter(MatchResult::isMatch).map(MatchResult::getVariables).flatMap((variables) -> { + return Flux.fromIterable(this.mappings) + .concatMap((mapping) -> mapping.getMatcher() + .matches(exchange) + .filter(MatchResult::isMatch) + .map(MatchResult::getVariables) + .flatMap((variables) -> { logger.debug(LogMessage.of(() -> "Checking authorization on '" + exchange.getRequest().getPath().pathWithinApplication() + "' using " + mapping.getEntry())); return mapping.getEntry().check(authentication, new AuthorizationContext(exchange, variables)); - })).next().defaultIfEmpty(new AuthorizationDecision(false)); + })) + .next() + .defaultIfEmpty(new AuthorizationDecision(false)); } public static DelegatingReactiveAuthorizationManager.Builder builder() { diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java index 0c7acb1596..b9597b146e 100644 --- a/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java @@ -51,13 +51,15 @@ public class ExceptionTranslationWebFilter implements WebFilter, MessageSourceAw @Override public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { - return chain.filter(exchange).onErrorResume(AccessDeniedException.class, (denied) -> exchange.getPrincipal() + return chain.filter(exchange) + .onErrorResume(AccessDeniedException.class, (denied) -> exchange.getPrincipal() .filter((principal) -> (!(principal instanceof Authentication) || (principal instanceof Authentication && !(this.authenticationTrustResolver.isAnonymous((Authentication) principal))))) .switchIfEmpty(commenceAuthentication(exchange, new InsufficientAuthenticationException( "Full authentication is required to access this resource"))) - .flatMap((principal) -> this.accessDeniedHandler.handle(exchange, denied)).then()); + .flatMap((principal) -> this.accessDeniedHandler.handle(exchange, denied)) + .then()); } /** @@ -102,8 +104,8 @@ public class ExceptionTranslationWebFilter implements WebFilter, MessageSourceAw private Mono commenceAuthentication(ServerWebExchange exchange, AuthenticationException denied) { return this.authenticationEntryPoint - .commence(exchange, new AuthenticationCredentialsNotFoundException("Not Authenticated", denied)) - .then(Mono.empty()); + .commence(exchange, new AuthenticationCredentialsNotFoundException("Not Authenticated", denied)) + .then(Mono.empty()); } } diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManager.java index 5b814a5276..98dfd5b3ee 100644 --- a/web/src/main/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManager.java +++ b/web/src/main/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManager.java @@ -41,8 +41,9 @@ public final class IpAddressReactiveAuthorizationManager implements ReactiveAuth @Override public Mono check(Mono authentication, AuthorizationContext context) { - return Mono.just(context.getExchange()).flatMap(this.ipAddressExchangeMatcher::matches) - .map((matchResult) -> new AuthorizationDecision(matchResult.isMatch())); + return Mono.just(context.getExchange()) + .flatMap(this.ipAddressExchangeMatcher::matches) + .map((matchResult) -> new AuthorizationDecision(matchResult.isMatch())); } /** diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java index 1fa697839c..d390c9ce1d 100644 --- a/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java +++ b/web/src/main/java/org/springframework/security/web/server/authorization/ServerWebExchangeDelegatingServerAccessDeniedHandler.java @@ -69,9 +69,12 @@ public class ServerWebExchangeDelegatingServerAccessDeniedHandler implements Ser @Override public Mono handle(ServerWebExchange exchange, AccessDeniedException denied) { - return Flux.fromIterable(this.handlers).filterWhen((entry) -> isMatch(exchange, entry)).next() - .map(DelegateEntry::getAccessDeniedHandler).defaultIfEmpty(this.defaultHandler) - .flatMap((handler) -> handler.handle(exchange, denied)); + return Flux.fromIterable(this.handlers) + .filterWhen((entry) -> isMatch(exchange, entry)) + .next() + .map(DelegateEntry::getAccessDeniedHandler) + .defaultIfEmpty(this.defaultHandler) + .flatMap((handler) -> handler.handle(exchange, denied)); } /** diff --git a/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java b/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java index f3b09650aa..b12ca0cb2d 100644 --- a/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/context/ReactorContextWebFilter.java @@ -44,13 +44,14 @@ public class ReactorContextWebFilter implements WebFilter { @Override public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { - return chain.filter(exchange).subscriberContext( - (context) -> context.hasKey(SecurityContext.class) ? context : withSecurityContext(context, exchange)); + return chain.filter(exchange) + .subscriberContext((context) -> context.hasKey(SecurityContext.class) ? context + : withSecurityContext(context, exchange)); } private Context withSecurityContext(Context mainContext, ServerWebExchange exchange) { return mainContext - .putAll(this.repository.load(exchange).as(ReactiveSecurityContextHolder::withSecurityContext)); + .putAll(this.repository.load(exchange).as(ReactiveSecurityContextHolder::withSecurityContext)); } } diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java index 31d92f2041..7d9c348c1c 100644 --- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java @@ -126,7 +126,7 @@ public class CsrfWebFilter implements WebFilter { public void setTokenFromMultipartDataEnabled(boolean tokenFromMultipartDataEnabled) { if (this.requestHandler instanceof ServerCsrfTokenRequestAttributeHandler) { ((ServerCsrfTokenRequestAttributeHandler) this.requestHandler) - .setTokenFromMultipartDataEnabled(tokenFromMultipartDataEnabled); + .setTokenFromMultipartDataEnabled(tokenFromMultipartDataEnabled); } } @@ -135,11 +135,13 @@ public class CsrfWebFilter implements WebFilter { if (Boolean.TRUE.equals(exchange.getAttribute(SHOULD_NOT_FILTER))) { return chain.filter(exchange).then(Mono.empty()); } - return this.requireCsrfProtectionMatcher.matches(exchange).filter(MatchResult::isMatch) - .filter((matchResult) -> !exchange.getAttributes().containsKey(CsrfToken.class.getName())) - .flatMap((m) -> validateToken(exchange)).flatMap((m) -> continueFilterChain(exchange, chain)) - .switchIfEmpty(continueFilterChain(exchange, chain).then(Mono.empty())) - .onErrorResume(CsrfException.class, (ex) -> this.accessDeniedHandler.handle(exchange, ex)); + return this.requireCsrfProtectionMatcher.matches(exchange) + .filter(MatchResult::isMatch) + .filter((matchResult) -> !exchange.getAttributes().containsKey(CsrfToken.class.getName())) + .flatMap((m) -> validateToken(exchange)) + .flatMap((m) -> continueFilterChain(exchange, chain)) + .switchIfEmpty(continueFilterChain(exchange, chain).then(Mono.empty())) + .onErrorResume(CsrfException.class, (ex) -> this.accessDeniedHandler.handle(exchange, ex)); } public static void skipExchange(ServerWebExchange exchange) { @@ -148,15 +150,15 @@ public class CsrfWebFilter implements WebFilter { private Mono validateToken(ServerWebExchange exchange) { return this.csrfTokenRepository.loadToken(exchange) - .switchIfEmpty( - Mono.defer(() -> Mono.error(new CsrfException("An expected CSRF token cannot be found")))) - .filterWhen((expected) -> containsValidCsrfToken(exchange, expected)) - .switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("Invalid CSRF Token")))).then(); + .switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("An expected CSRF token cannot be found")))) + .filterWhen((expected) -> containsValidCsrfToken(exchange, expected)) + .switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("Invalid CSRF Token")))) + .then(); } private Mono containsValidCsrfToken(ServerWebExchange exchange, CsrfToken expected) { return this.requestHandler.resolveCsrfTokenValue(exchange, expected) - .map((actual) -> equalsConstantTime(actual, expected.getToken())); + .map((actual) -> equalsConstantTime(actual, expected.getToken())); } private Mono continueFilterChain(ServerWebExchange exchange, WebFilterChain chain) { @@ -192,7 +194,8 @@ public class CsrfWebFilter implements WebFilter { private Mono generateToken(ServerWebExchange exchange) { return this.csrfTokenRepository.generateToken(exchange) - .delayUntil((token) -> this.csrfTokenRepository.saveToken(exchange, token)).cache(); + .delayUntil((token) -> this.csrfTokenRepository.saveToken(exchange, token)) + .cache(); } private static class DefaultRequireCsrfProtectionMatcher implements ServerWebExchangeMatcher { @@ -202,9 +205,11 @@ public class CsrfWebFilter implements WebFilter { @Override public Mono matches(ServerWebExchange exchange) { - return Mono.just(exchange.getRequest()).flatMap((r) -> Mono.justOrEmpty(r.getMethod())) - .filter(ALLOWED_METHODS::contains).flatMap((m) -> MatchResult.notMatch()) - .switchIfEmpty(MatchResult.match()); + return Mono.just(exchange.getRequest()) + .flatMap((r) -> Mono.justOrEmpty(r.getMethod())) + .filter(ALLOWED_METHODS::contains) + .flatMap((m) -> MatchResult.notMatch()) + .switchIfEmpty(MatchResult.match()); } } diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRequestAttributeHandler.java b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRequestAttributeHandler.java index 0db4288dfd..888239d522 100644 --- a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRequestAttributeHandler.java +++ b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRequestAttributeHandler.java @@ -47,7 +47,7 @@ public class ServerCsrfTokenRequestAttributeHandler implements ServerCsrfTokenRe @Override public Mono resolveCsrfTokenValue(ServerWebExchange exchange, CsrfToken csrfToken) { return ServerCsrfTokenRequestHandler.super.resolveCsrfTokenValue(exchange, csrfToken) - .switchIfEmpty(tokenFromMultipartData(exchange, csrfToken)); + .switchIfEmpty(tokenFromMultipartData(exchange, csrfToken)); } /** @@ -70,8 +70,10 @@ public class ServerCsrfTokenRequestAttributeHandler implements ServerCsrfTokenRe if (!MediaType.MULTIPART_FORM_DATA.isCompatibleWith(contentType)) { return Mono.empty(); } - return exchange.getMultipartData().map((d) -> d.getFirst(expected.getParameterName())).cast(FormFieldPart.class) - .map(FormFieldPart::value); + return exchange.getMultipartData() + .map((d) -> d.getFirst(expected.getParameterName())) + .cast(FormFieldPart.class) + .map(FormFieldPart::value); } } diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRequestHandler.java b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRequestHandler.java index 71fd06734b..a0f0221662 100644 --- a/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRequestHandler.java +++ b/web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRequestHandler.java @@ -46,9 +46,9 @@ public interface ServerCsrfTokenRequestHandler extends ServerCsrfTokenRequestRes default Mono resolveCsrfTokenValue(ServerWebExchange exchange, CsrfToken csrfToken) { Assert.notNull(exchange, "exchange cannot be null"); Assert.notNull(csrfToken, "csrfToken cannot be null"); - return exchange.getFormData().flatMap((data) -> Mono.justOrEmpty(data.getFirst(csrfToken.getParameterName()))) - .switchIfEmpty( - Mono.justOrEmpty(exchange.getRequest().getHeaders().getFirst(csrfToken.getHeaderName()))); + return exchange.getFormData() + .flatMap((data) -> Mono.justOrEmpty(data.getFirst(csrfToken.getParameterName()))) + .switchIfEmpty(Mono.justOrEmpty(exchange.getRequest().getHeaders().getFirst(csrfToken.getHeaderName()))); } } diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java index e2a9a81ada..64a83d9f00 100644 --- a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java +++ b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java @@ -42,7 +42,7 @@ public class WebSessionServerCsrfTokenRepository implements ServerCsrfTokenRepos private static final String DEFAULT_CSRF_HEADER_NAME = "X-CSRF-TOKEN"; private static final String DEFAULT_CSRF_TOKEN_ATTR_NAME = WebSessionServerCsrfTokenRepository.class.getName() - .concat(".CSRF_TOKEN"); + .concat(".CSRF_TOKEN"); private String parameterName = DEFAULT_CSRF_PARAMETER_NAME; @@ -57,8 +57,9 @@ public class WebSessionServerCsrfTokenRepository implements ServerCsrfTokenRepos @Override public Mono saveToken(ServerWebExchange exchange, CsrfToken token) { - return exchange.getSession().doOnNext((session) -> putToken(session.getAttributes(), token)) - .flatMap((session) -> session.changeSessionId()); + return exchange.getSession() + .doOnNext((session) -> putToken(session.getAttributes(), token)) + .flatMap((session) -> session.changeSessionId()); } private void putToken(Map attributes, CsrfToken token) { @@ -72,8 +73,9 @@ public class WebSessionServerCsrfTokenRepository implements ServerCsrfTokenRepos @Override public Mono loadToken(ServerWebExchange exchange) { - return exchange.getSession().filter((session) -> session.getAttributes().containsKey(this.sessionAttributeName)) - .map((session) -> session.getAttribute(this.sessionAttributeName)); + return exchange.getSession() + .filter((session) -> session.getAttributes().containsKey(this.sessionAttributeName)) + .map((session) -> session.getAttribute(this.sessionAttributeName)); } /** diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandler.java b/web/src/main/java/org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandler.java index 12edaf0420..d361104ecb 100644 --- a/web/src/main/java/org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandler.java +++ b/web/src/main/java/org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandler.java @@ -52,16 +52,18 @@ public final class XorServerCsrfTokenRequestAttributeHandler extends ServerCsrfT public void handle(ServerWebExchange exchange, Mono csrfToken) { Assert.notNull(exchange, "exchange cannot be null"); Assert.notNull(csrfToken, "csrfToken cannot be null"); - Mono updatedCsrfToken = csrfToken.map((token) -> new DefaultCsrfToken(token.getHeaderName(), - token.getParameterName(), createXoredCsrfToken(this.secureRandom, token.getToken()))) - .cast(CsrfToken.class).cache(); + Mono updatedCsrfToken = csrfToken + .map((token) -> new DefaultCsrfToken(token.getHeaderName(), token.getParameterName(), + createXoredCsrfToken(this.secureRandom, token.getToken()))) + .cast(CsrfToken.class) + .cache(); super.handle(exchange, updatedCsrfToken); } @Override public Mono resolveCsrfTokenValue(ServerWebExchange exchange, CsrfToken csrfToken) { return super.resolveCsrfTokenValue(exchange, csrfToken) - .flatMap((actualToken) -> Mono.justOrEmpty(getTokenValue(actualToken, csrfToken.getToken()))); + .flatMap((actualToken) -> Mono.justOrEmpty(getTokenValue(actualToken, csrfToken.getToken()))); } private static String getTokenValue(String actualToken, String token) { diff --git a/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java index fcf6eaef53..d6b21db2a6 100644 --- a/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java +++ b/web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java @@ -55,9 +55,10 @@ public class CacheControlServerHttpHeadersWriter implements ServerHttpHeadersWri * The delegate to write all the cache control related headers */ private static final ServerHttpHeadersWriter CACHE_HEADERS = StaticServerHttpHeadersWriter.builder() - .header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE) - .header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE) - .header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build(); + .header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE) + .header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE) + .header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE) + .build(); @Override public Mono writeHttpHeaders(ServerWebExchange exchange) { diff --git a/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java index 1f44a9f5bb..e28a69424a 100644 --- a/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java +++ b/web/src/main/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriter.java @@ -50,7 +50,8 @@ public final class ClearSiteDataServerHttpHeadersWriter implements ServerHttpHea public ClearSiteDataServerHttpHeadersWriter(Directive... directives) { Assert.notEmpty(directives, "directives cannot be empty or null"); this.headerWriterDelegate = StaticServerHttpHeadersWriter.builder() - .header(CLEAR_SITE_DATA_HEADER, transformToHeaderValue(directives)).build(); + .header(CLEAR_SITE_DATA_HEADER, transformToHeaderValue(directives)) + .build(); } @Override diff --git a/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java index decbd78523..fa1d03ab31 100644 --- a/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java +++ b/web/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java @@ -36,7 +36,8 @@ public class ContentTypeOptionsServerHttpHeadersWriter implements ServerHttpHead * The delegate to write all the cache control related headers */ private static final ServerHttpHeadersWriter CONTENT_TYPE_HEADERS = StaticServerHttpHeadersWriter.builder() - .header(X_CONTENT_OPTIONS, NOSNIFF).build(); + .header(X_CONTENT_OPTIONS, NOSNIFF) + .build(); @Override public Mono writeHttpHeaders(ServerWebExchange exchange) { diff --git a/web/src/main/java/org/springframework/security/web/server/header/ServerWebExchangeDelegatingServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/ServerWebExchangeDelegatingServerHttpHeadersWriter.java index 6c4b008b5c..e0f2a1a5cc 100644 --- a/web/src/main/java/org/springframework/security/web/server/header/ServerWebExchangeDelegatingServerHttpHeadersWriter.java +++ b/web/src/main/java/org/springframework/security/web/server/header/ServerWebExchangeDelegatingServerHttpHeadersWriter.java @@ -62,8 +62,10 @@ public final class ServerWebExchangeDelegatingServerHttpHeadersWriter implements @Override public Mono writeHttpHeaders(ServerWebExchange exchange) { - return this.headersWriter.getMatcher().matches(exchange).filter(ServerWebExchangeMatcher.MatchResult::isMatch) - .flatMap((matchResult) -> this.headersWriter.getEntry().writeHttpHeaders(exchange)); + return this.headersWriter.getMatcher() + .matches(exchange) + .filter(ServerWebExchangeMatcher.MatchResult::isMatch) + .flatMap((matchResult) -> this.headersWriter.getEntry().writeHttpHeaders(exchange)); } } diff --git a/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java b/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java index d7874daa32..dfe21e3dfe 100644 --- a/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java +++ b/web/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java @@ -36,7 +36,8 @@ public class XContentTypeOptionsServerHttpHeadersWriter implements ServerHttpHea * The delegate to write all the cache control related headers */ private static final ServerHttpHeadersWriter CONTENT_TYPE_HEADERS = StaticServerHttpHeadersWriter.builder() - .header(X_CONTENT_OPTIONS, NOSNIFF).build(); + .header(X_CONTENT_OPTIONS, NOSNIFF) + .build(); @Override public Mono writeHttpHeaders(ServerWebExchange exchange) { diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java index 6d92e9e8d0..bbe16dce1f 100644 --- a/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java +++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCache.java @@ -72,27 +72,35 @@ public class CookieServerRequestCache implements ServerRequestCache { @Override public Mono saveRequest(ServerWebExchange exchange) { - return this.saveRequestMatcher.matches(exchange).filter((m) -> m.isMatch()).map((m) -> exchange.getResponse()) - .map(ServerHttpResponse::getCookies).doOnNext((cookies) -> { - ResponseCookie redirectUriCookie = createRedirectUriCookie(exchange.getRequest()); - cookies.add(REDIRECT_URI_COOKIE_NAME, redirectUriCookie); - logger.debug(LogMessage.format("Request added to Cookie: %s", redirectUriCookie)); - }).then(); + return this.saveRequestMatcher.matches(exchange) + .filter((m) -> m.isMatch()) + .map((m) -> exchange.getResponse()) + .map(ServerHttpResponse::getCookies) + .doOnNext((cookies) -> { + ResponseCookie redirectUriCookie = createRedirectUriCookie(exchange.getRequest()); + cookies.add(REDIRECT_URI_COOKIE_NAME, redirectUriCookie); + logger.debug(LogMessage.format("Request added to Cookie: %s", redirectUriCookie)); + }) + .then(); } @Override public Mono getRedirectUri(ServerWebExchange exchange) { MultiValueMap cookieMap = exchange.getRequest().getCookies(); - return Mono.justOrEmpty(cookieMap.getFirst(REDIRECT_URI_COOKIE_NAME)).map(HttpCookie::getValue) - .map(CookieServerRequestCache::decodeCookie) - .onErrorResume(IllegalArgumentException.class, (ex) -> Mono.empty()).map(URI::create); + return Mono.justOrEmpty(cookieMap.getFirst(REDIRECT_URI_COOKIE_NAME)) + .map(HttpCookie::getValue) + .map(CookieServerRequestCache::decodeCookie) + .onErrorResume(IllegalArgumentException.class, (ex) -> Mono.empty()) + .map(URI::create); } @Override public Mono removeMatchingRequest(ServerWebExchange exchange) { - return Mono.just(exchange.getResponse()).map(ServerHttpResponse::getCookies).doOnNext( - (cookies) -> cookies.add(REDIRECT_URI_COOKIE_NAME, invalidateRedirectUriCookie(exchange.getRequest()))) - .thenReturn(exchange.getRequest()); + return Mono.just(exchange.getResponse()) + .map(ServerHttpResponse::getCookies) + .doOnNext((cookies) -> cookies.add(REDIRECT_URI_COOKIE_NAME, + invalidateRedirectUriCookie(exchange.getRequest()))) + .thenReturn(exchange.getRequest()); } private static ResponseCookie createRedirectUriCookie(ServerHttpRequest request) { @@ -108,8 +116,12 @@ public class CookieServerRequestCache implements ServerRequestCache { private static ResponseCookie createResponseCookie(ServerHttpRequest request, String cookieValue, Duration age) { return ResponseCookie.from(REDIRECT_URI_COOKIE_NAME, cookieValue) - .path(request.getPath().contextPath().value() + "/").maxAge(age).httpOnly(true) - .secure("https".equalsIgnoreCase(request.getURI().getScheme())).sameSite("Lax").build(); + .path(request.getPath().contextPath().value() + "/") + .maxAge(age) + .httpOnly(true) + .secure("https".equalsIgnoreCase(request.getURI().getScheme())) + .sameSite("Lax") + .build(); } private static String encodeCookie(String cookieValue) { diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java index a79dd0448a..253628211f 100644 --- a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java @@ -35,8 +35,10 @@ public class ServerRequestCacheWebFilter implements WebFilter { @Override public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { - return this.requestCache.removeMatchingRequest(exchange).map((r) -> exchange.mutate().request(r).build()) - .defaultIfEmpty(exchange).flatMap((e) -> chain.filter(e)); + return this.requestCache.removeMatchingRequest(exchange) + .map((r) -> exchange.mutate().request(r).build()) + .defaultIfEmpty(exchange) + .flatMap((e) -> chain.filter(e)); } public void setRequestCache(ServerRequestCache requestCache) { diff --git a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java index 427e532c6f..2e7a9d09ba 100644 --- a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java +++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java @@ -73,19 +73,23 @@ public class WebSessionServerRequestCache implements ServerRequestCache { @Override public Mono saveRequest(ServerWebExchange exchange) { - return this.saveRequestMatcher.matches(exchange).filter(MatchResult::isMatch) - .flatMap((m) -> exchange.getSession()).map(WebSession::getAttributes).doOnNext((attrs) -> { - String requestPath = pathInApplication(exchange.getRequest()); - attrs.put(this.sessionAttrName, requestPath); - logger.debug(LogMessage.format("Request added to WebSession: '%s'", requestPath)); - }).then(); + return this.saveRequestMatcher.matches(exchange) + .filter(MatchResult::isMatch) + .flatMap((m) -> exchange.getSession()) + .map(WebSession::getAttributes) + .doOnNext((attrs) -> { + String requestPath = pathInApplication(exchange.getRequest()); + attrs.put(this.sessionAttrName, requestPath); + logger.debug(LogMessage.format("Request added to WebSession: '%s'", requestPath)); + }) + .then(); } @Override public Mono getRedirectUri(ServerWebExchange exchange) { return exchange.getSession() - .flatMap((session) -> Mono.justOrEmpty(session.getAttribute(this.sessionAttrName))) - .map(this::createRedirectUri); + .flatMap((session) -> Mono.justOrEmpty(session.getAttribute(this.sessionAttrName))) + .map(this::createRedirectUri); } @Override diff --git a/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java b/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java index f1b7eadedc..1f3d485b65 100644 --- a/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java @@ -53,10 +53,13 @@ public final class HttpsRedirectWebFilter implements WebFilter { @Override public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { - return Mono.just(exchange).filter(this::isInsecure).flatMap(this.requiresHttpsRedirectMatcher::matches) - .filter((matchResult) -> matchResult.isMatch()).switchIfEmpty(chain.filter(exchange).then(Mono.empty())) - .map((matchResult) -> createRedirectUri(exchange)) - .flatMap((uri) -> this.redirectStrategy.sendRedirect(exchange, uri)); + return Mono.just(exchange) + .filter(this::isInsecure) + .flatMap(this.requiresHttpsRedirectMatcher::matches) + .filter((matchResult) -> matchResult.isMatch()) + .switchIfEmpty(chain.filter(exchange).then(Mono.empty())) + .map((matchResult) -> createRedirectUri(exchange)) + .flatMap((uri) -> this.redirectStrategy.sendRedirect(exchange, uri)); } /** diff --git a/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java b/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java index 4248433f75..807f96177f 100644 --- a/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java @@ -63,8 +63,10 @@ public class LoginPageGeneratingWebFilter implements WebFilter { @Override public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { - return this.matcher.matches(exchange).filter(ServerWebExchangeMatcher.MatchResult::isMatch) - .switchIfEmpty(chain.filter(exchange).then(Mono.empty())).flatMap((matchResult) -> render(exchange)); + return this.matcher.matches(exchange) + .filter(ServerWebExchangeMatcher.MatchResult::isMatch) + .switchIfEmpty(chain.filter(exchange).then(Mono.empty())) + .flatMap((matchResult) -> render(exchange)); } private Mono render(ServerWebExchange exchange) { @@ -148,7 +150,7 @@ public class LoginPageGeneratingWebFilter implements WebFilter { sb.append(createError(isError)); sb.append("\n"); for (Map.Entry clientAuthenticationUrlToClientName : oauth2AuthenticationUrlToClientName - .entrySet()) { + .entrySet()) { sb.append("
"); String url = clientAuthenticationUrlToClientName.getKey(); sb.append(""); diff --git a/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java b/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java index 135b5f097f..b0df82e849 100644 --- a/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java @@ -45,8 +45,10 @@ public class LogoutPageGeneratingWebFilter implements WebFilter { @Override public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { - return this.matcher.matches(exchange).filter(ServerWebExchangeMatcher.MatchResult::isMatch) - .switchIfEmpty(chain.filter(exchange).then(Mono.empty())).flatMap((matchResult) -> render(exchange)); + return this.matcher.matches(exchange) + .filter(ServerWebExchangeMatcher.MatchResult::isMatch) + .switchIfEmpty(chain.filter(exchange).then(Mono.empty())) + .flatMap((matchResult) -> render(exchange)); } private Mono render(ServerWebExchange exchange) { diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java index c898b7639c..1877e896e9 100644 --- a/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java +++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/AndServerWebExchangeMatcher.java @@ -58,12 +58,13 @@ public class AndServerWebExchangeMatcher implements ServerWebExchangeMatcher { return Mono.defer(() -> { Map variables = new HashMap<>(); return Flux.fromIterable(this.matchers) - .doOnNext((matcher) -> logger.debug(LogMessage.format("Trying to match using %s", matcher))) - .flatMap((matcher) -> matcher.matches(exchange)) - .doOnNext((matchResult) -> variables.putAll(matchResult.getVariables())).all(MatchResult::isMatch) - .flatMap((allMatch) -> allMatch ? MatchResult.match(variables) : MatchResult.notMatch()) - .doOnNext((matchResult) -> logger - .debug(matchResult.isMatch() ? "All requestMatchers returned true" : "Did not match")); + .doOnNext((matcher) -> logger.debug(LogMessage.format("Trying to match using %s", matcher))) + .flatMap((matcher) -> matcher.matches(exchange)) + .doOnNext((matchResult) -> variables.putAll(matchResult.getVariables())) + .all(MatchResult::isMatch) + .flatMap((allMatch) -> allMatch ? MatchResult.match(variables) : MatchResult.notMatch()) + .doOnNext((matchResult) -> logger + .debug(matchResult.isMatch() ? "All requestMatchers returned true" : "Did not match")); }); } diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java index ce414b4087..454634afc2 100644 --- a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java +++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java @@ -45,8 +45,9 @@ public class NegatedServerWebExchangeMatcher implements ServerWebExchangeMatcher @Override public Mono matches(ServerWebExchange exchange) { - return this.matcher.matches(exchange).flatMap(this::negate) - .doOnNext((matchResult) -> logger.debug(LogMessage.format("matches = %s", matchResult.isMatch()))); + return this.matcher.matches(exchange) + .flatMap(this::negate) + .doOnNext((matchResult) -> logger.debug(LogMessage.format("matches = %s", matchResult.isMatch()))); } private Mono negate(MatchResult matchResult) { diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java index 74eca6a7d4..4e36aa3932 100644 --- a/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java +++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/OrServerWebExchangeMatcher.java @@ -54,10 +54,12 @@ public class OrServerWebExchangeMatcher implements ServerWebExchangeMatcher { @Override public Mono matches(ServerWebExchange exchange) { return Flux.fromIterable(this.matchers) - .doOnNext((matcher) -> logger.debug(LogMessage.format("Trying to match using %s", matcher))) - .flatMap((matcher) -> matcher.matches(exchange)).filter(MatchResult::isMatch).next() - .switchIfEmpty(MatchResult.notMatch()) - .doOnNext((matchResult) -> logger.debug(matchResult.isMatch() ? "matched" : "No matches found")); + .doOnNext((matcher) -> logger.debug(LogMessage.format("Trying to match using %s", matcher))) + .flatMap((matcher) -> matcher.matches(exchange)) + .filter(MatchResult::isMatch) + .next() + .switchIfEmpty(MatchResult.notMatch()) + .doOnNext((matchResult) -> logger.debug(matchResult.isMatch() ? "matched" : "No matches found")); } @Override diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java index b76b33a5a4..72c24de5d9 100644 --- a/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java +++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/PathPatternParserServerWebExchangeMatcher.java @@ -96,8 +96,8 @@ public final class PathPatternParserServerWebExchangeMatcher implements ServerWe Map pathVariables = this.pattern.matchAndExtract(path).getUriVariables(); Map variables = new HashMap<>(pathVariables); if (logger.isDebugEnabled()) { - logger.debug( - "Checking match of request : '" + path + "'; against '" + this.pattern.getPatternString() + "'"); + logger + .debug("Checking match of request : '" + path + "'; against '" + this.pattern.getPatternString() + "'"); } return MatchResult.match(variables); } diff --git a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java index 7aca310392..c728265d88 100644 --- a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java +++ b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java @@ -164,7 +164,7 @@ public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtrac String lookupPath = this.pathHelper.getLookupPathForRequest(request); if (matches(lookupPath)) { Map variables = this.pathMatcher - .extractUriTemplateVariables(MvcRequestMatcher.this.pattern, lookupPath); + .extractUriTemplateVariables(MvcRequestMatcher.this.pattern, lookupPath); return MatchResult.match(variables); } return MatchResult.notMatch(); diff --git a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java index 282f1ee008..4a57aca50d 100644 --- a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java +++ b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java @@ -79,7 +79,7 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory { private Log logger = LogFactory.getLog(getClass()); private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private final String rolePrefix; @@ -235,14 +235,14 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory { } AuthenticationManager authManager = HttpServlet3RequestFactory.this.authenticationManager; if (authManager == null) { - HttpServlet3RequestFactory.this.logger.debug( - "authenticationManager is null, so allowing original HttpServletRequest to handle login"); + HttpServlet3RequestFactory.this.logger + .debug("authenticationManager is null, so allowing original HttpServletRequest to handle login"); super.login(username, password); return; } Authentication authentication = getAuthentication(authManager, username, password); SecurityContext context = HttpServlet3RequestFactory.this.securityContextHolderStrategy - .createEmptyContext(); + .createEmptyContext(); context.setAuthentication(authentication); HttpServlet3RequestFactory.this.securityContextHolderStrategy.setContext(context); } @@ -251,7 +251,7 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory { throws ServletException { try { UsernamePasswordAuthenticationToken authentication = UsernamePasswordAuthenticationToken - .unauthenticated(username, password); + .unauthenticated(username, password); Object details = HttpServlet3RequestFactory.this.authenticationDetailsSource.buildDetails(this); authentication.setDetails(details); return authManager.authenticate(authentication); @@ -267,12 +267,12 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory { List handlers = HttpServlet3RequestFactory.this.logoutHandlers; if (CollectionUtils.isEmpty(handlers)) { HttpServlet3RequestFactory.this.logger - .debug("logoutHandlers is null, so allowing original HttpServletRequest to handle logout"); + .debug("logoutHandlers is null, so allowing original HttpServletRequest to handle logout"); super.logout(); return; } Authentication authentication = HttpServlet3RequestFactory.this.securityContextHolderStrategy.getContext() - .getAuthentication(); + .getAuthentication(); for (LogoutHandler handler : handlers) { handler.logout(this, this.response, authentication); } diff --git a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java index ed946c01eb..8468ea1212 100644 --- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java +++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java @@ -70,7 +70,7 @@ import org.springframework.web.filter.GenericFilterBean; public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private String rolePrefix = "ROLE_"; diff --git a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java index faa1aeba59..c09f47b466 100644 --- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java +++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java @@ -52,7 +52,7 @@ import org.springframework.util.Assert; public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequestWrapper { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private final AuthenticationTrustResolver trustResolver; diff --git a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java index 23e377f648..e93939a39d 100644 --- a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java +++ b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java @@ -69,7 +69,7 @@ import org.springframework.web.filter.GenericFilterBean; public class ConcurrentSessionFilter extends GenericFilterBean { private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private final SessionRegistry sessionRegistry; @@ -138,10 +138,10 @@ public class ConcurrentSessionFilter extends GenericFilterBean { if (info.isExpired()) { // Expired - abort processing this.logger.debug(LogMessage - .of(() -> "Requested session ID " + request.getRequestedSessionId() + " has expired.")); + .of(() -> "Requested session ID " + request.getRequestedSessionId() + " has expired.")); doLogout(request, response); this.sessionInformationExpiredStrategy - .onExpiredSessionDetected(new SessionInformationExpiredEvent(info, request, response)); + .onExpiredSessionDetected(new SessionInformationExpiredEvent(info, request, response)); return; } // Non-expired - update last request date/time @@ -221,8 +221,9 @@ public class ConcurrentSessionFilter extends GenericFilterBean { @Override public void onExpiredSessionDetected(SessionInformationExpiredEvent event) throws IOException { HttpServletResponse response = event.getResponse(); - response.getWriter().print("This session has been expired (possibly due to multiple concurrent " - + "logins being attempted as the same user)."); + response.getWriter() + .print("This session has been expired (possibly due to multiple concurrent " + + "logins being attempted as the same user)."); response.flushBuffer(); } diff --git a/web/src/main/java/org/springframework/security/web/session/RequestedUrlRedirectInvalidSessionStrategy.java b/web/src/main/java/org/springframework/security/web/session/RequestedUrlRedirectInvalidSessionStrategy.java index 9d023701ff..cb8095478c 100644 --- a/web/src/main/java/org/springframework/security/web/session/RequestedUrlRedirectInvalidSessionStrategy.java +++ b/web/src/main/java/org/springframework/security/web/session/RequestedUrlRedirectInvalidSessionStrategy.java @@ -44,8 +44,11 @@ public final class RequestedUrlRedirectInvalidSessionStrategy implements Invalid @Override public void onInvalidSessionDetected(HttpServletRequest request, HttpServletResponse response) throws IOException { - String destinationUrl = ServletUriComponentsBuilder.fromRequest(request).host(null).scheme(null).port(null) - .toUriString(); + String destinationUrl = ServletUriComponentsBuilder.fromRequest(request) + .host(null) + .scheme(null) + .port(null) + .toUriString(); if (this.logger.isDebugEnabled()) { this.logger.debug("Starting new session (if required) and redirecting to '" + destinationUrl + "'"); } diff --git a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java index a02d00384f..b6fb2bed90 100644 --- a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java +++ b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java @@ -55,7 +55,7 @@ public class SessionManagementFilter extends GenericFilterBean { static final String FILTER_APPLIED = "__spring_security_session_mgmt_filter_applied"; private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder - .getContextHolderStrategy(); + .getContextHolderStrategy(); private final SecurityContextRepository securityContextRepository; diff --git a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java index e1a95641fb..098309fd97 100644 --- a/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/DefaultRedirectStrategyTests.java @@ -61,7 +61,7 @@ public class DefaultRedirectStrategyTests { request.setContextPath("/context"); MockHttpServletResponse response = new MockHttpServletResponse(); assertThatIllegalArgumentException() - .isThrownBy(() -> rds.sendRedirect(request, response, "https://redirectme.somewhere.else")); + .isThrownBy(() -> rds.sendRedirect(request, response, "https://redirectme.somewhere.else")); } } diff --git a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java index 4620b1a017..22e115c842 100644 --- a/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java +++ b/web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java @@ -192,10 +192,10 @@ public class FilterChainProxyTests { given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true); willAnswer((Answer) (inv) -> { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("username", "password")); + .setAuthentication(new TestingAuthenticationToken("username", "password")); return null; - }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), - any(FilterChain.class)); + }).given(this.filter) + .doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); this.fcp.doFilter(this.request, this.response, this.chain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -214,12 +214,12 @@ public class FilterChainProxyTests { given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true); willAnswer((Answer) (inv) -> { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("username", "password")); + .setAuthentication(new TestingAuthenticationToken("username", "password")); throw new ServletException("oops"); - }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), - any(FilterChain.class)); + }).given(this.filter) + .doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); assertThatExceptionOfType(ServletException.class) - .isThrownBy(() -> this.fcp.doFilter(this.request, this.response, this.chain)); + .isThrownBy(() -> this.fcp.doFilter(this.request, this.response, this.chain)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -234,13 +234,13 @@ public class FilterChainProxyTests { willAnswer((Answer) (inv1) -> { innerChain.doFilter(this.request, this.response); return null; - }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), - any(FilterChain.class)); + }).given(this.filter) + .doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); this.fcp.doFilter(this.request, this.response, innerChain); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expected); return null; - }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), - any(FilterChain.class)); + }).given(this.filter) + .doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class)); this.fcp.doFilter(this.request, this.response, this.chain); verify(innerChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); diff --git a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java index b616bdfdd1..768cb91bb3 100644 --- a/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java +++ b/web/src/test/java/org/springframework/security/web/FilterInvocationTests.java @@ -78,14 +78,14 @@ public class FilterInvocationTests { public void testRejectsNullServletRequest() { MockHttpServletResponse response = new MockHttpServletResponse(); assertThatIllegalArgumentException() - .isThrownBy(() -> new FilterInvocation(null, response, mock(FilterChain.class))); + .isThrownBy(() -> new FilterInvocation(null, response, mock(FilterChain.class))); } @Test public void testRejectsNullServletResponse() { MockHttpServletRequest request = new MockHttpServletRequest(null, null); assertThatIllegalArgumentException() - .isThrownBy(() -> new FilterInvocation(request, null, mock(FilterChain.class))); + .isThrownBy(() -> new FilterInvocation(request, null, mock(FilterChain.class))); } @Test @@ -124,7 +124,7 @@ public class FilterInvocationTests { @Test public void dummyChainRejectsInvocation() throws Exception { assertThatExceptionOfType(UnsupportedOperationException.class).isThrownBy(() -> FilterInvocation.DUMMY_CHAIN - .doFilter(mock(HttpServletRequest.class), mock(HttpServletResponse.class))); + .doFilter(mock(HttpServletRequest.class), mock(HttpServletResponse.class))); } @Test diff --git a/web/src/test/java/org/springframework/security/web/RequestMatcherRedirectFilterTests.java b/web/src/test/java/org/springframework/security/web/RequestMatcherRedirectFilterTests.java index 5603f00a2f..9231c5557f 100644 --- a/web/src/test/java/org/springframework/security/web/RequestMatcherRedirectFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/RequestMatcherRedirectFilterTests.java @@ -78,28 +78,28 @@ public class RequestMatcherRedirectFilterTests { @Test public void constructWhenRequestMatcherNull() { assertThatIllegalArgumentException().isThrownBy(() -> new RequestMatcherRedirectFilter(null, "/test")) - .withMessage("requestMatcher cannot be null"); + .withMessage("requestMatcher cannot be null"); } @Test public void constructWhenRedirectUrlNull() { assertThatIllegalArgumentException() - .isThrownBy(() -> new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/**"), null)) - .withMessage("redirectUrl cannot be empty"); + .isThrownBy(() -> new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/**"), null)) + .withMessage("redirectUrl cannot be empty"); } @Test public void constructWhenRedirectUrlEmpty() { assertThatIllegalArgumentException() - .isThrownBy(() -> new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/**"), "")) - .withMessage("redirectUrl cannot be empty"); + .isThrownBy(() -> new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/**"), "")) + .withMessage("redirectUrl cannot be empty"); } @Test public void constructWhenRedirectUrlBlank() { assertThatIllegalArgumentException() - .isThrownBy(() -> new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/**"), " ")) - .withMessage("redirectUrl cannot be empty"); + .isThrownBy(() -> new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/**"), " ")) + .withMessage("redirectUrl cannot be empty"); } } diff --git a/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java index 39d9e068f4..f248240a29 100644 --- a/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java @@ -49,8 +49,8 @@ class AuthorizationManagerWebInvocationPrivilegeEvaluatorTests { @Test void constructorWhenAuthorizationManagerNullThenIllegalArgument() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthorizationManagerWebInvocationPrivilegeEvaluator(null)) - .withMessage("authorizationManager cannot be null"); + .isThrownBy(() -> new AuthorizationManagerWebInvocationPrivilegeEvaluator(null)) + .withMessage("authorizationManager cannot be null"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java index 9e5b84e7f9..72cceba51d 100644 --- a/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java @@ -114,7 +114,7 @@ public class DefaultWebInvocationPrivilegeEvaluatorTests { Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX"); MockServletContext servletContext = new MockServletContext(); ArgumentCaptor filterInvocationArgumentCaptor = ArgumentCaptor - .forClass(FilterInvocation.class); + .forClass(FilterInvocation.class); DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(this.interceptor); wipe.setServletContext(servletContext); wipe.isAllowed("/foo/index.jsp", token); diff --git a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java index 2c553a5832..b0601378c1 100644 --- a/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java @@ -92,12 +92,13 @@ public class ExceptionTranslationFilterTests { request.setRequestURI("/mycontext/secure/page.html"); // Setup the FilterChain to thrown an access denied exception FilterChain fc = mock(FilterChain.class); - willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), - any(HttpServletResponse.class)); + willThrow(new AccessDeniedException("")).given(fc) + .doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); // Setup SecurityContextHolder, as filter needs to check if user is // anonymous - SecurityContextHolder.getContext().setAuthentication( - new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED"))); + SecurityContextHolder.getContext() + .setAuthentication(new AnonymousAuthenticationToken("ignored", "ignored", + AuthorityUtils.createAuthorityList("IGNORED"))); // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl()); @@ -120,8 +121,8 @@ public class ExceptionTranslationFilterTests { request.setRequestURI("/mycontext/secure/page.html"); // Setup the FilterChain to thrown an access denied exception FilterChain fc = mock(FilterChain.class); - willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), - any(HttpServletResponse.class)); + willThrow(new AccessDeniedException("")).given(fc) + .doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); // Setup SecurityContextHolder, as filter needs to check if user is remembered SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication( @@ -142,8 +143,8 @@ public class ExceptionTranslationFilterTests { request.setServletPath("/secure/page.html"); // Setup the FilterChain to thrown an access denied exception FilterChain fc = mock(FilterChain.class); - willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), - any(HttpServletResponse.class)); + willThrow(new AccessDeniedException("")).given(fc) + .doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); // Setup SecurityContextHolder, as filter needs to check if user is // anonymous SecurityContextHolder.clearContext(); @@ -157,7 +158,7 @@ public class ExceptionTranslationFilterTests { filter.doFilter(request, response, fc); assertThat(response.getStatus()).isEqualTo(403); assertThat(request.getAttribute(WebAttributes.ACCESS_DENIED_403)) - .isExactlyInstanceOf(AccessDeniedException.class); + .isExactlyInstanceOf(AccessDeniedException.class); } @Test @@ -167,12 +168,13 @@ public class ExceptionTranslationFilterTests { request.setServletPath("/secure/page.html"); // Setup the FilterChain to thrown an access denied exception FilterChain fc = mock(FilterChain.class); - willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), - any(HttpServletResponse.class)); + willThrow(new AccessDeniedException("")).given(fc) + .doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); // Setup SecurityContextHolder, as filter needs to check if user is // anonymous - SecurityContextHolder.getContext().setAuthentication( - new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED"))); + SecurityContextHolder.getContext() + .setAuthentication(new AnonymousAuthenticationToken("ignored", "ignored", + AuthorityUtils.createAuthorityList("IGNORED"))); // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter( (req, res, ae) -> res.sendError(403, ae.getMessage())); @@ -182,7 +184,7 @@ public class ExceptionTranslationFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, fc); assertThat(response.getErrorMessage()) - .isEqualTo("Vollst\u00e4ndige Authentifikation wird ben\u00f6tigt um auf diese Resource zuzugreifen"); + .isEqualTo("Vollst\u00e4ndige Authentifikation wird ben\u00f6tigt um auf diese Resource zuzugreifen"); } @Test @@ -197,8 +199,8 @@ public class ExceptionTranslationFilterTests { request.setRequestURI("/mycontext/secure/page.html"); // Setup the FilterChain to thrown an authentication failure exception FilterChain fc = mock(FilterChain.class); - willThrow(new BadCredentialsException("")).given(fc).doFilter(any(HttpServletRequest.class), - any(HttpServletResponse.class)); + willThrow(new BadCredentialsException("")).given(fc) + .doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); // Test ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); filter.afterPropertiesSet(); @@ -221,8 +223,8 @@ public class ExceptionTranslationFilterTests { request.setRequestURI("/mycontext/secure/page.html"); // Setup the FilterChain to thrown an authentication failure exception FilterChain fc = mock(FilterChain.class); - willThrow(new BadCredentialsException("")).given(fc).doFilter(any(HttpServletRequest.class), - any(HttpServletResponse.class)); + willThrow(new BadCredentialsException("")).given(fc) + .doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); // Test HttpSessionRequestCache requestCache = new HttpSessionRequestCache(); ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint, requestCache); @@ -242,7 +244,7 @@ public class ExceptionTranslationFilterTests { @Test public void startupDetectsMissingRequestCache() { assertThatIllegalArgumentException() - .isThrownBy(() -> new ExceptionTranslationFilter(this.mockEntryPoint, null)); + .isThrownBy(() -> new ExceptionTranslationFilter(this.mockEntryPoint, null)); } @Test @@ -266,8 +268,8 @@ public class ExceptionTranslationFilterTests { FilterChain fc = mock(FilterChain.class); willThrow(exception).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); assertThatExceptionOfType(Exception.class) - .isThrownBy(() -> filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), fc)) - .isSameAs(exception); + .isThrownBy(() -> filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), fc)) + .isSameAs(exception); } } @@ -283,7 +285,7 @@ public class ExceptionTranslationFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint); assertThatExceptionOfType(ServletException.class).isThrownBy(() -> filter.doFilter(request, response, chain)) - .withCauseInstanceOf(AccessDeniedException.class); + .withCauseInstanceOf(AccessDeniedException.class); verifyNoMoreInteractions(this.mockEntryPoint); } @@ -304,6 +306,6 @@ public class ExceptionTranslationFilterTests { } private AuthenticationEntryPoint mockEntryPoint = (request, response, authException) -> response - .sendRedirect(request.getContextPath() + "/login.jsp"); + .sendRedirect(request.getContextPath() + "/login.jsp"); } diff --git a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests.java index dd561ea7bb..76635224ae 100644 --- a/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests.java @@ -183,18 +183,20 @@ class RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests { void constructorWhenPrivilegeEvaluatorsNullThenException() { RequestMatcherEntry> entry = new RequestMatcherEntry<>(this.alwaysMatch, null); - assertThatIllegalArgumentException().isThrownBy( - () -> new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(Collections.singletonList(entry))) - .withMessageContaining("webInvocationPrivilegeEvaluators cannot be null"); + assertThatIllegalArgumentException() + .isThrownBy( + () -> new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(Collections.singletonList(entry))) + .withMessageContaining("webInvocationPrivilegeEvaluators cannot be null"); } @Test void constructorWhenRequestMatcherNullThenException() { RequestMatcherEntry> entry = new RequestMatcherEntry<>(null, Collections.singletonList(mock(WebInvocationPrivilegeEvaluator.class))); - assertThatIllegalArgumentException().isThrownBy( - () -> new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(Collections.singletonList(entry))) - .withMessageContaining("requestMatcher cannot be null"); + assertThatIllegalArgumentException() + .isThrownBy( + () -> new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(Collections.singletonList(entry))) + .withMessageContaining("requestMatcher cannot be null"); } } diff --git a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java index 20fd436a96..42afaa24f5 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java @@ -153,7 +153,7 @@ public class ChannelDecisionManagerImplTests { public void testStartupFailsWithEmptyChannelProcessorsList() throws Exception { ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl(); assertThatIllegalArgumentException().isThrownBy(cdm::afterPropertiesSet) - .withMessage("A list of ChannelProcessors is required"); + .withMessage("A list of ChannelProcessors is required"); } private class MockChannelProcessor implements ChannelProcessor { diff --git a/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java index fabc67814e..e01d46be1d 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java @@ -93,7 +93,7 @@ public class InsecureChannelProcessorTests { InsecureChannelProcessor processor = new InsecureChannelProcessor(); processor.setEntryPoint(null); assertThatIllegalArgumentException().isThrownBy(processor::afterPropertiesSet) - .withMessage("entryPoint required"); + .withMessage("entryPoint required"); } @Test @@ -101,10 +101,10 @@ public class InsecureChannelProcessorTests { InsecureChannelProcessor processor = new InsecureChannelProcessor(); processor.setInsecureKeyword(null); assertThatIllegalArgumentException().isThrownBy(processor::afterPropertiesSet) - .withMessage("insecureKeyword required"); + .withMessage("insecureKeyword required"); processor.setInsecureKeyword(""); assertThatIllegalArgumentException().isThrownBy(processor::afterPropertiesSet) - .withMessage("insecureKeyword required"); + .withMessage("insecureKeyword required"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java index 377c5d6f8f..020f0f824f 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java @@ -127,7 +127,7 @@ public class RetryWithHttpEntryPointTests { ep.setPortMapper(portMapper); ep.commence(request, response); assertThat(response.getRedirectedUrl()) - .isEqualTo("http://localhost:8888/bigWebApp/hello/pathInfo.html?open=true"); + .isEqualTo("http://localhost:8888/bigWebApp/hello/pathInfo.html?open=true"); } } diff --git a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java index 093affbd15..1ad31a4301 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java @@ -70,7 +70,7 @@ public class RetryWithHttpsEntryPointTests { ep.setPortResolver(new MockPortResolver(80, 443)); ep.commence(request, response); assertThat(response.getRedirectedUrl()) - .isEqualTo("https://www.example.com/bigWebApp/hello/pathInfo.html?open=true"); + .isEqualTo("https://www.example.com/bigWebApp/hello/pathInfo.html?open=true"); } @Test @@ -119,7 +119,7 @@ public class RetryWithHttpsEntryPointTests { ep.setPortMapper(portMapper); ep.commence(request, response); assertThat(response.getRedirectedUrl()) - .isEqualTo("https://www.example.com:9999/bigWebApp/hello/pathInfo.html?open=true"); + .isEqualTo("https://www.example.com:9999/bigWebApp/hello/pathInfo.html?open=true"); } } diff --git a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java index 46f0cb7fdc..52f74c97c4 100644 --- a/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java @@ -93,7 +93,7 @@ public class SecureChannelProcessorTests { SecureChannelProcessor processor = new SecureChannelProcessor(); processor.setEntryPoint(null); assertThatIllegalArgumentException().isThrownBy(processor::afterPropertiesSet) - .withMessage("entryPoint required"); + .withMessage("entryPoint required"); } @Test @@ -101,10 +101,10 @@ public class SecureChannelProcessorTests { SecureChannelProcessor processor = new SecureChannelProcessor(); processor.setSecureKeyword(null); assertThatIllegalArgumentException().isThrownBy(processor::afterPropertiesSet) - .withMessage("secureKeyword required"); + .withMessage("secureKeyword required"); processor.setSecureKeyword(""); assertThatIllegalArgumentException().isThrownBy(() -> processor.afterPropertiesSet()) - .withMessage("secureKeyword required"); + .withMessage("secureKeyword required"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/access/expression/DefaultHttpSecurityExpressionHandlerTests.java b/web/src/test/java/org/springframework/security/web/access/expression/DefaultHttpSecurityExpressionHandlerTests.java index 5c58c7fe90..f42b1eb493 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/DefaultHttpSecurityExpressionHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/DefaultHttpSecurityExpressionHandlerTests.java @@ -105,8 +105,9 @@ public class DefaultHttpSecurityExpressionHandlerTests { EvaluationContext context = this.handler.createEvaluationContext(mockAuthenticationSupplier, this.context); verifyNoInteractions(mockAuthenticationSupplier); assertThat(context.getRootObject()).extracting(TypedValue::getValue) - .asInstanceOf(InstanceOfAssertFactories.type(WebSecurityExpressionRoot.class)) - .extracting(SecurityExpressionRoot::getAuthentication).isEqualTo(this.authentication); + .asInstanceOf(InstanceOfAssertFactories.type(WebSecurityExpressionRoot.class)) + .extracting(SecurityExpressionRoot::getAuthentication) + .isEqualTo(this.authentication); verify(mockAuthenticationSupplier).get(); } diff --git a/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java b/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java index b6c2b9b2de..6c6248fe3d 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java @@ -56,8 +56,8 @@ public class ExpressionBasedFilterInvocationSecurityMetadataSourceTests { LinkedHashMap> requestMap = new LinkedHashMap<>(); requestMap.put(AnyRequestMatcher.INSTANCE, SecurityConfig.createList("hasRole('X'")); assertThatIllegalArgumentException() - .isThrownBy(() -> new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap, - new DefaultWebSecurityExpressionHandler())); + .isThrownBy(() -> new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap, + new DefaultWebSecurityExpressionHandler())); } } diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManagerTests.java index c10ae293ef..3fed051ff7 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManagerTests.java @@ -41,19 +41,19 @@ class WebExpressionAuthorizationManagerTests { @Test void instantiateWhenExpressionStringNullThenIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> new WebExpressionAuthorizationManager(null)) - .withMessage("expressionString cannot be empty"); + .withMessage("expressionString cannot be empty"); } @Test void instantiateWhenExpressionStringEmptyThenIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> new WebExpressionAuthorizationManager("")) - .withMessage("expressionString cannot be empty"); + .withMessage("expressionString cannot be empty"); } @Test void instantiateWhenExpressionStringBlankThenIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> new WebExpressionAuthorizationManager(" ")) - .withMessage("expressionString cannot be empty"); + .withMessage("expressionString cannot be empty"); } @Test @@ -66,7 +66,7 @@ class WebExpressionAuthorizationManagerTests { void setExpressionHandlerWhenNullThenIllegalArgumentException() { WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager("hasRole('ADMIN')"); assertThatIllegalArgumentException().isThrownBy(() -> manager.setExpressionHandler(null)) - .withMessage("expressionHandler cannot be null"); + .withMessage("expressionHandler cannot be null"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java index 80c5a82291..cfb0514284 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java @@ -52,7 +52,7 @@ public class WebExpressionVoterTests { WebExpressionVoter voter = new WebExpressionVoter(); assertThat(voter.supports( new WebExpressionConfigAttribute(mock(Expression.class), mock(EvaluationContextPostProcessor.class)))) - .isTrue(); + .isTrue(); assertThat(voter.supports(FilterInvocation.class)).isTrue(); assertThat(voter.supports(MethodInvocation.class)).isFalse(); } @@ -62,7 +62,7 @@ public class WebExpressionVoterTests { WebExpressionVoter voter = new WebExpressionVoter(); assertThat( voter.vote(this.user, new FilterInvocation("/path", "GET"), SecurityConfig.createList("A", "B", "C"))) - .isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN); + .isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN); } @Test @@ -71,7 +71,7 @@ public class WebExpressionVoterTests { Expression ex = mock(Expression.class); EvaluationContextPostProcessor postProcessor = mock(EvaluationContextPostProcessor.class); given(postProcessor.postProcess(any(EvaluationContext.class), any(FilterInvocation.class))) - .willAnswer((invocation) -> invocation.getArgument(0)); + .willAnswer((invocation) -> invocation.getArgument(0)); WebExpressionConfigAttribute weca = new WebExpressionConfigAttribute(ex, postProcessor); EvaluationContext ctx = mock(EvaluationContext.class); SecurityExpressionHandler eh = mock(SecurityExpressionHandler.class); diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java index edb9fbde1a..acc8b47f14 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java @@ -93,7 +93,7 @@ public class AuthorizationFilterTests { public void filterWhenAuthorizationManagerVerifyPassesThenNextFilter() throws Exception { AuthorizationManager mockAuthorizationManager = mock(AuthorizationManager.class); given(mockAuthorizationManager.check(any(Supplier.class), any(HttpServletRequest.class))) - .willReturn(new AuthorizationDecision(true)); + .willReturn(new AuthorizationDecision(true)); AuthorizationFilter filter = new AuthorizationFilter(mockAuthorizationManager); TestingAuthenticationToken authenticationToken = new TestingAuthenticationToken("user", "password"); @@ -130,12 +130,12 @@ public class AuthorizationFilterTests { MockHttpServletResponse mockResponse = new MockHttpServletResponse(); FilterChain mockFilterChain = mock(FilterChain.class); - willThrow(new AccessDeniedException("Access Denied")).given(mockAuthorizationManager).check(any(), - eq(mockRequest)); + willThrow(new AccessDeniedException("Access Denied")).given(mockAuthorizationManager) + .check(any(), eq(mockRequest)); assertThatExceptionOfType(AccessDeniedException.class) - .isThrownBy(() -> filter.doFilter(mockRequest, mockResponse, mockFilterChain)) - .withMessage("Access Denied"); + .isThrownBy(() -> filter.doFilter(mockRequest, mockResponse, mockFilterChain)) + .withMessage("Access Denied"); ArgumentCaptor> authenticationCaptor = ArgumentCaptor.forClass(Supplier.class); verify(mockAuthorizationManager).check(authenticationCaptor.capture(), eq(mockRequest)); @@ -153,8 +153,8 @@ public class AuthorizationFilterTests { FilterChain mockFilterChain = mock(FilterChain.class); assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> filter.doFilter(mockRequest, mockResponse, mockFilterChain)) - .withMessage("An Authentication object was not found in the SecurityContext"); + .isThrownBy(() -> filter.doFilter(mockRequest, mockResponse, mockFilterChain)) + .withMessage("An Authentication object was not found in the SecurityContext"); verifyNoInteractions(mockFilterChain); } @@ -171,7 +171,7 @@ public class AuthorizationFilterTests { AuthorizationManager authorizationManager = mock(AuthorizationManager.class); AuthorizationFilter authorizationFilter = new AuthorizationFilter(authorizationManager); assertThatIllegalArgumentException().isThrownBy(() -> authorizationFilter.setAuthorizationEventPublisher(null)) - .withMessage("eventPublisher cannot be null"); + .withMessage("eventPublisher cannot be null"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java index 06fe897739..9ffe41974d 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java @@ -131,8 +131,8 @@ public class FilterSecurityInterceptorTests { SecurityContextHolder.getContext().setAuthentication(token); FilterInvocation fi = createinvocation(); FilterChain chain = fi.getChain(); - willThrow(new RuntimeException()).given(chain).doFilter(any(HttpServletRequest.class), - any(HttpServletResponse.class)); + willThrow(new RuntimeException()).given(chain) + .doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK")); AfterInvocationManager aim = mock(AfterInvocationManager.class); this.interceptor.setAfterInvocationManager(aim); @@ -150,12 +150,12 @@ public class FilterSecurityInterceptorTests { ctx.setAuthentication(token); RunAsManager runAsManager = mock(RunAsManager.class); given(runAsManager.buildRunAs(eq(token), any(), anyCollection())) - .willReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass())); + .willReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass())); this.interceptor.setRunAsManager(runAsManager); FilterInvocation fi = createinvocation(); FilterChain chain = fi.getChain(); - willThrow(new RuntimeException()).given(chain).doFilter(any(HttpServletRequest.class), - any(HttpServletResponse.class)); + willThrow(new RuntimeException()).given(chain) + .doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK")); AfterInvocationManager aim = mock(AfterInvocationManager.class); this.interceptor.setAfterInvocationManager(aim); diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java index 9e81c8c6d1..22f3288f9d 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java @@ -65,7 +65,7 @@ public class RequestKeyTests { @Test public void keysWithNullUrlFailsAssertion() { assertThatIllegalArgumentException().isThrownBy(() -> new RequestKey(null, null)) - .withMessage("url cannot be null"); + .withMessage("url cannot be null"); } } diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java index 624a6ecee8..4ce4868f02 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java @@ -43,32 +43,35 @@ public class RequestMatcherDelegatingAuthorizationManagerTests { @Test public void buildWhenMappingsEmptyThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder().build()) - .withMessage("mappings cannot be empty"); + .isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder().build()) + .withMessage("mappings cannot be empty"); } @Test public void addWhenMatcherNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder() - .add(null, (a, o) -> new AuthorizationDecision(true)).build()) - .withMessage("matcher cannot be null"); + .isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder() + .add(null, (a, o) -> new AuthorizationDecision(true)) + .build()) + .withMessage("matcher cannot be null"); } @Test public void addWhenManagerNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder() - .add(new MvcRequestMatcher(null, "/grant"), null).build()) - .withMessage("manager cannot be null"); + .isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder() + .add(new MvcRequestMatcher(null, "/grant"), null) + .build()) + .withMessage("manager cannot be null"); } @Test public void checkWhenMultipleMappingsConfiguredThenDelegatesMatchingManager() { RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder() - .add(new MvcRequestMatcher(null, "/grant"), (a, o) -> new AuthorizationDecision(true)) - .add(new MvcRequestMatcher(null, "/deny"), (a, o) -> new AuthorizationDecision(false)) - .add(new MvcRequestMatcher(null, "/neutral"), (a, o) -> null).build(); + .add(new MvcRequestMatcher(null, "/grant"), (a, o) -> new AuthorizationDecision(true)) + .add(new MvcRequestMatcher(null, "/deny"), (a, o) -> new AuthorizationDecision(false)) + .add(new MvcRequestMatcher(null, "/neutral"), (a, o) -> null) + .build(); Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER"); @@ -90,14 +93,15 @@ public class RequestMatcherDelegatingAuthorizationManagerTests { @Test public void checkWhenMultipleMappingsConfiguredWithConsumerThenDelegatesMatchingManager() { RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder() - .mappings((m) -> { - m.add(new RequestMatcherEntry<>(new MvcRequestMatcher(null, "/grant"), - (a, o) -> new AuthorizationDecision(true))); - m.add(new RequestMatcherEntry<>(AnyRequestMatcher.INSTANCE, - AuthorityAuthorizationManager.hasRole("ADMIN"))); - m.add(new RequestMatcherEntry<>(new MvcRequestMatcher(null, "/afterAny"), - (a, o) -> new AuthorizationDecision(true))); - }).build(); + .mappings((m) -> { + m.add(new RequestMatcherEntry<>(new MvcRequestMatcher(null, "/grant"), + (a, o) -> new AuthorizationDecision(true))); + m.add(new RequestMatcherEntry<>(AnyRequestMatcher.INSTANCE, + AuthorityAuthorizationManager.hasRole("ADMIN"))); + m.add(new RequestMatcherEntry<>(new MvcRequestMatcher(null, "/afterAny"), + (a, o) -> new AuthorizationDecision(true))); + }) + .build(); Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER"); @@ -118,8 +122,8 @@ public class RequestMatcherDelegatingAuthorizationManagerTests { @Test public void addWhenMappingsConsumerNullThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder().mappings(null).build()) - .withMessage("mappingsConsumer cannot be null"); + .isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder().mappings(null).build()) + .withMessage("mappingsConsumer cannot be null"); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java index a2b9a78898..0a6876ddf5 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java @@ -257,7 +257,7 @@ public class AbstractAuthenticationProcessingFilterTests { filter.setAuthenticationSuccessHandler(this.successHandler); filter.setFilterProcessesUrl("/login"); assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet) - .withMessage("authenticationManager must be specified"); + .withMessage("authenticationManager must be specified"); } @Test @@ -267,7 +267,7 @@ public class AbstractAuthenticationProcessingFilterTests { filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.setAuthenticationSuccessHandler(this.successHandler); assertThatIllegalArgumentException().isThrownBy(() -> filter.setFilterProcessesUrl(null)) - .withMessage("Pattern cannot be null or empty"); + .withMessage("Pattern cannot be null or empty"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandlerTests.java index af52e705d1..1ba47d4794 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationEntryPointFailureHandlerTests.java @@ -41,8 +41,8 @@ public class AuthenticationEntryPointFailureHandlerTests { AuthenticationEntryPoint entryPoint = mock(AuthenticationEntryPoint.class); AuthenticationEntryPointFailureHandler handler = new AuthenticationEntryPointFailureHandler(entryPoint); handler.setRethrowAuthenticationServiceException(true); - assertThatExceptionOfType(AuthenticationServiceException.class).isThrownBy( - () -> handler.onAuthenticationFailure(null, null, new AuthenticationServiceException("fail"))); + assertThatExceptionOfType(AuthenticationServiceException.class) + .isThrownBy(() -> handler.onAuthenticationFailure(null, null, new AuthenticationServiceException("fail"))); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java index 8e26b37048..3e4fc05102 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java @@ -116,8 +116,8 @@ public class DefaultLoginPageGeneratingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login"); filter.doFilter(request, response, this.chain); assertThat(response - .getContentLength() == response.getContentAsString().getBytes(response.getCharacterEncoding()).length) - .isTrue(); + .getContentLength() == response.getContentAsString().getBytes(response.getCharacterEncoding()).length) + .isTrue(); } @Test @@ -165,7 +165,7 @@ public class DefaultLoginPageGeneratingFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain); assertThat(response.getContentAsString()) - .contains("Google < > " ' &"); + .contains("Google < > " ' &"); } @Test @@ -179,7 +179,7 @@ public class DefaultLoginPageGeneratingFilterTests { filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain); assertThat(response.getContentAsString()).contains("Login with SAML 2.0"); assertThat(response.getContentAsString()) - .contains("Google < > " ' &"); + .contains("Google < > " ' &"); } // Fake OpenID filter (since it's not in this module @SuppressWarnings("unused") diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java index 89455c11d9..c51f5f8734 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandlerTests.java @@ -107,23 +107,23 @@ public class DelegatingAuthenticationFailureHandlerTests { @Test public void handlersIsNull() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingAuthenticationFailureHandler(null, this.defaultHandler)) - .withMessage("handlers cannot be null or empty"); + .isThrownBy(() -> new DelegatingAuthenticationFailureHandler(null, this.defaultHandler)) + .withMessage("handlers cannot be null or empty"); } @Test public void handlersIsEmpty() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler)) - .withMessage("handlers cannot be null or empty"); + .isThrownBy(() -> new DelegatingAuthenticationFailureHandler(this.handlers, this.defaultHandler)) + .withMessage("handlers cannot be null or empty"); } @Test public void defaultHandlerIsNull() { this.handlers.put(BadCredentialsException.class, this.handler1); assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingAuthenticationFailureHandler(this.handlers, null)) - .withMessage("defaultHandler cannot be null"); + .isThrownBy(() -> new DelegatingAuthenticationFailureHandler(this.handlers, null)) + .withMessage("defaultHandler cannot be null"); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/RequestMatcherDelegatingAuthenticationManagerResolverTests.java b/web/src/test/java/org/springframework/security/web/authentication/RequestMatcherDelegatingAuthenticationManagerResolverTests.java index df0f7258f4..de9e3e2561 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/RequestMatcherDelegatingAuthenticationManagerResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/RequestMatcherDelegatingAuthenticationManagerResolverTests.java @@ -43,8 +43,10 @@ public class RequestMatcherDelegatingAuthenticationManagerResolverTests { @Test public void resolveWhenMatchesThenReturnsAuthenticationManager() { RequestMatcherDelegatingAuthenticationManagerResolver resolver = RequestMatcherDelegatingAuthenticationManagerResolver - .builder().add(new AntPathRequestMatcher("/one/**"), this.one) - .add(new AntPathRequestMatcher("/two/**"), this.two).build(); + .builder() + .add(new AntPathRequestMatcher("/one/**"), this.one) + .add(new AntPathRequestMatcher("/two/**"), this.two) + .build(); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/one/location"); request.setServletPath("/one/location"); @@ -54,15 +56,17 @@ public class RequestMatcherDelegatingAuthenticationManagerResolverTests { @Test public void resolveWhenDoesNotMatchThenReturnsDefaultAuthenticationManager() { RequestMatcherDelegatingAuthenticationManagerResolver resolver = RequestMatcherDelegatingAuthenticationManagerResolver - .builder().add(new AntPathRequestMatcher("/one/**"), this.one) - .add(new AntPathRequestMatcher("/two/**"), this.two).build(); + .builder() + .add(new AntPathRequestMatcher("/one/**"), this.one) + .add(new AntPathRequestMatcher("/two/**"), this.two) + .build(); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/wrong/location"); AuthenticationManager authenticationManager = resolver.resolve(request); Authentication authentication = new TestingAuthenticationToken("principal", "creds"); assertThatExceptionOfType(AuthenticationServiceException.class) - .isThrownBy(() -> authenticationManager.authenticate(authentication)); + .isThrownBy(() -> authenticationManager.authenticate(authentication)); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java index 29633dd494..384f427b89 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandlerTests.java @@ -124,7 +124,7 @@ public class SimpleUrlAuthenticationSuccessHandlerTests { new BadCredentialsException("Invalid credentials")); assertThat(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isNotNull(); assertThat(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)) - .isInstanceOf(AuthenticationException.class); + .isInstanceOf(AuthenticationException.class); ash.onAuthenticationSuccess(request, response, mock(Authentication.class)); assertThat(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).isNull(); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java index 890dbcb576..04f372d71d 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilterTests.java @@ -123,7 +123,7 @@ public class UsernamePasswordAuthenticationFilterTests { given(am.authenticate(any(Authentication.class))).willThrow(new BadCredentialsException("")); filter.setAuthenticationManager(am); assertThatExceptionOfType(AuthenticationException.class) - .isThrownBy(() -> filter.attemptAuthentication(request, new MockHttpServletResponse())); + .isThrownBy(() -> filter.attemptAuthentication(request, new MockHttpServletResponse())); } @Test @@ -159,7 +159,7 @@ public class UsernamePasswordAuthenticationFilterTests { private AuthenticationManager createAuthenticationManager() { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))) - .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); + .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); return am; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java index 6bc04f2eaf..31bdfcca77 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CompositeLogoutHandlerTests.java @@ -46,7 +46,7 @@ public class CompositeLogoutHandlerTests { @Test public void buildEmptyCompositeLogoutHandlerThrowsException() { assertThatIllegalArgumentException().isThrownBy(() -> new CompositeLogoutHandler()) - .withMessage("LogoutHandlers are required"); + .withMessage("LogoutHandlers are required"); } @Test @@ -78,17 +78,17 @@ public class CompositeLogoutHandlerTests { public void callLogoutHandlersThrowException() { LogoutHandler firstLogoutHandler = mock(LogoutHandler.class); LogoutHandler secondLogoutHandler = mock(LogoutHandler.class); - willThrow(new IllegalArgumentException()).given(firstLogoutHandler).logout(any(HttpServletRequest.class), - any(HttpServletResponse.class), any(Authentication.class)); + willThrow(new IllegalArgumentException()).given(firstLogoutHandler) + .logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); List logoutHandlers = Arrays.asList(firstLogoutHandler, secondLogoutHandler); LogoutHandler handler = new CompositeLogoutHandler(logoutHandlers); assertThatIllegalArgumentException().isThrownBy(() -> handler.logout(mock(HttpServletRequest.class), mock(HttpServletResponse.class), mock(Authentication.class))); InOrder logoutHandlersInOrder = inOrder(firstLogoutHandler, secondLogoutHandler); - logoutHandlersInOrder.verify(firstLogoutHandler, times(1)).logout(any(HttpServletRequest.class), - any(HttpServletResponse.class), any(Authentication.class)); - logoutHandlersInOrder.verify(secondLogoutHandler, never()).logout(any(HttpServletRequest.class), - any(HttpServletResponse.class), any(Authentication.class)); + logoutHandlersInOrder.verify(firstLogoutHandler, times(1)) + .logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); + logoutHandlersInOrder.verify(secondLogoutHandler, never()) + .logout(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class)); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java index f5f972ec49..1e474de09a 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java @@ -37,14 +37,14 @@ public class ForwardLogoutSuccessHandlerTests { public void invalidTargetUrl() { String targetUrl = "not.valid"; assertThatIllegalArgumentException().isThrownBy(() -> new ForwardLogoutSuccessHandler(targetUrl)) - .withMessage("'" + targetUrl + "' is not a valid target URL"); + .withMessage("'" + targetUrl + "' is not a valid target URL"); } @Test public void emptyTargetUrl() { String targetUrl = " "; assertThatIllegalArgumentException().isThrownBy(() -> new ForwardLogoutSuccessHandler(targetUrl)) - .withMessage("'" + targetUrl + "' is not a valid target URL"); + .withMessage("'" + targetUrl + "' is not a valid target URL"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java index d385777942..021247d45c 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandlerTests.java @@ -48,7 +48,7 @@ public class HeaderWriterLogoutHandlerTests { @Test public void constructorWhenHeaderWriterIsNullThenThrowsException() { assertThatIllegalArgumentException().isThrownBy(() -> new HeaderWriterLogoutHandler(null)) - .withMessage("headerWriter cannot be null"); + .withMessage("headerWriter cannot be null"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java index 8373429927..c46edb862f 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/HttpStatusReturningLogoutSuccessHandlerTests.java @@ -60,7 +60,7 @@ public class HttpStatusReturningLogoutSuccessHandlerTests { @Test public void testThatSettNullHttpStatusThrowsException() { assertThatIllegalArgumentException().isThrownBy(() -> new HttpStatusReturningLogoutSuccessHandler(null)) - .withMessage("The provided HttpStatus must not be null."); + .withMessage("The provided HttpStatus must not be null."); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java index a0882d5fce..199a0c8b3c 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandlerTests.java @@ -103,15 +103,15 @@ public class SecurityContextLogoutHandlerTests { @Test public void constructorWhenDefaultSecurityContextRepositoryThenHttpSessionSecurityContextRepository() { SecurityContextRepository securityContextRepository = (SecurityContextRepository) ReflectionTestUtils - .getField(this.handler, "securityContextRepository"); + .getField(this.handler, "securityContextRepository"); assertThat(securityContextRepository).isInstanceOf(HttpSessionSecurityContextRepository.class); } @Test public void setSecurityContextRepositoryWhenNullThenException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> this.handler.setSecurityContextRepository(null)) - .withMessage("securityContextRepository cannot be null"); + .isThrownBy(() -> this.handler.setSecurityContextRepository(null)) + .withMessage("securityContextRepository cannot be null"); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java index 4084de3b03..ceceb846ed 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java @@ -104,7 +104,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { this.filter.setAuthenticationManager(am); this.filter.afterPropertiesSet(); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.filter - .doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class))); + .doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class))); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); } @@ -138,7 +138,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { @Test public void nullPreAuthenticationClearsPreviousUser() throws Exception { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("oldUser", "pass", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken("oldUser", "pass", "ROLE_USER")); ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); filter.principal = null; filter.setCheckForPrincipalChanges(true); @@ -160,7 +160,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { public void requiresAuthenticationFalsePrincipalString() throws Exception { Object principal = "sameprincipal"; SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER")); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); @@ -249,7 +249,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { filter.setCheckForPrincipalChanges(true); AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(PreAuthenticatedAuthenticationToken.class))) - .willThrow(new PreAuthenticatedCredentialsNotFoundException("invalid")); + .willThrow(new PreAuthenticatedCredentialsNotFoundException("invalid")); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); filter.doFilter(request, response, chain); @@ -263,7 +263,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { public void requiresAuthenticationFalsePrincipalNotString() throws Exception { Object principal = new Object(); SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER")); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); @@ -281,7 +281,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { public void requiresAuthenticationFalsePrincipalUser() throws Exception { User currentPrincipal = new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")); UsernamePasswordAuthenticationToken currentAuthentication = UsernamePasswordAuthenticationToken - .authenticated(currentPrincipal, currentPrincipal.getPassword(), currentPrincipal.getAuthorities()); + .authenticated(currentPrincipal, currentPrincipal.getPassword(), currentPrincipal.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(currentAuthentication); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); @@ -320,7 +320,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { public void requiresAuthenticationOverridePrincipalChangedTrue() throws Exception { Object principal = new Object(); SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER")); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); @@ -343,7 +343,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { public void requiresAuthenticationOverridePrincipalChangedFalse() throws Exception { Object principal = new Object(); SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER")); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); @@ -405,7 +405,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { } else { given(am.authenticate(any(Authentication.class))) - .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); + .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); } filter.setAuthenticationManager(am); filter.afterPropertiesSet(); diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java index 4e135f2894..8007b4c4c5 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationTokenTests.java @@ -69,9 +69,8 @@ public class PreAuthenticatedAuthenticationTokenTests { assertThat(token.getAuthorities()).isNotNull(); Collection resultColl = token.getAuthorities(); assertThat(gas.containsAll(resultColl) && resultColl.containsAll(gas)) - .withFailMessage( - "GrantedAuthority collections do not match; result: " + resultColl + ", expected: " + gas) - .isTrue(); + .withFailMessage("GrantedAuthority collections do not match; result: " + resultColl + ", expected: " + gas) + .isTrue(); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java index 12a70cea99..ca503fede8 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests.java @@ -75,9 +75,10 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests { // Password is not saved by // PreAuthenticatedGrantedAuthoritiesUserDetailsService // assertThat(password).isEqualTo(ud.getPassword()); - assertThat(gas.containsAll(ud.getAuthorities()) && ud.getAuthorities().containsAll(gas)).withFailMessage( - "GrantedAuthority collections do not match; result: " + ud.getAuthorities() + ", expected: " + gas) - .isTrue(); + assertThat(gas.containsAll(ud.getAuthorities()) && ud.getAuthorities().containsAll(gas)) + .withFailMessage( + "GrantedAuthority collections do not match; result: " + ud.getAuthorities() + ", expected: " + gas) + .isTrue(); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java index 0be25f5c26..12ccbb4fc6 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests.java @@ -52,9 +52,10 @@ public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetailsTests { PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails( getRequest("testUser", new String[] {}), this.gas); List returnedGas = details.getGrantedAuthorities(); - assertThat(this.gas.containsAll(returnedGas) && returnedGas.containsAll(this.gas)).withFailMessage( - "Collections do not contain same elements; expected: " + this.gas + ", returned: " + returnedGas) - .isTrue(); + assertThat(this.gas.containsAll(returnedGas) && returnedGas.containsAll(this.gas)) + .withFailMessage( + "Collections do not contain same elements; expected: " + this.gas + ", returned: " + returnedGas) + .isTrue(); } private HttpServletRequest getRequest(final String userName, final String[] aRoles) { diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java index f385d3a7a9..5ba198bcaa 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilterTests.java @@ -52,7 +52,7 @@ public class RequestAttributeAuthenticationFilterTests { MockFilterChain chain = new MockFilterChain(); RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter(); assertThatExceptionOfType(PreAuthenticatedCredentialsNotFoundException.class) - .isThrownBy(() -> filter.doFilter(request, response, chain)); + .isThrownBy(() -> filter.doFilter(request, response, chain)); } @Test @@ -129,7 +129,7 @@ public class RequestAttributeAuthenticationFilterTests { RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); assertThatExceptionOfType(PreAuthenticatedCredentialsNotFoundException.class) - .isThrownBy(() -> filter.doFilter(request, response, chain)); + .isThrownBy(() -> filter.doFilter(request, response, chain)); } @Test @@ -149,7 +149,7 @@ public class RequestAttributeAuthenticationFilterTests { private AuthenticationManager createAuthenticationManager() { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))) - .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); + .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); return am; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java index 900fd03997..00e80dbc03 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderAuthenticationFilterTests.java @@ -54,7 +54,7 @@ public class RequestHeaderAuthenticationFilterTests { MockFilterChain chain = new MockFilterChain(); RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter(); assertThatExceptionOfType(PreAuthenticatedCredentialsNotFoundException.class) - .isThrownBy(() -> filter.doFilter(request, response, chain)); + .isThrownBy(() -> filter.doFilter(request, response, chain)); } @Test @@ -130,7 +130,7 @@ public class RequestHeaderAuthenticationFilterTests { RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter(); filter.setAuthenticationManager(createAuthenticationManager()); assertThatExceptionOfType(PreAuthenticatedCredentialsNotFoundException.class) - .isThrownBy(() -> filter.doFilter(request, response, chain)); + .isThrownBy(() -> filter.doFilter(request, response, chain)); } @Test @@ -150,7 +150,7 @@ public class RequestHeaderAuthenticationFilterTests { private AuthenticationManager createAuthenticationManager() { AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))) - .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); + .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); return am; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java index 3e7275f1b7..66933436d6 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests.java @@ -112,7 +112,7 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests { assertThat(o instanceof PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails).withFailMessage( "Returned object not of type PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails, actual type: " + o.getClass()) - .isTrue(); + .isTrue(); PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = (PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails) o; List gas = details.getGrantedAuthorities(); assertThat(gas).as("Granted authorities should not be null").isNotNull(); @@ -123,7 +123,8 @@ public class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests { gasRolesSet.add(grantedAuthority.getAuthority()); } assertThat(expectedRolesColl.containsAll(gasRolesSet) && gasRolesSet.containsAll(expectedRolesColl)) - .withFailMessage("Granted Authorities do not match expected roles").isTrue(); + .withFailMessage("Granted Authorities do not match expected roles") + .isTrue(); } private J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource getJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource( diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java index 91edaf4d14..1a4e5b5084 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/j2ee/J2eePreAuthenticatedProcessingFilterTests.java @@ -38,13 +38,13 @@ public class J2eePreAuthenticatedProcessingFilterTests { public final void testGetPreAuthenticatedPrincipal() { String user = "testUser"; assertThat(user).isEqualTo(new J2eePreAuthenticatedProcessingFilter() - .getPreAuthenticatedPrincipal(getRequest(user, new String[] {}))); + .getPreAuthenticatedPrincipal(getRequest(user, new String[] {}))); } @Test public final void testGetPreAuthenticatedCredentials() { assertThat("N/A").isEqualTo(new J2eePreAuthenticatedProcessingFilter() - .getPreAuthenticatedCredentials(getRequest("testUser", new String[] {}))); + .getPreAuthenticatedCredentials(getRequest("testUser", new String[] {}))); } private HttpServletRequest getRequest(final String aUserName, final String[] aRoles) { diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java index d5a9e1a8d2..5b7e962482 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSpherePreAuthenticatedProcessingFilterTests.java @@ -54,7 +54,7 @@ public class WebSpherePreAuthenticatedProcessingFilterTests { assertThat(filter.getPreAuthenticatedCredentials(new MockHttpServletRequest())).isEqualTo("N/A"); AuthenticationManager am = mock(AuthenticationManager.class); given(am.authenticate(any(Authentication.class))) - .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); + .willAnswer((Answer) (invocation) -> (Authentication) invocation.getArguments()[0]); filter.setAuthenticationManager(am); WebSpherePreAuthenticatedWebAuthenticationDetailsSource ads = new WebSpherePreAuthenticatedWebAuthenticationDetailsSource( helper); diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java index f910a2cd25..a86b41e0bc 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractorTests.java @@ -65,7 +65,7 @@ public class SubjectDnX509PrincipalExtractorTests { public void matchOnShoeSizeThrowsBadCredentials() throws Exception { this.extractor.setSubjectDnRegex("shoeSize=(.*?),"); assertThatExceptionOfType(BadCredentialsException.class) - .isThrownBy(() -> this.extractor.extractPrincipal(X509TestUtils.buildTestCertificate())); + .isThrownBy(() -> this.extractor.extractPrincipal(X509TestUtils.buildTestCertificate())); } @Test diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java index d788ca654c..8a08cbb739 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java @@ -64,7 +64,7 @@ public class AbstractRememberMeServicesTests { @Test public void nonBase64CookieShouldBeDetected() { assertThatExceptionOfType(InvalidCookieException.class) - .isThrownBy(() -> new MockRememberMeServices(this.uds).decodeCookie("nonBase64CookieValue%")); + .isThrownBy(() -> new MockRememberMeServices(this.uds).decodeCookie("nonBase64CookieValue%")); } @Test diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java index 8e088aa253..2d93da83d0 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java @@ -145,7 +145,7 @@ public class JdbcTokenRepositoryImplTests { // 'joesseries'"); this.repo.removeUserTokens("joeuser"); List> results = this.template - .queryForList("select * from persistent_logins where username = 'joeuser'"); + .queryForList("select * from persistent_logins where username = 'joeuser'"); assertThat(results).isEmpty(); } @@ -156,7 +156,7 @@ public class JdbcTokenRepositoryImplTests { + "('joesseries', 'joeuser', 'atoken', '" + ts.toString() + "')"); this.repo.updateToken("joesseries", "newtoken", new Date()); Map results = this.template - .queryForMap("select * from persistent_logins where series = 'joesseries'"); + .queryForMap("select * from persistent_logins where series = 'joesseries'"); assertThat(results.get("username")).isEqualTo("joeuser"); assertThat(results.get("series")).isEqualTo("joesseries"); assertThat(results.get("token")).isEqualTo("newtoken"); diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java index d6753c60cb..13d4e95fe0 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java @@ -55,16 +55,16 @@ public class PersistentTokenBasedRememberMeServicesTests { @Test public void loginIsRejectedWithWrongNumberOfCookieTokens() { assertThatExceptionOfType(InvalidCookieException.class) - .isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token", "extra" }, - new MockHttpServletRequest(), new MockHttpServletResponse())); + .isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token", "extra" }, + new MockHttpServletRequest(), new MockHttpServletResponse())); } @Test public void loginIsRejectedWhenNoTokenMatchingSeriesIsFound() { this.services = create(null); assertThatExceptionOfType(RememberMeAuthenticationException.class) - .isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token" }, - new MockHttpServletRequest(), new MockHttpServletResponse())); + .isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token" }, + new MockHttpServletRequest(), new MockHttpServletResponse())); } @Test @@ -73,16 +73,16 @@ public class PersistentTokenBasedRememberMeServicesTests { new Date(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(1) - 100))); this.services.setTokenValiditySeconds(1); assertThatExceptionOfType(RememberMeAuthenticationException.class) - .isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token" }, - new MockHttpServletRequest(), new MockHttpServletResponse())); + .isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token" }, + new MockHttpServletRequest(), new MockHttpServletResponse())); } @Test public void cookieTheftIsDetectedWhenSeriesAndTokenDontMatch() { this.services = create(new PersistentRememberMeToken("joe", "series", "wrongtoken", new Date())); assertThatExceptionOfType(CookieTheftException.class) - .isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token" }, - new MockHttpServletRequest(), new MockHttpServletResponse())); + .isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token" }, + new MockHttpServletRequest(), new MockHttpServletResponse())); } @Test diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java index f02b39960b..5366b8b9f0 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationFilterTests.java @@ -69,13 +69,13 @@ public class RememberMeAuthenticationFilterTests { @Test public void testDetectsAuthenticationManagerProperty() { assertThatIllegalArgumentException() - .isThrownBy(() -> new RememberMeAuthenticationFilter(null, new NullRememberMeServices())); + .isThrownBy(() -> new RememberMeAuthenticationFilter(null, new NullRememberMeServices())); } @Test public void testDetectsRememberMeServicesProperty() { assertThatIllegalArgumentException() - .isThrownBy(() -> new RememberMeAuthenticationFilter(mock(AuthenticationManager.class), null)); + .isThrownBy(() -> new RememberMeAuthenticationFilter(mock(AuthenticationManager.class), null)); } @Test diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java index 7d91141c44..93237a07a8 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServicesTests.java @@ -447,7 +447,8 @@ public class TokenBasedRememberMeServicesTests { assertThat(cookie).isNotNull(); // Check the expiry time is within 50ms of two weeks from current time assertThat(determineExpiryTimeFromBased64EncodedToken(cookie.getValue()) - - System.currentTimeMillis() > AbstractRememberMeServices.TWO_WEEKS_S - 50).isTrue(); + - System.currentTimeMillis() > AbstractRememberMeServices.TWO_WEEKS_S - 50) + .isTrue(); assertThat(cookie.getMaxAge()).isEqualTo(-1); assertThat(CodecTestUtils.isBase64(cookie.getValue().getBytes())).isTrue(); } @@ -455,15 +456,15 @@ public class TokenBasedRememberMeServicesTests { @Test public void constructorWhenEncodingAlgorithmNullThenException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> new TokenBasedRememberMeServices("key", this.uds, null)) - .withMessage("encodingAlgorithm cannot be null"); + .isThrownBy(() -> new TokenBasedRememberMeServices("key", this.uds, null)) + .withMessage("encodingAlgorithm cannot be null"); } @Test public void constructorWhenNoEncodingAlgorithmSpecifiedThenMd5() { TokenBasedRememberMeServices rememberMeServices = new TokenBasedRememberMeServices("key", this.uds); RememberMeTokenAlgorithm encodingAlgorithm = (RememberMeTokenAlgorithm) ReflectionTestUtils - .getField(rememberMeServices, "encodingAlgorithm"); + .getField(rememberMeServices, "encodingAlgorithm"); assertThat(encodingAlgorithm).isSameAs(RememberMeTokenAlgorithm.MD5); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java index 2aaab5a639..ae3d8068ff 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/session/CompositeSessionAuthenticationStrategyTests.java @@ -86,11 +86,11 @@ public class CompositeSessionAuthenticationStrategyTests { @Test public void delegateShortCircuits() { willThrow(new SessionAuthenticationException("oops")).given(this.strategy1) - .onAuthentication(this.authentication, this.request, this.response); + .onAuthentication(this.authentication, this.request, this.response); CompositeSessionAuthenticationStrategy strategy = new CompositeSessionAuthenticationStrategy( Arrays.asList(this.strategy1, this.strategy2)); assertThatExceptionOfType(SessionAuthenticationException.class) - .isThrownBy(() -> strategy.onAuthentication(this.authentication, this.request, this.response)); + .isThrownBy(() -> strategy.onAuthentication(this.authentication, this.request, this.response)); verify(this.strategy1).onAuthentication(this.authentication, this.request, this.response); verify(this.strategy2, times(0)).onAuthentication(this.authentication, this.request, this.response); } diff --git a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java index ee6fcc05b5..ffe51cc2a0 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategyTests.java @@ -80,7 +80,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { @Test public void noRegisteredSession() { given(this.sessionRegistry.getAllSessions(any(), anyBoolean())) - .willReturn(Collections.emptyList()); + .willReturn(Collections.emptyList()); this.strategy.setMaximumSessions(1); this.strategy.setExceptionIfMaximumExceeded(true); this.strategy.onAuthentication(this.authentication, this.request, this.response); @@ -92,7 +92,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { MockHttpSession session = new MockHttpSession(new MockServletContext(), this.sessionInformation.getSessionId()); this.request.setSession(session); given(this.sessionRegistry.getAllSessions(any(), anyBoolean())) - .willReturn(Collections.singletonList(this.sessionInformation)); + .willReturn(Collections.singletonList(this.sessionInformation)); this.strategy.setMaximumSessions(1); this.strategy.setExceptionIfMaximumExceeded(true); this.strategy.onAuthentication(this.authentication, this.request, this.response); @@ -102,17 +102,17 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { @Test public void maxSessionsWithException() { given(this.sessionRegistry.getAllSessions(any(), anyBoolean())) - .willReturn(Collections.singletonList(this.sessionInformation)); + .willReturn(Collections.singletonList(this.sessionInformation)); this.strategy.setMaximumSessions(1); this.strategy.setExceptionIfMaximumExceeded(true); assertThatExceptionOfType(SessionAuthenticationException.class) - .isThrownBy(() -> this.strategy.onAuthentication(this.authentication, this.request, this.response)); + .isThrownBy(() -> this.strategy.onAuthentication(this.authentication, this.request, this.response)); } @Test public void maxSessionsExpireExistingUser() { given(this.sessionRegistry.getAllSessions(any(), anyBoolean())) - .willReturn(Collections.singletonList(this.sessionInformation)); + .willReturn(Collections.singletonList(this.sessionInformation)); this.strategy.setMaximumSessions(1); this.strategy.onAuthentication(this.authentication, this.request, this.response); assertThat(this.sessionInformation.isExpired()).isTrue(); @@ -123,7 +123,7 @@ public class ConcurrentSessionControlAuthenticationStrategyTests { SessionInformation moreRecentSessionInfo = new SessionInformation(this.authentication.getPrincipal(), "unique", new Date(1374766999999L)); given(this.sessionRegistry.getAllSessions(any(), anyBoolean())) - .willReturn(Arrays.asList(moreRecentSessionInfo, this.sessionInformation)); + .willReturn(Arrays.asList(moreRecentSessionInfo, this.sessionInformation)); this.strategy.setMaximumSessions(2); this.strategy.onAuthentication(this.authentication, this.request, this.response); assertThat(this.sessionInformation.isExpired()).isTrue(); diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java index 0fc4915d5a..dc11da8cce 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java @@ -332,7 +332,7 @@ public class SwitchUserFilterTests { FilterChain chain = mock(FilterChain.class); MockHttpServletResponse response = new MockHttpServletResponse(); assertThatExceptionOfType(AuthenticationException.class) - .isThrownBy(() -> filter.doFilter(request, response, chain)); + .isThrownBy(() -> filter.doFilter(request, response, chain)); verify(chain, never()).doFilter(request, response); } @@ -467,7 +467,7 @@ public class SwitchUserFilterTests { @Test public void switchAuthorityRoleCannotBeNull() { assertThatIllegalArgumentException().isThrownBy(() -> switchToUserWithAuthorityRole("dano", null)) - .withMessage("switchAuthorityRole cannot be null"); + .withMessage("switchAuthorityRole cannot be null"); } // gh-3697 @@ -514,7 +514,7 @@ public class SwitchUserFilterTests { void filterWhenDefaultSecurityContextRepositoryThenHttpSessionRepository() { SwitchUserFilter switchUserFilter = new SwitchUserFilter(); assertThat(ReflectionTestUtils.getField(switchUserFilter, "securityContextRepository")) - .isInstanceOf(HttpSessionSecurityContextRepository.class); + .isInstanceOf(HttpSessionSecurityContextRepository.class); } @Test diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java index f51c172c40..45c4673afe 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthorityTests.java @@ -29,13 +29,13 @@ public class SwitchUserGrantedAuthorityTests { @Test public void authorityWithNullRoleFailsAssertion() { assertThatIllegalArgumentException().isThrownBy(() -> new SwitchUserGrantedAuthority(null, null)) - .withMessage("role cannot be null"); + .withMessage("role cannot be null"); } @Test public void authorityWithNullSourceFailsAssertion() { assertThatIllegalArgumentException().isThrownBy(() -> new SwitchUserGrantedAuthority("role", null)) - .withMessage("source cannot be null"); + .withMessage("source cannot be null"); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java index 4ab89fa99e..91f4403d90 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java @@ -38,34 +38,36 @@ public class DefaultLogoutPageGeneratingFilterTests { @Test public void doFilterWhenNoHiddenInputsThenPageRendered() throws Exception { MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilter(this.filter).build(); - mockMvc.perform(get("/logout")).andExpect(content().string("\n" + "\n" - + " \n" + " \n" - + " \n" - + " \n" + " \n" - + " Confirm Log Out?\n" - + " \n" - + " \n" - + " \n" + " \n" + "
\n" - + "
\n" - + " \n" - + " \n" - + "
\n" + "
\n" + " \n" + "")) - .andExpect(content().contentType("text/html;charset=UTF-8")); + mockMvc.perform(get("/logout")) + .andExpect(content().string("\n" + "\n" + " \n" + + " \n" + + " \n" + + " \n" + " \n" + + " Confirm Log Out?\n" + + " \n" + + " \n" + + " \n" + " \n" + "
\n" + + "
\n" + + " \n" + + " \n" + + "
\n" + "
\n" + " \n" + "")) + .andExpect(content().contentType("text/html;charset=UTF-8")); } @Test public void doFilterWhenHiddenInputsSetThenHiddenInputsRendered() throws Exception { this.filter.setResolveHiddenInputs((r) -> Collections.singletonMap("_csrf", "csrf-token-1")); MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilters(this.filter).build(); - mockMvc.perform(get("/logout")).andExpect( - content().string(containsString(""))); + mockMvc.perform(get("/logout")) + .andExpect(content() + .string(containsString(""))); } @Test public void doFilterWhenRequestContextThenActionContainsRequestContext() throws Exception { MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilters(this.filter).build(); mockMvc.perform(get("/context/logout").contextPath("/context")) - .andExpect(content().string(containsString("action=\"/context/logout\""))); + .andExpect(content().string(containsString("action=\"/context/logout\""))); } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java index 27ace4ca0c..7cf1c720a6 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java @@ -41,7 +41,7 @@ public class BasicAuthenticationEntryPointTests { public void testDetectsMissingRealmName() { BasicAuthenticationEntryPoint ep = new BasicAuthenticationEntryPoint(); assertThatIllegalArgumentException().isThrownBy(ep::afterPropertiesSet) - .withMessage("realmName must be specified"); + .withMessage("realmName must be specified"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java index 104c73f4fd..9b5345765f 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthUtilsTests.java @@ -41,9 +41,9 @@ public class DigestAuthUtilsTests { assertThat(headerMap.get("username")).isEqualTo("rod"); assertThat(headerMap.get("realm")).isEqualTo("Contacts Realm"); assertThat(headerMap.get("nonce")) - .isEqualTo("MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ=="); + .isEqualTo("MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ=="); assertThat(headerMap.get("uri")) - .isEqualTo("/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4"); + .isEqualTo("/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4"); assertThat(headerMap.get("response")).isEqualTo("38644211cf9ac3da63ab639807e2baff"); assertThat(headerMap.get("qop")).isEqualTo("auth"); assertThat(headerMap.get("nc")).isEqualTo("00000004"); @@ -59,9 +59,9 @@ public class DigestAuthUtilsTests { assertThat(headerMap.get("username")).isEqualTo("\"rod\""); assertThat(headerMap.get("realm")).isEqualTo("\"Contacts Realm\""); assertThat(headerMap.get("nonce")) - .isEqualTo("\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\""); + .isEqualTo("\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\""); assertThat(headerMap.get("uri")) - .isEqualTo("\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\""); + .isEqualTo("\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\""); assertThat(headerMap.get("response")).isEqualTo("\"38644211cf9ac3da63ab639807e2baff\""); assertThat(headerMap.get("qop")).isEqualTo("auth"); assertThat(headerMap.get("nc")).isEqualTo("00000004"); @@ -95,7 +95,7 @@ public class DigestAuthUtilsTests { assertThatIllegalArgumentException().isThrownBy(() -> DigestAuthUtils.split("sdch=dfgf", null)); assertThatIllegalArgumentException().isThrownBy(() -> DigestAuthUtils.split("fvfv=dcdc", "")); assertThatIllegalArgumentException() - .isThrownBy(() -> DigestAuthUtils.split("dfdc=dcdc", "BIGGER_THAN_ONE_CHARACTER")); + .isThrownBy(() -> DigestAuthUtils.split("dfdc=dcdc", "BIGGER_THAN_ONE_CHARACTER")); } @Test diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java index 1e9f557c0d..63c74dfd95 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPointTests.java @@ -61,7 +61,7 @@ public class DigestAuthenticationEntryPointTests { ep.setKey("dcdc"); ep.setNonceValiditySeconds(12); assertThatIllegalArgumentException().isThrownBy(ep::afterPropertiesSet) - .withMessage("realmName must be specified"); + .withMessage("realmName must be specified"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java index 2520fdcdd9..209a3850ff 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilterTests.java @@ -258,7 +258,7 @@ public class DigestAuthenticationFilterTests { executeFilterInContainerSimulator(this.filter, this.request, true); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()) - .isEqualTo(USERNAME); + .isEqualTo(USERNAME); } @Test @@ -270,7 +270,7 @@ public class DigestAuthenticationFilterTests { executeFilterInContainerSimulator(this.filter, this.request, true); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()) - .isEqualTo(USERNAME); + .isEqualTo(USERNAME); assertThat(SecurityContextHolder.getContext().getAuthentication().isAuthenticated()).isFalse(); } @@ -284,10 +284,10 @@ public class DigestAuthenticationFilterTests { executeFilterInContainerSimulator(this.filter, this.request, true); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()) - .isEqualTo(USERNAME); + .isEqualTo(USERNAME); assertThat(SecurityContextHolder.getContext().getAuthentication().isAuthenticated()).isTrue(); assertThat(SecurityContextHolder.getContext().getAuthentication().getAuthorities()) - .isEqualTo(AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); + .isEqualTo(AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); } @Test @@ -420,10 +420,10 @@ public class DigestAuthenticationFilterTests { MockHttpServletResponse response = executeFilterInContainerSimulator(this.filter, this.request, true); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()) - .isEqualTo(USERNAME); + .isEqualTo(USERNAME); assertThat(SecurityContextHolder.getContext().getAuthentication().isAuthenticated()).isTrue(); assertThat(SecurityContextHolder.getContext().getAuthentication().getAuthorities()) - .isEqualTo(AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); + .isEqualTo(AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); verify(securityContextRepository).saveContext(contextArg.capture(), eq(this.request), eq(response)); assertThat(contextArg.getValue().getAuthentication().getName()).isEqualTo(USERNAME); } diff --git a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java index 69cc3431a5..e7a29b77c8 100644 --- a/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java @@ -89,35 +89,35 @@ public class AuthenticationPrincipalArgumentResolverTests { public void resolveArgumentString() throws Exception { setAuthenticationPrincipal("john"); assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } @Test public void resolveArgumentPrincipalStringOnObject() throws Exception { setAuthenticationPrincipal("john"); assertThat(this.resolver.resolveArgument(showUserAnnotationObject(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } @Test public void resolveArgumentUserDetails() throws Exception { setAuthenticationPrincipal(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"))); assertThat(this.resolver.resolveArgument(showUserAnnotationUserDetails(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } @Test public void resolveArgumentCustomUserPrincipal() throws Exception { setAuthenticationPrincipal(new CustomUserPrincipal()); assertThat(this.resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } @Test public void resolveArgumentCustomAnnotation() throws Exception { setAuthenticationPrincipal(new CustomUserPrincipal()); assertThat(this.resolver.resolveArgument(showUserCustomAnnotation(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } @Test @@ -129,22 +129,22 @@ public class AuthenticationPrincipalArgumentResolverTests { @Test public void resolveArgumentErrorOnInvalidType() throws Exception { setAuthenticationPrincipal(new CustomUserPrincipal()); - assertThatExceptionOfType(ClassCastException.class).isThrownBy( - () -> this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null)); + assertThatExceptionOfType(ClassCastException.class) + .isThrownBy(() -> this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null)); } @Test public void resolveArgumentCustomserErrorOnInvalidType() throws Exception { setAuthenticationPrincipal(new CustomUserPrincipal()); assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> this.resolver - .resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null)); + .resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null)); } @Test public void resolveArgumentObject() throws Exception { setAuthenticationPrincipal(new Object()); assertThat(this.resolver.resolveArgument(showUserAnnotationObject(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } private MethodParameter showUserNoAnnotation() { @@ -187,7 +187,7 @@ public class AuthenticationPrincipalArgumentResolverTests { private void setAuthenticationPrincipal(Object principal) { this.expectedPrincipal = principal; SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER")); } @Target({ ElementType.PARAMETER }) diff --git a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java index d6c4c56f09..51f5f6fdc7 100644 --- a/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java @@ -77,7 +77,7 @@ public class ConcurrentSessionFilterTests { @SuppressWarnings("deprecation") public void constructorSessionRegistryExpiresUrlWhenInvalidUrlThenExceptionThrown() { assertThatIllegalArgumentException() - .isThrownBy(() -> new ConcurrentSessionFilter(new SessionRegistryImpl(), "oops")); + .isThrownBy(() -> new ConcurrentSessionFilter(new SessionRegistryImpl(), "oops")); } @Test @@ -130,8 +130,8 @@ public class ConcurrentSessionFilterTests { filter.doFilter(request, response, fc); verifyNoMoreInteractions(fc); assertThat(response.getContentAsString()) - .isEqualTo("This session has been expired (possibly due to multiple concurrent logins being " - + "attempted as the same user)."); + .isEqualTo("This session has been expired (possibly due to multiple concurrent logins being " + + "attempted as the same user)."); } @Test diff --git a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java index 8475a2433d..c9557b6a24 100644 --- a/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java +++ b/web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java @@ -136,7 +136,7 @@ public class AbstractSecurityWebApplicationInitializerTests { }.onStartup(context); DelegatingFilterProxy proxy = proxyCaptor.getValue(); assertThat(proxy.getContextAttribute()) - .isEqualTo("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher"); + .isEqualTo("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher"); assertThat(proxy).hasFieldOrPropertyWithValue("targetBeanName", "springSecurityFilterChain"); verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(registration).setAsyncSupported(true); @@ -147,8 +147,9 @@ public class AbstractSecurityWebApplicationInitializerTests { public void onStartupWhenSpringSecurityFilterChainAlreadyRegisteredThenException() { ServletContext context = mock(ServletContext.class); assertThatIllegalStateException().isThrownBy(() -> new AbstractSecurityWebApplicationInitializer() { - }.onStartup(context)).withMessage("Duplicate Filter registration for 'springSecurityFilterChain'. " - + "Check to ensure the Filter is only configured once."); + }.onStartup(context)) + .withMessage("Duplicate Filter registration for 'springSecurityFilterChain'. " + + "Check to ensure the Filter is only configured once."); } @Test @@ -189,8 +190,9 @@ public class AbstractSecurityWebApplicationInitializerTests { insertFilters(context, filter1); } - }.onStartup(context)).withMessage( - "Duplicate Filter registration for 'object'. Check to ensure the Filter is only configured once."); + }.onStartup(context)) + .withMessage( + "Duplicate Filter registration for 'object'. Check to ensure the Filter is only configured once."); assertProxyDefaults(proxyCaptor.getValue()); verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(context).addFilter(anyString(), eq(filter1)); @@ -269,8 +271,9 @@ public class AbstractSecurityWebApplicationInitializerTests { appendFilters(context, filter1); } - }.onStartup(context)).withMessage( - "Duplicate Filter registration for 'object'. " + "Check to ensure the Filter is only configured once."); + }.onStartup(context)) + .withMessage("Duplicate Filter registration for 'object'. " + + "Check to ensure the Filter is only configured once."); assertProxyDefaults(proxyCaptor.getValue()); verify(registration).addMappingForUrlPatterns(DEFAULT_DISPATCH, false, "/*"); verify(context).addFilter(anyString(), eq(filter1)); @@ -319,8 +322,8 @@ public class AbstractSecurityWebApplicationInitializerTests { ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); ArgumentCaptor> modesCaptor = ArgumentCaptor - .forClass(new HashSet() { - }.getClass()); + .forClass(new HashSet() { + }.getClass()); willDoNothing().given(context).setSessionTrackingModes(modesCaptor.capture()); new AbstractSecurityWebApplicationInitializer() { }.onStartup(context); @@ -337,8 +340,8 @@ public class AbstractSecurityWebApplicationInitializerTests { ArgumentCaptor proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class); given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration); ArgumentCaptor> modesCaptor = ArgumentCaptor - .forClass(new HashSet() { - }.getClass()); + .forClass(new HashSet() { + }.getClass()); willDoNothing().given(context).setSessionTrackingModes(modesCaptor.capture()); new AbstractSecurityWebApplicationInitializer() { @Override @@ -355,7 +358,7 @@ public class AbstractSecurityWebApplicationInitializerTests { @Test public void defaultFilterNameEqualsSpringSecurityFilterChain() { assertThat(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME) - .isEqualTo("springSecurityFilterChain"); + .isEqualTo("springSecurityFilterChain"); } private static void verifyNoAddListener(ServletContext context) { diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java index 371f157455..053fc1a58c 100644 --- a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java @@ -205,7 +205,7 @@ public class HttpSessionSecurityContextRepositoryTests { assertThat(repo.loadContext(holder)).isSameAs(ctx); // Modify context contents. Same user, different role SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("someone", "passwd", "ROLE_B")); + .setAuthentication(new TestingAuthenticationToken("someone", "passwd", "ROLE_B")); repo.saveContext(ctx, holder.getRequest(), holder.getResponse()); // Must be called even though the value in the local VM is already the same verify(session).setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctx); @@ -250,7 +250,7 @@ public class HttpSessionSecurityContextRepositoryTests { assertThat( mockRequest.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)) - .isEqualTo(originalContext); + .isEqualTo(originalContext); } @Test @@ -258,8 +258,9 @@ public class HttpSessionSecurityContextRepositoryTests { HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); MockHttpServletRequest request = new MockHttpServletRequest(); SecurityContextHolder.getContext().setAuthentication(this.testToken); - request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, - "NotASecurityContextInstance"); + request.getSession() + .setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, + "NotASecurityContextInstance"); MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); SecurityContext context = repo.loadContext(holder); @@ -280,7 +281,7 @@ public class HttpSessionSecurityContextRepositoryTests { repo.saveContext(context, holder.getRequest(), holder.getResponse()); assertThat(request.getSession(false)).isNotNull(); assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)) - .isEqualTo(context); + .isEqualTo(context); } @Test @@ -461,8 +462,9 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); SecurityContextHolder.setContext(repo.loadContext(holder)); - SecurityContextHolder.getContext().setAuthentication( - new AnonymousAuthenticationToken("key", "anon", AuthorityUtils.createAuthorityList("ANON"))); + SecurityContextHolder.getContext() + .setAuthentication( + new AnonymousAuthenticationToken("key", "anon", AuthorityUtils.createAuthorityList("ANON"))); repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse()); assertThat(request.getSession(false)).isNull(); } @@ -474,15 +476,15 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletRequest request = new MockHttpServletRequest(); SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext(); ctxInSession.setAuthentication(this.testToken); - request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, - ctxInSession); + request.getSession() + .setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctxInSession); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse()); repo.loadContext(holder); SecurityContextHolder.getContext() - .setAuthentication(new AnonymousAuthenticationToken("x", "x", this.testToken.getAuthorities())); + .setAuthentication(new AnonymousAuthenticationToken("x", "x", this.testToken.getAuthorities())); repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse()); assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)) - .isNull(); + .isNull(); } @Test @@ -509,10 +511,11 @@ public class HttpSessionSecurityContextRepositoryTests { repo.loadContext(holder); SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext(); ctxInSession.setAuthentication(this.testToken); - request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, - ctxInSession); - SecurityContextHolder.getContext().setAuthentication( - new AnonymousAuthenticationToken("x", "x", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"))); + request.getSession() + .setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctxInSession); + SecurityContextHolder.getContext() + .setAuthentication( + new AnonymousAuthenticationToken("x", "x", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"))); repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse()); assertThat(ctxInSession).isSameAs( request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)); @@ -525,14 +528,14 @@ public class HttpSessionSecurityContextRepositoryTests { MockHttpServletRequest request = new MockHttpServletRequest(); SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext(); ctxInSession.setAuthentication(this.testToken); - request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, - ctxInSession); + request.getSession() + .setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctxInSession); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse()); repo.loadContext(holder); ctxInSession.setAuthentication(null); repo.saveContext(ctxInSession, holder.getRequest(), holder.getResponse()); assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)) - .isNull(); + .isNull(); } @Test @@ -613,7 +616,7 @@ public class HttpSessionSecurityContextRepositoryTests { new HttpServletResponseWrapper(holder.getResponse())); assertThat(request.getSession(false)).isNotNull(); assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)) - .isEqualTo(context); + .isEqualTo(context); } @Test @@ -626,7 +629,7 @@ public class HttpSessionSecurityContextRepositoryTests { repo.saveContext(context, request, response); assertThat(request.getSession(false)).isNotNull(); assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)) - .isEqualTo(context); + .isEqualTo(context); } @Test @@ -774,7 +777,7 @@ public class HttpSessionSecurityContextRepositoryTests { session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, emptyContext); repo.saveContext(emptyContext, request, response); Object attributeAfterSave = session - .getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY); + .getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY); assertThat(attributeAfterSave).isNull(); } @@ -796,7 +799,7 @@ public class HttpSessionSecurityContextRepositoryTests { SecurityContext context = createSecurityContext(PasswordEncodedUser.user()); repo.saveContext(context, request, response); Object savedContext = request.getSession() - .getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY); + .getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY); assertThat(savedContext).isEqualTo(context); } diff --git a/web/src/test/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepositoryTests.java index aa43ef9836..ef472caaf0 100644 --- a/web/src/test/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepositoryTests.java @@ -61,15 +61,15 @@ class RequestAttributeSecurityContextRepositoryTests { void saveContextAndLoadContextThenFound() { this.repository.saveContext(this.expectedSecurityContext, this.request, this.response); SecurityContext securityContext = this.repository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)); assertThat(securityContext).isEqualTo(this.expectedSecurityContext); } @Test void saveContextWhenLoadContextAndNewRequestThenNotFound() { this.repository.saveContext(this.expectedSecurityContext, this.request, this.response); - SecurityContext securityContext = this.repository.loadContext( - new HttpRequestResponseHolder(new MockHttpServletRequest(), new MockHttpServletResponse())); + SecurityContext securityContext = this.repository + .loadContext(new HttpRequestResponseHolder(new MockHttpServletRequest(), new MockHttpServletResponse())); assertThat(securityContext).isEqualTo(SecurityContextHolder.createEmptyContext()); } @@ -93,7 +93,7 @@ class RequestAttributeSecurityContextRepositoryTests { @Test void loadContextWhenNotPresentThenEmptyContext() { SecurityContext context = this.repository - .loadContext(new HttpRequestResponseHolder(this.request, this.response)); + .loadContext(new HttpRequestResponseHolder(this.request, this.response)); assertThat(context).isEqualTo(SecurityContextHolder.createEmptyContext()); } diff --git a/web/src/test/java/org/springframework/security/web/context/SecurityContextHolderFilterTests.java b/web/src/test/java/org/springframework/security/web/context/SecurityContextHolderFilterTests.java index 96c7de421f..ecc0cd1cfd 100644 --- a/web/src/test/java/org/springframework/security/web/context/SecurityContextHolderFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/context/SecurityContextHolderFilterTests.java @@ -88,9 +88,9 @@ class SecurityContextHolderFilterTests { Authentication authentication = TestAuthentication.authenticatedUser(); SecurityContext expectedContext = new SecurityContextImpl(authentication); given(this.repository.loadDeferredContext(this.requestArg.capture())) - .willReturn(new SupplierDeferredSecurityContext(() -> expectedContext, this.strategy)); + .willReturn(new SupplierDeferredSecurityContext(() -> expectedContext, this.strategy)); FilterChain filterChain = (request, response) -> assertThat(SecurityContextHolder.getContext()) - .isEqualTo(expectedContext); + .isEqualTo(expectedContext); this.filter.doFilter(this.request, this.response, filterChain); @@ -102,7 +102,7 @@ class SecurityContextHolderFilterTests { Authentication authentication = TestAuthentication.authenticatedUser(); SecurityContext expectedContext = new SecurityContextImpl(authentication); given(this.repository.loadDeferredContext(this.requestArg.capture())) - .willReturn(new SupplierDeferredSecurityContext(() -> expectedContext, this.strategy)); + .willReturn(new SupplierDeferredSecurityContext(() -> expectedContext, this.strategy)); FilterChain filterChain = (request, response) -> { }; @@ -125,8 +125,8 @@ class SecurityContextHolderFilterTests { @Test void doFilterWhenNotAppliedThenSetsAndRemovesAttribute() throws Exception { - given(this.repository.loadDeferredContext(this.requestArg.capture())).willReturn( - new SupplierDeferredSecurityContext(SecurityContextHolder::createEmptyContext, this.strategy)); + given(this.repository.loadDeferredContext(this.requestArg.capture())) + .willReturn(new SupplierDeferredSecurityContext(SecurityContextHolder::createEmptyContext, this.strategy)); this.filter.doFilter(this.request, this.response, new MockFilterChain()); @@ -143,9 +143,9 @@ class SecurityContextHolderFilterTests { Authentication authentication = TestAuthentication.authenticatedUser(); SecurityContext expectedContext = new SecurityContextImpl(authentication); given(this.repository.loadDeferredContext(this.requestArg.capture())) - .willReturn(new SupplierDeferredSecurityContext(() -> expectedContext, this.strategy)); + .willReturn(new SupplierDeferredSecurityContext(() -> expectedContext, this.strategy)); FilterChain filterChain = (request, response) -> assertThat(SecurityContextHolder.getContext()) - .isEqualTo(expectedContext); + .isEqualTo(expectedContext); this.filter.doFilter(this.request, this.response, filterChain); } diff --git a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java index d2aab14969..b0e1826feb 100644 --- a/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java @@ -94,7 +94,7 @@ public class WebAsyncManagerIntegrationFilterTests { @Override public void postProcess(NativeWebRequest request, Callable task, Object concurrentResult) { assertThat(SecurityContextHolder.getContext()) - .isNotSameAs(WebAsyncManagerIntegrationFilterTests.this.securityContext); + .isNotSameAs(WebAsyncManagerIntegrationFilterTests.this.securityContext); } }); this.filter.doFilterInternal(this.request, this.response, this.filterChain); @@ -111,7 +111,7 @@ public class WebAsyncManagerIntegrationFilterTests { @Override public void postProcess(NativeWebRequest request, Callable task, Object concurrentResult) { assertThat(SecurityContextHolder.getContext()) - .isNotSameAs(WebAsyncManagerIntegrationFilterTests.this.securityContext); + .isNotSameAs(WebAsyncManagerIntegrationFilterTests.this.securityContext); } }); this.filter.doFilterInternal(this.request, this.response, this.filterChain); diff --git a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java index 61bf47a57d..289107e422 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java @@ -222,7 +222,7 @@ public class CookieCsrfTokenRepositoryTests { public void loadToken() { CsrfToken generateToken = this.repository.generateToken(this.request); this.request - .setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, generateToken.getToken())); + .setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, generateToken.getToken())); CsrfToken loadToken = this.repository.loadToken(this.request); assertThat(loadToken).isNotNull(); assertThat(loadToken.getHeaderName()).isEqualTo(generateToken.getHeaderName()); @@ -267,7 +267,7 @@ public class CookieCsrfTokenRepositoryTests { public void loadDeferredTokenWhenExistsAndNullSavedThenGeneratedAndSaved() { CsrfToken generatedToken = this.repository.generateToken(this.request); this.request - .setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, generatedToken.getToken())); + .setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, generatedToken.getToken())); this.repository.saveToken(null, this.request, this.response); DeferredCsrfToken deferredCsrfToken = this.repository.loadDeferredToken(this.request, this.response); CsrfToken csrfToken = deferredCsrfToken.get(); @@ -280,7 +280,7 @@ public class CookieCsrfTokenRepositoryTests { public void loadDeferredTokenWhenExistsAndNullSavedAndNonNullSavedThenLoaded() { CsrfToken generatedToken = this.repository.generateToken(this.request); this.request - .setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, generatedToken.getToken())); + .setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, generatedToken.getToken())); this.repository.saveToken(null, this.request, this.response); this.repository.saveToken(generatedToken, this.request, this.response); DeferredCsrfToken deferredCsrfToken = this.repository.loadDeferredToken(this.request, this.response); @@ -293,7 +293,7 @@ public class CookieCsrfTokenRepositoryTests { public void loadDeferredTokenWhenExistsThenLoaded() { CsrfToken generatedToken = this.repository.generateToken(this.request); this.request - .setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, generatedToken.getToken())); + .setCookies(new Cookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, generatedToken.getToken())); DeferredCsrfToken deferredCsrfToken = this.repository.loadDeferredToken(this.request, this.response); CsrfToken csrfToken = deferredCsrfToken.get(); assertThatCsrfToken(csrfToken).isEqualTo(generatedToken); diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java index 734d01cd55..aa7ce68f10 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java @@ -78,14 +78,14 @@ public class CsrfAuthenticationStrategyTests { @Test public void setRequestHandlerWhenNullThenIllegalStateException() { assertThatIllegalArgumentException().isThrownBy(() -> this.strategy.setRequestHandler(null)) - .withMessage("requestHandler cannot be null"); + .withMessage("requestHandler cannot be null"); } @Test public void onAuthenticationWhenCustomRequestHandlerThenUsed() { given(this.csrfTokenRepository.loadToken(this.request)).willReturn(this.existingToken); given(this.csrfTokenRepository.loadDeferredToken(this.request, this.response)) - .willReturn(new TestDeferredCsrfToken(this.existingToken, false)); + .willReturn(new TestDeferredCsrfToken(this.existingToken, false)); CsrfTokenRequestHandler requestHandler = mock(CsrfTokenRequestHandler.class); this.strategy.setRequestHandler(requestHandler); @@ -101,7 +101,7 @@ public class CsrfAuthenticationStrategyTests { public void logoutRemovesCsrfTokenAndLoadsNewDeferredCsrfToken() { given(this.csrfTokenRepository.loadToken(this.request)).willReturn(this.existingToken); given(this.csrfTokenRepository.loadDeferredToken(this.request, this.response)) - .willReturn(new TestDeferredCsrfToken(this.generatedToken, false)); + .willReturn(new TestDeferredCsrfToken(this.generatedToken, false)); this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request, this.response); verify(this.csrfTokenRepository).loadToken(this.request); diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java index 68875e05a8..b32490b36f 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java @@ -275,7 +275,7 @@ public class CsrfFilterTests { for (String method : Arrays.asList("GET", "TRACE", "OPTIONS", "HEAD")) { resetRequestResponse(); given(this.tokenRepository.loadDeferredToken(this.request, this.response)) - .willReturn(new TestDeferredCsrfToken(this.token, false)); + .willReturn(new TestDeferredCsrfToken(this.token, false)); this.request.setMethod(method); this.filter.doFilter(this.request, this.response, this.filterChain); verify(this.filterChain).doFilter(this.request, this.response); @@ -296,7 +296,7 @@ public class CsrfFilterTests { for (String method : Arrays.asList("get", "TrAcE", "oPTIOnS", "hEaD")) { resetRequestResponse(); given(this.tokenRepository.loadDeferredToken(this.request, this.response)) - .willReturn(new TestDeferredCsrfToken(this.token, false)); + .willReturn(new TestDeferredCsrfToken(this.token, false)); this.request.setMethod(method); this.filter.doFilter(this.request, this.response, this.filterChain); verify(this.deniedHandler).handle(eq(this.request), eq(this.response), @@ -312,7 +312,7 @@ public class CsrfFilterTests { for (String method : Arrays.asList("POST", "PUT", "PATCH", "DELETE", "INVALID")) { resetRequestResponse(); given(this.tokenRepository.loadDeferredToken(this.request, this.response)) - .willReturn(new TestDeferredCsrfToken(this.token, false)); + .willReturn(new TestDeferredCsrfToken(this.token, false)); this.request.setMethod(method); this.filter.doFilter(this.request, this.response, this.filterChain); verify(this.deniedHandler).handle(eq(this.request), eq(this.response), diff --git a/web/src/test/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandlerTests.java b/web/src/test/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandlerTests.java index 8e6db8eebb..69363439f2 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandlerTests.java @@ -54,8 +54,8 @@ public class CsrfTokenRequestAttributeHandlerTests { @Test public void handleWhenRequestIsNullThenThrowsIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.handler.handle(null, this.response, () -> this.token)) - .withMessage("request cannot be null"); + .isThrownBy(() -> this.handler.handle(null, this.response, () -> this.token)) + .withMessage("request cannot be null"); } @Test @@ -70,7 +70,7 @@ public class CsrfTokenRequestAttributeHandlerTests { @Test public void handleWhenCsrfTokenSupplierIsNullThenThrowsIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.handler.handle(this.request, this.response, null)) - .withMessage("deferredCsrfToken cannot be null"); + .withMessage("deferredCsrfToken cannot be null"); } @Test @@ -101,13 +101,13 @@ public class CsrfTokenRequestAttributeHandlerTests { @Test public void resolveCsrfTokenValueWhenRequestIsNullThenThrowsIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.handler.resolveCsrfTokenValue(null, this.token)) - .withMessage("request cannot be null"); + .withMessage("request cannot be null"); } @Test public void resolveCsrfTokenValueWhenCsrfTokenIsNullThenThrowsIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.handler.resolveCsrfTokenValue(this.request, null)) - .withMessage("csrfToken cannot be null"); + .withMessage("csrfToken cannot be null"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java b/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java index f17542d04c..0ad6cd6a56 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/DefaultCsrfTokenTests.java @@ -35,37 +35,37 @@ public class DefaultCsrfTokenTests { @Test public void constructorNullHeaderName() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultCsrfToken(null, this.parameterName, this.tokenValue)); + .isThrownBy(() -> new DefaultCsrfToken(null, this.parameterName, this.tokenValue)); } @Test public void constructorEmptyHeaderName() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultCsrfToken("", this.parameterName, this.tokenValue)); + .isThrownBy(() -> new DefaultCsrfToken("", this.parameterName, this.tokenValue)); } @Test public void constructorNullParameterName() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultCsrfToken(this.headerName, null, this.tokenValue)); + .isThrownBy(() -> new DefaultCsrfToken(this.headerName, null, this.tokenValue)); } @Test public void constructorEmptyParameterName() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultCsrfToken(this.headerName, "", this.tokenValue)); + .isThrownBy(() -> new DefaultCsrfToken(this.headerName, "", this.tokenValue)); } @Test public void constructorNullTokenValue() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultCsrfToken(this.headerName, this.parameterName, null)); + .isThrownBy(() -> new DefaultCsrfToken(this.headerName, this.parameterName, null)); } @Test public void constructorEmptyTokenValue() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DefaultCsrfToken(this.headerName, this.parameterName, "")); + .isThrownBy(() -> new DefaultCsrfToken(this.headerName, this.parameterName, "")); } } diff --git a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java index e25ec37bff..5bcac99d09 100644 --- a/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/csrf/LazyCsrfTokenRepositoryTests.java @@ -67,7 +67,7 @@ public class LazyCsrfTokenRepositoryTests { @Test public void generateTokenNullResponseAttribute() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.repository.generateToken(mock(HttpServletRequest.class))); + .isThrownBy(() -> this.repository.generateToken(mock(HttpServletRequest.class))); } @Test diff --git a/web/src/test/java/org/springframework/security/web/firewall/CompositeRequestRejectedHandlerTests.java b/web/src/test/java/org/springframework/security/web/firewall/CompositeRequestRejectedHandlerTests.java index ba98649c43..8a8a14eb8b 100644 --- a/web/src/test/java/org/springframework/security/web/firewall/CompositeRequestRejectedHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/firewall/CompositeRequestRejectedHandlerTests.java @@ -31,9 +31,10 @@ public class CompositeRequestRejectedHandlerTests { RequestRejectedException requestRejectedException = new RequestRejectedException("rejected"); CompositeRequestRejectedHandler handler = new CompositeRequestRejectedHandler( new DefaultRequestRejectedHandler()); - assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> handler - .handle(mock(HttpServletRequest.class), mock(HttpServletResponse.class), requestRejectedException)) - .withMessage("rejected"); + assertThatExceptionOfType(RequestRejectedException.class) + .isThrownBy(() -> handler.handle(mock(HttpServletRequest.class), mock(HttpServletResponse.class), + requestRejectedException)) + .withMessage("rejected"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java index 6372290c03..c7ce4d72f3 100644 --- a/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java +++ b/web/src/test/java/org/springframework/security/web/firewall/DefaultHttpFirewallTests.java @@ -37,10 +37,10 @@ public class DefaultHttpFirewallTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath(path); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> fw.getFirewalledRequest(request)); + .isThrownBy(() -> fw.getFirewalledRequest(request)); request.setPathInfo(path); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> fw.getFirewalledRequest(request)); + .isThrownBy(() -> fw.getFirewalledRequest(request)); } } diff --git a/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java b/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java index 1e668eb8b5..bf27c414cc 100644 --- a/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/firewall/DefaultRequestRejectedHandlerTests.java @@ -30,9 +30,10 @@ public class DefaultRequestRejectedHandlerTests { public void defaultRequestRejectedHandlerRethrowsTheException() throws Exception { RequestRejectedException requestRejectedException = new RequestRejectedException("rejected"); DefaultRequestRejectedHandler sut = new DefaultRequestRejectedHandler(); - assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> sut - .handle(mock(HttpServletRequest.class), mock(HttpServletResponse.class), requestRejectedException)) - .withMessage("rejected"); + assertThatExceptionOfType(RequestRejectedException.class) + .isThrownBy(() -> sut.handle(mock(HttpServletRequest.class), mock(HttpServletResponse.class), + requestRejectedException)) + .withMessage("rejected"); } } diff --git a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java index dedf238ad7..547e656df6 100644 --- a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java +++ b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java @@ -60,7 +60,7 @@ public class FirewalledResponseTests { @Test public void sendRedirectWhenHasCrlfThenThrowsException() throws Exception { assertThatIllegalArgumentException().isThrownBy(() -> this.fwResponse.sendRedirect("/theURL\r\nsomething")) - .withMessageContaining(CRLF_MESSAGE); + .withMessageContaining(CRLF_MESSAGE); } @Test @@ -78,15 +78,15 @@ public class FirewalledResponseTests { @Test public void addHeaderWhenHeaderValueHasCrlfThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.fwResponse.addHeader("foo", "abc\r\nContent-Length:100")) - .withMessageContaining(CRLF_MESSAGE); + .isThrownBy(() -> this.fwResponse.addHeader("foo", "abc\r\nContent-Length:100")) + .withMessageContaining(CRLF_MESSAGE); } @Test public void addHeaderWhenHeaderNameHasCrlfThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.fwResponse.addHeader("abc\r\nContent-Length:100", "bar")) - .withMessageContaining(CRLF_MESSAGE); + .isThrownBy(() -> this.fwResponse.addHeader("abc\r\nContent-Length:100", "bar")) + .withMessageContaining(CRLF_MESSAGE); } @Test @@ -115,14 +115,14 @@ public class FirewalledResponseTests { } }; assertThatIllegalArgumentException().isThrownBy(() -> this.fwResponse.addCookie(cookie)) - .withMessageContaining(CRLF_MESSAGE); + .withMessageContaining(CRLF_MESSAGE); } @Test public void addCookieWhenCookieValueContainsCrlfThenException() { Cookie cookie = new Cookie("foo", "foo\r\nbar"); assertThatIllegalArgumentException().isThrownBy(() -> this.fwResponse.addCookie(cookie)) - .withMessageContaining(CRLF_MESSAGE); + .withMessageContaining(CRLF_MESSAGE); } @Test @@ -130,7 +130,7 @@ public class FirewalledResponseTests { Cookie cookie = new Cookie("foo", "bar"); cookie.setPath("/foo\r\nbar"); assertThatIllegalArgumentException().isThrownBy(() -> this.fwResponse.addCookie(cookie)) - .withMessageContaining(CRLF_MESSAGE); + .withMessageContaining(CRLF_MESSAGE); } @Test @@ -138,7 +138,7 @@ public class FirewalledResponseTests { Cookie cookie = new Cookie("foo", "bar"); cookie.setDomain("foo\r\nbar"); assertThatIllegalArgumentException().isThrownBy(() -> this.fwResponse.addCookie(cookie)) - .withMessageContaining(CRLF_MESSAGE); + .withMessageContaining(CRLF_MESSAGE); } @Test @@ -146,7 +146,7 @@ public class FirewalledResponseTests { Cookie cookie = new Cookie("foo", "bar"); cookie.setComment("foo\r\nbar"); assertThatIllegalArgumentException().isThrownBy(() -> this.fwResponse.addCookie(cookie)) - .withMessageContaining(CRLF_MESSAGE); + .withMessageContaining(CRLF_MESSAGE); } @Test diff --git a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java index 1115a3bcd7..16b875ed53 100644 --- a/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java +++ b/web/src/test/java/org/springframework/security/web/firewall/StrictHttpFirewallTests.java @@ -46,7 +46,7 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenInvalidMethodThenThrowsRequestRejectedException() { this.request.setMethod("INVALID"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } // blocks XST attacks @@ -54,7 +54,7 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenTraceMethodThenThrowsRequestRejectedException() { this.request.setMethod(HttpMethod.TRACE.name()); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test @@ -62,7 +62,7 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenTrackMethodThenThrowsRequestRejectedException() { this.request.setMethod("TRACK"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test @@ -70,7 +70,7 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenLowercaseGetThenThrowsRequestRejectedException() { this.request.setMethod("get"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test @@ -95,7 +95,7 @@ public class StrictHttpFirewallTests { this.request = new MockHttpServletRequest("GET", ""); this.request.setRequestURI(path); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } } @@ -105,7 +105,7 @@ public class StrictHttpFirewallTests { this.request = new MockHttpServletRequest("GET", ""); this.request.setContextPath(path); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } } @@ -115,7 +115,7 @@ public class StrictHttpFirewallTests { this.request = new MockHttpServletRequest("GET", ""); this.request.setServletPath(path); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } } @@ -125,7 +125,7 @@ public class StrictHttpFirewallTests { this.request = new MockHttpServletRequest("GET", ""); this.request.setPathInfo(path); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } } @@ -133,84 +133,84 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenSemicolonInContextPathThenThrowsRequestRejectedException() { this.request.setContextPath(";/context"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenSemicolonInServletPathThenThrowsRequestRejectedException() { this.request.setServletPath("/spring;/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenSemicolonInPathInfoThenThrowsRequestRejectedException() { this.request.setPathInfo("/path;/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenSemicolonInRequestUriThenThrowsRequestRejectedException() { this.request.setRequestURI("/path;/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenEncodedSemicolonInContextPathThenThrowsRequestRejectedException() { this.request.setContextPath("%3B/context"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenEncodedSemicolonInServletPathThenThrowsRequestRejectedException() { this.request.setServletPath("/spring%3B/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenEncodedSemicolonInPathInfoThenThrowsRequestRejectedException() { this.request.setPathInfo("/path%3B/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenEncodedSemicolonInRequestUriThenThrowsRequestRejectedException() { this.request.setRequestURI("/path%3B/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenLowercaseEncodedSemicolonInContextPathThenThrowsRequestRejectedException() { this.request.setContextPath("%3b/context"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenLowercaseEncodedSemicolonInServletPathThenThrowsRequestRejectedException() { this.request.setServletPath("/spring%3b/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenLowercaseEncodedSemicolonInPathInfoThenThrowsRequestRejectedException() { this.request.setPathInfo("/path%3b/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenLowercaseEncodedSemicolonInRequestUriThenThrowsRequestRejectedException() { this.request.setRequestURI("/path%3b/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test @@ -307,14 +307,14 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenEncodedPeriodInThenThrowsRequestRejectedException() { this.request.setRequestURI("/%2E/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenLowercaseEncodedPeriodInThenThrowsRequestRejectedException() { this.request.setRequestURI("/%2e/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test @@ -328,7 +328,7 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenExceedsLowerboundAsciiThenException() { this.request.setRequestURI("/\u0019"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test @@ -353,91 +353,91 @@ public class StrictHttpFirewallTests { public void getFirewalledRequestWhenExceedsUpperboundAsciiThenException() { this.request.setRequestURI("/\u007f"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenContainsNullThenException() { this.request.setRequestURI("/\0"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenContainsEncodedNullThenException() { this.request.setRequestURI("/something%00/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenContainsLowercaseEncodedLineFeedThenException() { this.request.setRequestURI("/something%0a/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenContainsUppercaseEncodedLineFeedThenException() { this.request.setRequestURI("/something%0A/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenContainsLineFeedThenException() { this.request.setRequestURI("/something\n/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenServletPathContainsLineFeedThenException() { this.request.setServletPath("/something\n/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenContainsLowercaseEncodedCarriageReturnThenException() { this.request.setRequestURI("/something%0d/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenContainsUppercaseEncodedCarriageReturnThenException() { this.request.setRequestURI("/something%0D/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenContainsCarriageReturnThenException() { this.request.setRequestURI("/something\r/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenServletPathContainsCarriageReturnThenException() { this.request.setServletPath("/something\r/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenServletPathContainsLineSeparatorThenException() { this.request.setServletPath("/something\u2028/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test public void getFirewalledRequestWhenServletPathContainsParagraphSeparatorThenException() { this.request.setServletPath("/something\u2029/"); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test @@ -461,7 +461,7 @@ public class StrictHttpFirewallTests { // Expected an error because the line feed is decoded in an encoded part of the // URL assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test @@ -492,7 +492,7 @@ public class StrictHttpFirewallTests { // Expected an error because the carriage return is decoded in an encoded part of // the URL assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test @@ -528,7 +528,7 @@ public class StrictHttpFirewallTests { this.request.setServletPath(""); this.request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test @@ -538,7 +538,7 @@ public class StrictHttpFirewallTests { this.request.setServletPath(""); this.request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test @@ -714,7 +714,7 @@ public class StrictHttpFirewallTests { this.request.addHeader("Host", "example.org"); this.firewall.setAllowedHostnames((hostname) -> hostname.equals("myexample.org")); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); + .isThrownBy(() -> this.firewall.getFirewalledRequest(this.request)); } @Test @@ -772,7 +772,7 @@ public class StrictHttpFirewallTests { this.request.addHeader("Bad\0Name", "some value"); HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> request.getHeaderNames().nextElement()); + .isThrownBy(() -> request.getHeaderNames().nextElement()); } @Test @@ -794,7 +794,7 @@ public class StrictHttpFirewallTests { this.request.addHeader("Something", "bad\0value"); HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> request.getHeaders("Something").nextElement()); + .isThrownBy(() -> request.getHeaders("Something").nextElement()); } @Test @@ -831,7 +831,7 @@ public class StrictHttpFirewallTests { this.request.addParameter("Something", "bad value"); HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> request.getParameterValues("Something")); + .isThrownBy(() -> request.getParameterValues("Something")); } @Test @@ -840,7 +840,7 @@ public class StrictHttpFirewallTests { this.request.addParameter("bad name", "good value"); HttpServletRequest request = this.firewall.getFirewalledRequest(this.request); assertThatExceptionOfType(RequestRejectedException.class) - .isThrownBy(() -> request.getParameterValues("bad name")); + .isThrownBy(() -> request.getParameterValues("bad name")); } // gh-9598 diff --git a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java index 91b476b1a7..1f10c26f9b 100644 --- a/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/HeaderWriterFilterTests.java @@ -78,7 +78,7 @@ public class HeaderWriterFilterTests { verify(this.writer1).writeHeaders(request, response); verify(this.writer2).writeHeaders(request, response); HeaderWriterFilter.HeaderWriterRequest wrappedRequest = (HeaderWriterFilter.HeaderWriterRequest) filterChain - .getRequest(); + .getRequest(); assertThat(wrappedRequest.getRequest()).isEqualTo(request); // verify the // filterChain // continued @@ -121,7 +121,7 @@ public class HeaderWriterFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); filter.doFilter(request, response, (request1, response1) -> verify(HeaderWriterFilterTests.this.writer1) - .writeHeaders(any(HttpServletRequest.class), any(HttpServletResponse.class))); + .writeHeaders(any(HttpServletRequest.class), any(HttpServletResponse.class))); verifyNoMoreInteractions(this.writer1); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java index 906c96f4b2..fd7c8feae0 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java @@ -49,7 +49,7 @@ public class CacheControlHeadersWriterTests { this.writer.writeHeaders(this.request, this.response); assertThat(this.response.getHeaderNames().size()).isEqualTo(3); assertThat(this.response.getHeaderValues("Cache-Control")) - .containsOnly("no-cache, no-store, max-age=0, must-revalidate"); + .containsOnly("no-cache, no-store, max-age=0, must-revalidate"); assertThat(this.response.getHeaderValues("Pragma")).containsOnly("no-cache"); assertThat(this.response.getHeaderValues("Expires")).containsOnly("0"); } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java index 3c8f8cd26c..01ce16ba1e 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/ClearSiteDataHeaderWriterTests.java @@ -49,7 +49,7 @@ public class ClearSiteDataHeaderWriterTests { @Test public void createInstanceWhenMissingSourceThenThrowsException() { assertThatExceptionOfType(Exception.class).isThrownBy(() -> new ClearSiteDataHeaderWriter()) - .withMessage("directives cannot be empty or null"); + .withMessage("directives cannot be empty or null"); } @Test @@ -73,7 +73,7 @@ public class ClearSiteDataHeaderWriterTests { Directive.STORAGE, Directive.EXECUTION_CONTEXTS); headerWriter.writeHeaders(this.request, this.response); assertThat(this.response.getHeader(HEADER_NAME)) - .isEqualTo("\"cache\", \"cookies\", \"storage\", \"executionContexts\""); + .isEqualTo("\"cache\", \"cookies\", \"storage\", \"executionContexts\""); } } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CrossOriginEmbedderPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CrossOriginEmbedderPolicyHeaderWriterTests.java index 0b90c57dea..a25bc705fc 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/CrossOriginEmbedderPolicyHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/CrossOriginEmbedderPolicyHeaderWriterTests.java @@ -45,7 +45,7 @@ class CrossOriginEmbedderPolicyHeaderWriterTests { @Test void setEmbedderPolicyWhenNullEmbedderPolicyThenThrowsIllegalArgument() { assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setPolicy(null)) - .withMessage("embedderPolicy cannot be null"); + .withMessage("embedderPolicy cannot be null"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CrossOriginOpenerPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CrossOriginOpenerPolicyHeaderWriterTests.java index 863351bb8b..7419909cc1 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/CrossOriginOpenerPolicyHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/CrossOriginOpenerPolicyHeaderWriterTests.java @@ -45,7 +45,7 @@ class CrossOriginOpenerPolicyHeaderWriterTests { @Test void setOpenerPolicyWhenNullOpenerPolicyThenThrowsIllegalArgument() { assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setPolicy(null)) - .withMessage("openerPolicy cannot be null"); + .withMessage("openerPolicy cannot be null"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CrossOriginResourcePolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CrossOriginResourcePolicyHeaderWriterTests.java index 14b8f04a03..eea093a8e8 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/CrossOriginResourcePolicyHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/CrossOriginResourcePolicyHeaderWriterTests.java @@ -45,7 +45,7 @@ class CrossOriginResourcePolicyHeaderWriterTests { @Test void setResourcePolicyWhenNullThenThrowsIllegalArgument() { assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setPolicy(null)) - .withMessage("resourcePolicy cannot be null"); + .withMessage("resourcePolicy cannot be null"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java index 442bcd3748..7f75397360 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriterTests.java @@ -61,13 +61,13 @@ public class DelegatingRequestMatcherHeaderWriterTests { @Test public void constructorNullRequestMatcher() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingRequestMatcherHeaderWriter(null, this.delegate)); + .isThrownBy(() -> new DelegatingRequestMatcherHeaderWriter(null, this.delegate)); } @Test public void constructorNullDelegate() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingRequestMatcherHeaderWriter(this.matcher, null)); + .isThrownBy(() -> new DelegatingRequestMatcherHeaderWriter(this.matcher, null)); } @Test diff --git a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java index 08e073a005..2ee461a39c 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/FeaturePolicyHeaderWriterTests.java @@ -60,13 +60,13 @@ public class FeaturePolicyHeaderWriterTests { @Test public void createWriterWithNullDirectivesShouldThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> new FeaturePolicyHeaderWriter(null)) - .withMessage("policyDirectives must not be null or empty"); + .withMessage("policyDirectives must not be null or empty"); } @Test public void createWriterWithEmptyDirectivesShouldThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> new FeaturePolicyHeaderWriter("")) - .withMessage("policyDirectives must not be null or empty"); + .withMessage("policyDirectives must not be null or empty"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java index 0046f7838c..7963ca7147 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/HpkpHeaderWriterTests.java @@ -70,7 +70,7 @@ public class HpkpHeaderWriterTests { this.writer.writeHeaders(this.request, this.response); assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")) - .isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); + .isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); } @Test @@ -80,7 +80,7 @@ public class HpkpHeaderWriterTests { this.writer.writeHeaders(this.request, this.response); assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")) - .isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); + .isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); } @Test @@ -109,7 +109,7 @@ public class HpkpHeaderWriterTests { this.writer.writeHeaders(this.request, this.response); assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins-Report-Only")) - .isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); + .isEqualTo("max-age=2592000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); } @Test @@ -127,7 +127,7 @@ public class HpkpHeaderWriterTests { this.writer.writeHeaders(this.request, this.response); assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Public-Key-Pins")) - .isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); + .isEqualTo("max-age=5184000 ; pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\""); } @Test @@ -175,7 +175,7 @@ public class HpkpHeaderWriterTests { @Test public void addSha256PinsWithNullPin() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", null)); + .isThrownBy(() -> this.writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", null)); } @Test diff --git a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java index 3b98e903fa..616e562827 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/HstsHeaderWriterTests.java @@ -73,7 +73,7 @@ public class HstsHeaderWriterTests { this.writer.writeHeaders(this.request, this.response); assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")) - .isEqualTo("max-age=15768000 ; includeSubDomains"); + .isEqualTo("max-age=15768000 ; includeSubDomains"); } @Test @@ -89,7 +89,7 @@ public class HstsHeaderWriterTests { this.writer.writeHeaders(this.request, this.response); assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")) - .isEqualTo("max-age=31536000 ; includeSubDomains"); + .isEqualTo("max-age=31536000 ; includeSubDomains"); } @Test @@ -122,7 +122,7 @@ public class HstsHeaderWriterTests { this.writer.writeHeaders(this.request, this.response); assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader("Strict-Transport-Security")) - .isEqualTo("max-age=31536000 ; includeSubDomains"); + .isEqualTo("max-age=31536000 ; includeSubDomains"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriterTests.java index e8176b6e92..1f00d03f44 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/PermissionsPolicyHeaderWriterTests.java @@ -59,13 +59,13 @@ public class PermissionsPolicyHeaderWriterTests { @Test public void createWriterWithNullPolicyShouldThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> new PermissionsPolicyHeaderWriter(null)) - .withMessage("policy can not be null or empty"); + .withMessage("policy can not be null or empty"); } @Test public void createWriterWithEmptyPolicyShouldThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> new PermissionsPolicyHeaderWriter("")) - .withMessage("policy can not be null or empty"); + .withMessage("policy can not be null or empty"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java index 9245ae0135..aac80d5325 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/XXssProtectionHeaderWriterTests.java @@ -121,7 +121,7 @@ public class XXssProtectionHeaderWriterTests { @Test public void setHeaderValueNullThenThrowsIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setHeaderValue(null)) - .withMessage("headerValue cannot be null"); + .withMessage("headerValue cannot be null"); } } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java index f955ef4dcc..27b47758b0 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/FrameOptionsHeaderWriterTests.java @@ -60,7 +60,7 @@ public class FrameOptionsHeaderWriterTests { @Test public void constructorAllowFromNoAllowFromStrategy() { assertThatIllegalArgumentException() - .isThrownBy(() -> new XFrameOptionsHeaderWriter(XFrameOptionsMode.ALLOW_FROM)); + .isThrownBy(() -> new XFrameOptionsHeaderWriter(XFrameOptionsMode.ALLOW_FROM)); } @Test @@ -83,7 +83,7 @@ public class FrameOptionsHeaderWriterTests { this.writer.writeHeaders(this.request, this.response); assertThat(this.response.getHeaderNames()).hasSize(1); assertThat(this.response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)) - .isEqualTo("ALLOW-FROM " + allowFromValue); + .isEqualTo("ALLOW-FROM " + allowFromValue); } @Test diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java index 5a80c9ebe7..40910b4611 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java @@ -63,14 +63,14 @@ public class DefaultCsrfTokenMixinTests extends AbstractMixinTests { public void defaultCsrfTokenDeserializeWithoutClassTest() throws IOException { String tokenJson = "{\"headerName\": \"csrf-header\", \"parameterName\": \"_csrf\", \"token\": \"1\"}"; assertThatExceptionOfType(JsonMappingException.class) - .isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class)); + .isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class)); } @Test public void defaultCsrfTokenDeserializeNullValuesTest() throws IOException { String tokenJson = "{\"@class\": \"org.springframework.security.web.csrf.DefaultCsrfToken\", \"headerName\": \"\", \"parameterName\": null, \"token\": \"1\"}"; assertThatExceptionOfType(JsonMappingException.class) - .isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class)); + .isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class)); } } diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java index f0dc2571a3..e77b61e65f 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java @@ -96,11 +96,17 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests { @Test public void matchRequestBuildWithConstructorAndBuilder() { DefaultSavedRequest request = new DefaultSavedRequest.Builder() - .setCookies(Collections.singletonList(new SavedCookie(new Cookie("SESSION", "123456789")))) - .setHeaders(Collections.singletonMap("x-auth-token", Collections.singletonList("12"))).setScheme("http") - .setRequestURL("http://localhost").setServerName("localhost").setRequestURI("") - .setLocales(Collections.singletonList(new Locale("en"))).setContextPath("").setMethod("") - .setServletPath("").build(); + .setCookies(Collections.singletonList(new SavedCookie(new Cookie("SESSION", "123456789")))) + .setHeaders(Collections.singletonMap("x-auth-token", Collections.singletonList("12"))) + .setScheme("http") + .setRequestURL("http://localhost") + .setServerName("localhost") + .setRequestURI("") + .setLocales(Collections.singletonList(new Locale("en"))) + .setContextPath("") + .setMethod("") + .setServletPath("") + .build(); MockHttpServletRequest mockRequest = new MockHttpServletRequest(); mockRequest.setCookies(new Cookie("SESSION", "123456789")); mockRequest.addHeader("x-auth-token", "12"); @@ -120,18 +126,24 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests { } }; String actualString = this.mapper.writerWithDefaultPrettyPrinter() - .writeValueAsString(new DefaultSavedRequest(requestToWrite, new PortResolverImpl())); + .writeValueAsString(new DefaultSavedRequest(requestToWrite, new PortResolverImpl())); JSONAssert.assertEquals(REQUEST_JSON, actualString, true); } @Test public void serializeDefaultRequestBuildWithBuilderTest() throws IOException, JSONException { DefaultSavedRequest request = new DefaultSavedRequest.Builder() - .setCookies(Collections.singletonList(new SavedCookie(new Cookie("SESSION", "123456789")))) - .setHeaders(Collections.singletonMap("x-auth-token", Collections.singletonList("12"))).setScheme("http") - .setRequestURL("http://localhost").setServerName("localhost").setRequestURI("") - .setLocales(Collections.singletonList(new Locale("en"))).setContextPath("").setMethod("") - .setServletPath("").build(); + .setCookies(Collections.singletonList(new SavedCookie(new Cookie("SESSION", "123456789")))) + .setHeaders(Collections.singletonMap("x-auth-token", Collections.singletonList("12"))) + .setScheme("http") + .setRequestURL("http://localhost") + .setServerName("localhost") + .setRequestURI("") + .setLocales(Collections.singletonList(new Locale("en"))) + .setContextPath("") + .setMethod("") + .setServletPath("") + .build(); String actualString = this.mapper.writerWithDefaultPrettyPrinter().writeValueAsString(request); JSONAssert.assertEquals(REQUEST_JSON, actualString, true); } @@ -149,7 +161,7 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests { @Test public void deserializeWhenMatchingRequestParameterNameThenRedirectUrlContainsParam() throws IOException { DefaultSavedRequest request = (DefaultSavedRequest) this.mapper - .readValue(REQUEST_WITH_MATCHING_REQUEST_PARAM_NAME_JSON, Object.class); + .readValue(REQUEST_WITH_MATCHING_REQUEST_PARAM_NAME_JSON, Object.class); assertThat(request.getRedirectUrl()).isEqualTo("http://localhost?success"); } diff --git a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java index 06f4bbfa9c..53e34cf4dd 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java @@ -67,7 +67,7 @@ public class SavedCookieMixinTests extends AbstractMixinTests { public void serializeWithOverrideConfigurationTest() throws JsonProcessingException, JSONException { SavedCookie savedCookie = new SavedCookie(new Cookie("SESSION", "123456789")); this.mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.PUBLIC_ONLY) - .setVisibility(PropertyAccessor.GETTER, JsonAutoDetect.Visibility.ANY); + .setVisibility(PropertyAccessor.GETTER, JsonAutoDetect.Visibility.ANY); String actualJson = this.mapper.writeValueAsString(savedCookie); JSONAssert.assertEquals(COOKIE_JSON, actualJson, true); } diff --git a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java index 00ad5c7657..834febc6ed 100644 --- a/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java +++ b/web/src/test/java/org/springframework/security/web/method/ResolvableMethod.java @@ -209,8 +209,9 @@ public final class ResolvableMethod { } private String formatMethod() { - return this.method().getName() + Arrays.stream(this.method.getParameters()).map(this::formatParameter) - .collect(Collectors.joining(",\n\t", "(\n\t", "\n)")); + return this.method().getName() + Arrays.stream(this.method.getParameters()) + .map(this::formatParameter) + .collect(Collectors.joining(",\n\t", "(\n\t", "\n)")); } private String formatParameter(Parameter param) { @@ -335,7 +336,7 @@ public final class ResolvableMethod { public final Builder annotPresent(Class... annotationTypes) { String message = "annotationPresent=" + Arrays.toString(annotationTypes); addFilter(message, (candidate) -> Arrays.stream(annotationTypes) - .allMatch((annotType) -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null)); + .allMatch((annotType) -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null)); return this; } @@ -347,8 +348,9 @@ public final class ResolvableMethod { String message = "annotationNotPresent=" + Arrays.toString(annotationTypes); addFilter(message, (candidate) -> { if (annotationTypes.length != 0) { - return Arrays.stream(annotationTypes).noneMatch( - (annotType) -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null); + return Arrays.stream(annotationTypes) + .noneMatch(( + annotType) -> AnnotatedElementUtils.findMergedAnnotation(candidate, annotType) != null); } else { return candidate.getAnnotations().length == 0; @@ -408,8 +410,9 @@ public final class ResolvableMethod { } private String formatMethods(Set methods) { - return "\nMatched:\n" + methods.stream().map(Method::toGenericString) - .collect(Collectors.joining(",\n\t", "[\n\t", "\n]")); + return "\nMatched:\n" + methods.stream() + .map(Method::toGenericString) + .collect(Collectors.joining(",\n\t", "[\n\t", "\n]")); } public ResolvableMethod mockCall(Consumer invoker) { @@ -483,8 +486,9 @@ public final class ResolvableMethod { } private String formatFilters() { - return this.filters.stream().map(Object::toString) - .collect(Collectors.joining(",\n\t\t", "[\n\t\t", "\n\t]")); + return this.filters.stream() + .map(Object::toString) + .collect(Collectors.joining(",\n\t\t", "[\n\t\t", "\n\t]")); } } diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java index daa15736bb..6b80024df5 100644 --- a/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java @@ -98,35 +98,35 @@ public class AuthenticationPrincipalArgumentResolverTests { public void resolveArgumentString() throws Exception { setAuthenticationPrincipal("john"); assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } @Test public void resolveArgumentPrincipalStringOnObject() throws Exception { setAuthenticationPrincipal("john"); assertThat(this.resolver.resolveArgument(showUserAnnotationObject(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } @Test public void resolveArgumentUserDetails() throws Exception { setAuthenticationPrincipal(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"))); assertThat(this.resolver.resolveArgument(showUserAnnotationUserDetails(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } @Test public void resolveArgumentCustomUserPrincipal() throws Exception { setAuthenticationPrincipal(new CustomUserPrincipal()); assertThat(this.resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } @Test public void resolveArgumentCustomAnnotation() throws Exception { setAuthenticationPrincipal(new CustomUserPrincipal()); assertThat(this.resolver.resolveArgument(showUserCustomAnnotation(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } @Test @@ -144,7 +144,7 @@ public class AuthenticationPrincipalArgumentResolverTests { given(this.beanResolver.resolve(any(), eq("test"))).willReturn(principal.property); this.expectedPrincipal = principal.property; assertThat(this.resolver.resolveArgument(showUserSpelBean(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); verify(this.beanResolver).resolve(any(), eq("test")); } @@ -163,7 +163,7 @@ public class AuthenticationPrincipalArgumentResolverTests { setAuthenticationPrincipal(principal); this.expectedPrincipal = principal.id; assertThat(this.resolver.resolveArgument(showUserSpelPrimitive(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } @Test @@ -175,22 +175,22 @@ public class AuthenticationPrincipalArgumentResolverTests { @Test public void resolveArgumentErrorOnInvalidType() throws Exception { setAuthenticationPrincipal(new CustomUserPrincipal()); - assertThatExceptionOfType(ClassCastException.class).isThrownBy( - () -> this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null)); + assertThatExceptionOfType(ClassCastException.class) + .isThrownBy(() -> this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null)); } @Test public void resolveArgumentCustomserErrorOnInvalidType() throws Exception { setAuthenticationPrincipal(new CustomUserPrincipal()); assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> this.resolver - .resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null)); + .resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null)); } @Test public void resolveArgumentObject() throws Exception { setAuthenticationPrincipal(new Object()); assertThat(this.resolver.resolveArgument(showUserAnnotationObject(), null, null, null)) - .isEqualTo(this.expectedPrincipal); + .isEqualTo(this.expectedPrincipal); } private MethodParameter showUserNoAnnotation() { @@ -249,7 +249,7 @@ public class AuthenticationPrincipalArgumentResolverTests { private void setAuthenticationPrincipal(Object principal) { this.expectedPrincipal = principal; SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken(this.expectedPrincipal, "password", "ROLE_USER")); } @Target({ ElementType.PARAMETER }) diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java index 7355531af8..fc86d22fa7 100644 --- a/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/method/annotation/CsrfTokenArgumentResolverTests.java @@ -78,14 +78,14 @@ public class CsrfTokenArgumentResolverTests { @Test public void resolveArgumentNotFound() throws Exception { assertThat(this.resolver.resolveArgument(token(), this.mavContainer, this.webRequest, this.binderFactory)) - .isNull(); + .isNull(); } @Test public void resolveArgumentFound() throws Exception { this.request.setAttribute(CsrfToken.class.getName(), this.token); assertThat(this.resolver.resolveArgument(token(), this.mavContainer, this.webRequest, this.binderFactory)) - .isSameAs(this.token); + .isSameAs(this.token); } private MethodParameter noToken() { diff --git a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java index 788b30ca97..f04b5269e5 100644 --- a/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java @@ -84,7 +84,7 @@ public class CurrentSecurityContextArgumentResolverTests { String principal = "custom_security_context"; setAuthenticationPrincipalWithCustomSecurityContext(principal); CustomSecurityContext customSecurityContext = (CustomSecurityContext) this.resolver - .resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null); + .resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null); assertThat(customSecurityContext.getAuthentication().getPrincipal()).isEqualTo(principal); } @@ -93,7 +93,7 @@ public class CurrentSecurityContextArgumentResolverTests { String principal = "custom_security_context_type_match"; setAuthenticationPrincipalWithCustomSecurityContext(principal); CustomSecurityContext customSecurityContext = (CustomSecurityContext) this.resolver - .resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null); + .resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null); assertThat(customSecurityContext.getAuthentication().getPrincipal()).isEqualTo(principal); } @@ -103,7 +103,7 @@ public class CurrentSecurityContextArgumentResolverTests { Authentication authentication = context.getAuthentication(); context.setAuthentication(null); assertThat(this.resolver.resolveArgument(showSecurityContextAuthenticationAnnotation(), null, null, null)) - .isNull(); + .isNull(); context.setAuthentication(authentication); } @@ -112,7 +112,7 @@ public class CurrentSecurityContextArgumentResolverTests { String principal = "john"; setAuthenticationPrincipal(principal); Authentication auth1 = (Authentication) this.resolver - .resolveArgument(showSecurityContextAuthenticationAnnotation(), null, null, null); + .resolveArgument(showSecurityContextAuthenticationAnnotation(), null, null, null); assertThat(auth1.getPrincipal()).isEqualTo(principal); } @@ -121,7 +121,7 @@ public class CurrentSecurityContextArgumentResolverTests { String principal = "john"; given(this.beanResolver.resolve(any(), eq("test"))).willReturn(principal); assertThat(this.resolver.resolveArgument(showSecurityContextAuthenticationWithBean(), null, null, null)) - .isEqualTo(principal); + .isEqualTo(principal); verify(this.beanResolver).resolve(any(), eq("test")); } @@ -131,7 +131,7 @@ public class CurrentSecurityContextArgumentResolverTests { Authentication authentication = context.getAuthentication(); context.setAuthentication(null); assertThatExceptionOfType(SpelEvaluationException.class).isThrownBy(() -> this.resolver - .resolveArgument(showSecurityContextAuthenticationWithPrincipal(), null, null, null)); + .resolveArgument(showSecurityContextAuthenticationWithPrincipal(), null, null, null)); context.setAuthentication(authentication); } @@ -151,7 +151,7 @@ public class CurrentSecurityContextArgumentResolverTests { String principal = "smith"; setAuthenticationPrincipal(principal); String principalResult = (String) this.resolver - .resolveArgument(showSecurityContextAuthenticationWithPrincipal(), null, null, null); + .resolveArgument(showSecurityContextAuthenticationWithPrincipal(), null, null, null); assertThat(principalResult).isEqualTo(principal); } @@ -167,7 +167,7 @@ public class CurrentSecurityContextArgumentResolverTests { String principal = "invalid_type_implicit"; setAuthenticationPrincipal(principal); assertThat(this.resolver.resolveArgument(showSecurityContextErrorOnInvalidTypeImplicit(), null, null, null)) - .isNull(); + .isNull(); } @Test @@ -175,7 +175,7 @@ public class CurrentSecurityContextArgumentResolverTests { String principal = "invalid_type_false"; setAuthenticationPrincipal(principal); assertThat(this.resolver.resolveArgument(showSecurityContextErrorOnInvalidTypeFalse(), null, null, null)) - .isNull(); + .isNull(); } @Test @@ -203,13 +203,13 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void metaAnnotationWhenCurrentSecurityWithErrorOnInvalidTypeThenInjectSecurityContext() { assertThat(this.resolver.resolveArgument(showCurrentSecurityWithErrorOnInvalidType(), null, null, null)) - .isNotNull(); + .isNotNull(); } @Test public void metaAnnotationWhenCurrentSecurityWithErrorOnInvalidTypeThenMisMatch() { assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> this.resolver - .resolveArgument(showCurrentSecurityWithErrorOnInvalidTypeMisMatch(), null, null, null)); + .resolveArgument(showCurrentSecurityWithErrorOnInvalidTypeMisMatch(), null, null, null)); } private MethodParameter showSecurityContextNoAnnotation() { @@ -283,7 +283,7 @@ public class CurrentSecurityContextArgumentResolverTests { private void setAuthenticationPrincipal(Object principal) { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken(principal, "password", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken(principal, "password", "ROLE_USER")); } private void setAuthenticationPrincipalWithCustomSecurityContext(Object principal) { diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java index 6b52dc857b..210081f9e5 100644 --- a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java @@ -97,7 +97,7 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = this.authenticationPrincipal.arg(String.class); given(this.authentication.getPrincipal()).willReturn("user"); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); assertThat(argument.block()).isEqualTo(this.authentication.getPrincipal()); } @@ -114,17 +114,19 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = this.authenticationPrincipal.arg(Mono.class, String.class); given(this.authentication.getPrincipal()).willReturn("user"); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); assertThat(argument.cast(Mono.class).block().block()).isEqualTo(this.authentication.getPrincipal()); } @Test public void resolveArgumentWhenMonoIsAuthenticationAndNoGenericThenObtainsPrincipal() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("authenticationPrincipalNoGeneric").build() - .arg(Mono.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("authenticationPrincipalNoGeneric") + .build() + .arg(Mono.class); given(this.authentication.getPrincipal()).willReturn("user"); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); assertThat(argument.cast(Mono.class).block().block()).isEqualTo(this.authentication.getPrincipal()); } @@ -134,7 +136,7 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = this.spel.arg(Long.class); given(this.authentication.getPrincipal()).willReturn(user); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); assertThat(argument.block()).isEqualTo(user.getId()); } @@ -144,7 +146,7 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = this.spelPrimitive.arg(int.class); given(this.authentication.getPrincipal()).willReturn(user); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); assertThat(argument.block()).isEqualTo(user.getId()); } @@ -155,7 +157,7 @@ public class AuthenticationPrincipalArgumentResolverTests { given(this.authentication.getPrincipal()).willReturn(user); given(this.beanResolver.resolve(any(), eq("beanName"))).willReturn(new Bean()); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); assertThat(argument.block()).isEqualTo(user.getId()); } @@ -164,37 +166,43 @@ public class AuthenticationPrincipalArgumentResolverTests { MethodParameter parameter = this.meta.arg(String.class); given(this.authentication.getPrincipal()).willReturn("user"); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); assertThat(argument.block()).isEqualTo("user"); } @Test public void resolveArgumentWhenErrorOnInvalidTypeImplicit() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenImplicit").build() - .arg(Integer.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("errorOnInvalidTypeWhenImplicit") + .build() + .arg(Integer.class); given(this.authentication.getPrincipal()).willReturn("user"); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); assertThat(argument.block()).isNull(); } @Test public void resolveArgumentWhenErrorOnInvalidTypeExplicitFalse() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitFalse").build() - .arg(Integer.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("errorOnInvalidTypeWhenExplicitFalse") + .build() + .arg(Integer.class); given(this.authentication.getPrincipal()).willReturn("user"); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); assertThat(argument.block()).isNull(); } @Test public void resolveArgumentWhenErrorOnInvalidTypeExplicitTrue() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitTrue").build() - .arg(Integer.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("errorOnInvalidTypeWhenExplicitTrue") + .build() + .arg(Integer.class); given(this.authentication.getPrincipal()).willReturn("user"); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.authentication)); assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> argument.block()); } diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java index 3971a4fbee..07a47e5c99 100644 --- a/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolverTests.java @@ -70,7 +70,8 @@ public class CurrentSecurityContextArgumentResolverTests { ResolvableMethod securityContextMethod = ResolvableMethod.on(getClass()).named("securityContext").build(); ResolvableMethod securityContextWithAuthentication = ResolvableMethod.on(getClass()) - .named("securityContextWithAuthentication").build(); + .named("securityContextWithAuthentication") + .build(); CurrentSecurityContextArgumentResolver resolver; @@ -83,20 +84,21 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void supportsParameterCurrentSecurityContext() { assertThat(this.resolver.supportsParameter(this.securityContextMethod.arg(Mono.class, SecurityContext.class))) - .isTrue(); + .isTrue(); } @Test public void supportsParameterWithAuthentication() { assertThat(this.resolver - .supportsParameter(this.securityContextWithAuthentication.arg(Mono.class, Authentication.class))) - .isTrue(); + .supportsParameter(this.securityContextWithAuthentication.arg(Mono.class, Authentication.class))).isTrue(); } @Test public void resolveArgumentWithNullSecurityContext() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContext").build().arg(Mono.class, - SecurityContext.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("securityContext") + .build() + .arg(Mono.class, SecurityContext.class); Context context = ReactiveSecurityContextHolder.withSecurityContext(Mono.empty()); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); Object obj = argument.subscriberContext(context).block(); @@ -106,47 +108,61 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void resolveArgumentWithSecurityContext() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContext").build().arg(Mono.class, - SecurityContext.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("securityContext") + .build() + .arg(Mono.class, SecurityContext.class); Authentication auth = buildAuthenticationWithPrincipal("hello"); Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); - SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context).cast(Mono.class).block() - .block(); + SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context) + .cast(Mono.class) + .block() + .block(); assertThat(securityContext.getAuthentication()).isSameAs(auth); ReactiveSecurityContextHolder.clearContext(); } @Test public void resolveArgumentWithCustomSecurityContext() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("customSecurityContext").build() - .arg(Mono.class, SecurityContext.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("customSecurityContext") + .build() + .arg(Mono.class, SecurityContext.class); Authentication auth = buildAuthenticationWithPrincipal("hello"); Context context = ReactiveSecurityContextHolder.withSecurityContext(Mono.just(new CustomSecurityContext(auth))); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); CustomSecurityContext securityContext = (CustomSecurityContext) argument.subscriberContext(context) - .cast(Mono.class).block().block(); + .cast(Mono.class) + .block() + .block(); assertThat(securityContext.getAuthentication()).isSameAs(auth); ReactiveSecurityContextHolder.clearContext(); } @Test public void resolveArgumentWithNullAuthentication1() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContext").build().arg(Mono.class, - SecurityContext.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("securityContext") + .build() + .arg(Mono.class, SecurityContext.class); Authentication auth = null; Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); - SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context).cast(Mono.class).block() - .block(); + SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context) + .cast(Mono.class) + .block() + .block(); assertThat(securityContext.getAuthentication()).isNull(); ReactiveSecurityContextHolder.clearContext(); } @Test public void resolveArgumentWithNullAuthentication2() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithAuthentication").build() - .arg(Mono.class, Authentication.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("securityContextWithAuthentication") + .build() + .arg(Mono.class, Authentication.class); Authentication auth = null; Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); @@ -157,8 +173,10 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void resolveArgumentWithAuthentication1() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithAuthentication").build() - .arg(Mono.class, Authentication.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("securityContextWithAuthentication") + .build() + .arg(Mono.class, Authentication.class); Authentication auth = buildAuthenticationWithPrincipal("authentication1"); Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); @@ -169,8 +187,10 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void resolveArgumentWithNullAuthenticationOptional1() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithDepthPropOptional") - .build().arg(Mono.class, Object.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("securityContextWithDepthPropOptional") + .build() + .arg(Mono.class, Object.class); Authentication auth = null; Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); @@ -181,8 +201,10 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void resolveArgumentWithAuthenticationOptional1() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithDepthPropOptional") - .build().arg(Mono.class, Object.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("securityContextWithDepthPropOptional") + .build() + .arg(Mono.class, Object.class); Authentication auth = buildAuthenticationWithPrincipal("auth_optional"); Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); @@ -193,20 +215,24 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void resolveArgumentWithNullDepthProp1() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithDepthProp").build() - .arg(Mono.class, Object.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("securityContextWithDepthProp") + .build() + .arg(Mono.class, Object.class); Authentication auth = null; Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); assertThatExceptionOfType(SpelEvaluationException.class) - .isThrownBy(() -> argument.subscriberContext(context).block()); + .isThrownBy(() -> argument.subscriberContext(context).block()); ReactiveSecurityContextHolder.clearContext(); } @Test public void resolveArgumentWithStringDepthProp() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContextWithDepthStringProp").build() - .arg(Mono.class, String.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("securityContextWithDepthStringProp") + .build() + .arg(Mono.class, String.class); Authentication auth = buildAuthenticationWithPrincipal("auth_string"); Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); @@ -217,8 +243,10 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void resolveArgumentWhenErrorOnInvalidTypeImplicit() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenImplicit").build() - .arg(Mono.class, String.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("errorOnInvalidTypeWhenImplicit") + .build() + .arg(Mono.class, String.class); Authentication auth = buildAuthenticationWithPrincipal("invalid_type_implicit"); Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); @@ -229,8 +257,10 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void resolveArgumentErrorOnInvalidTypeWhenExplicitFalse() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitFalse").build() - .arg(Mono.class, String.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("errorOnInvalidTypeWhenExplicitFalse") + .build() + .arg(Mono.class, String.class); Authentication auth = buildAuthenticationWithPrincipal("error_on_invalid_type_explicit_false"); Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); @@ -241,51 +271,65 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void resolveArgumentErrorOnInvalidTypeWhenExplicitTrue() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("errorOnInvalidTypeWhenExplicitTrue").build() - .arg(Mono.class, String.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("errorOnInvalidTypeWhenExplicitTrue") + .build() + .arg(Mono.class, String.class); Authentication auth = buildAuthenticationWithPrincipal("error_on_invalid_type_explicit_true"); Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); assertThatExceptionOfType(ClassCastException.class) - .isThrownBy(() -> argument.subscriberContext(context).block()); + .isThrownBy(() -> argument.subscriberContext(context).block()); ReactiveSecurityContextHolder.clearContext(); } @Test public void metaAnnotationWhenDefaultSecurityContextThenInjectSecurityContext() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("currentCustomSecurityContext").build() - .arg(Mono.class, SecurityContext.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("currentCustomSecurityContext") + .build() + .arg(Mono.class, SecurityContext.class); Authentication auth = buildAuthenticationWithPrincipal("current_custom_security_context"); Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); - SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context).cast(Mono.class).block() - .block(); + SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context) + .cast(Mono.class) + .block() + .block(); assertThat(securityContext.getAuthentication()).isSameAs(auth); ReactiveSecurityContextHolder.clearContext(); } @Test public void metaAnnotationWhenCurrentAuthenticationThenInjectAuthentication() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("currentAuthentication").build() - .arg(Mono.class, Authentication.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("currentAuthentication") + .build() + .arg(Mono.class, Authentication.class); Authentication auth = buildAuthenticationWithPrincipal("current_authentication"); Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); - Authentication authentication = (Authentication) argument.subscriberContext(context).cast(Mono.class).block() - .block(); + Authentication authentication = (Authentication) argument.subscriberContext(context) + .cast(Mono.class) + .block() + .block(); assertThat(authentication).isSameAs(auth); ReactiveSecurityContextHolder.clearContext(); } @Test public void metaAnnotationWhenCurrentSecurityWithErrorOnInvalidTypeThenInjectSecurityContext() { - MethodParameter parameter = ResolvableMethod.on(getClass()).named("currentSecurityWithErrorOnInvalidType") - .build().arg(Mono.class, SecurityContext.class); + MethodParameter parameter = ResolvableMethod.on(getClass()) + .named("currentSecurityWithErrorOnInvalidType") + .build() + .arg(Mono.class, SecurityContext.class); Authentication auth = buildAuthenticationWithPrincipal("current_security_with_error_on_invalid_type"); Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); - SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context).cast(Mono.class).block() - .block(); + SecurityContext securityContext = (SecurityContext) argument.subscriberContext(context) + .cast(Mono.class) + .block() + .block(); assertThat(securityContext.getAuthentication()).isSameAs(auth); ReactiveSecurityContextHolder.clearContext(); } @@ -293,12 +337,14 @@ public class CurrentSecurityContextArgumentResolverTests { @Test public void metaAnnotationWhenCurrentSecurityWithErrorOnInvalidTypeThenMisMatch() { MethodParameter parameter = ResolvableMethod.on(getClass()) - .named("currentSecurityWithErrorOnInvalidTypeMisMatch").build().arg(Mono.class, String.class); + .named("currentSecurityWithErrorOnInvalidTypeMisMatch") + .build() + .arg(Mono.class, String.class); Authentication auth = buildAuthenticationWithPrincipal("current_security_with_error_on_invalid_type_mismatch"); Context context = ReactiveSecurityContextHolder.withAuthentication(auth); Mono argument = this.resolver.resolveArgument(parameter, this.bindingContext, this.exchange); assertThatExceptionOfType(ClassCastException.class) - .isThrownBy(() -> argument.subscriberContext(context).cast(Mono.class).block().block()); + .isThrownBy(() -> argument.subscriberContext(context).cast(Mono.class).block().block()); ReactiveSecurityContextHolder.clearContext(); } diff --git a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java index d5e969812b..a4dcf153a8 100644 --- a/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessorTests.java @@ -58,8 +58,8 @@ public class CsrfRequestDataValueProcessorTests { for (Method expected : expectedMethods) { assertThat(ReflectionUtils.findMethod(CsrfRequestDataValueProcessor.class, expected.getName(), expected.getParameterTypes())) - .as("Expected to find " + expected + " defined on " + CsrfRequestDataValueProcessor.class) - .isNotNull(); + .as("Expected to find " + expected + " defined on " + CsrfRequestDataValueProcessor.class) + .isNotNull(); } } diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java index ffe4c874ba..b317cef6a0 100644 --- a/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java @@ -77,8 +77,9 @@ public class HttpSessionRequestCacheTests { HttpSessionRequestCache cache = new HttpSessionRequestCache() { @Override public void saveRequest(HttpServletRequest request, HttpServletResponse response) { - request.getSession().setAttribute(SAVED_REQUEST, - new CustomSavedRequest(new DefaultSavedRequest(request, new PortResolverImpl()))); + request.getSession() + .setAttribute(SAVED_REQUEST, + new CustomSavedRequest(new DefaultSavedRequest(request, new PortResolverImpl()))); } }; cache.saveRequest(request, response); diff --git a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java index 6a19069bdc..b9994de7be 100644 --- a/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/server/DefaultServerRedirectStrategyTests.java @@ -76,7 +76,7 @@ public class DefaultServerRedirectStrategyTests { this.strategy.sendRedirect(this.exchange, this.location).block(); assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()) - .hasPath("/context" + this.location.getPath()); + .hasPath("/context" + this.location.getPath()); } @Test diff --git a/web/src/test/java/org/springframework/security/web/server/ExchangeMatcherRedirectWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/ExchangeMatcherRedirectWebFilterTests.java index 1bbdd962d4..ad9a139814 100644 --- a/web/src/test/java/org/springframework/security/web/server/ExchangeMatcherRedirectWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/ExchangeMatcherRedirectWebFilterTests.java @@ -42,8 +42,13 @@ public class ExchangeMatcherRedirectWebFilterTests { Collections.singletonList(filter)); WebTestClient client = WebTestClient.bindToWebHandler(handler).build(); - client.get().uri("/context").exchange().expectStatus().isFound().expectHeader() - .valueEquals(HttpHeaders.LOCATION, "/test"); + client.get() + .uri("/context") + .exchange() + .expectStatus() + .isFound() + .expectHeader() + .valueEquals(HttpHeaders.LOCATION, "/test"); } @Test @@ -60,28 +65,28 @@ public class ExchangeMatcherRedirectWebFilterTests { @Test public void constructWhenExchangeMatcherNull() { assertThatIllegalArgumentException().isThrownBy(() -> new ExchangeMatcherRedirectWebFilter(null, "/test")) - .withMessage("exchangeMatcher cannot be null"); + .withMessage("exchangeMatcher cannot be null"); } @Test public void constructWhenRedirectUrlNull() { assertThatIllegalArgumentException().isThrownBy( () -> new ExchangeMatcherRedirectWebFilter(new PathPatternParserServerWebExchangeMatcher("/**"), null)) - .withMessage("redirectUrl cannot be empty"); + .withMessage("redirectUrl cannot be empty"); } @Test public void constructWhenRedirectUrlEmpty() { assertThatIllegalArgumentException().isThrownBy( () -> new ExchangeMatcherRedirectWebFilter(new PathPatternParserServerWebExchangeMatcher("/**"), "")) - .withMessage("redirectUrl cannot be empty"); + .withMessage("redirectUrl cannot be empty"); } @Test public void constructWhenRedirectUrlBlank() { assertThatIllegalArgumentException().isThrownBy( () -> new ExchangeMatcherRedirectWebFilter(new PathPatternParserServerWebExchangeMatcher("/**"), " ")) - .withMessage("redirectUrl cannot be empty"); + .withMessage("redirectUrl cannot be empty"); } } diff --git a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java index 4f527b6850..5ce0fde657 100644 --- a/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java +++ b/web/src/test/java/org/springframework/security/web/server/WebFilterChainProxyTests.java @@ -43,8 +43,13 @@ public class WebFilterChainProxyTests { ServerWebExchangeMatcher notMatch = (exchange) -> MatchResult.notMatch(); MatcherSecurityWebFilterChain chain = new MatcherSecurityWebFilterChain(notMatch, filters); WebFilterChainProxy filter = new WebFilterChainProxy(chain); - WebTestClient.bindToController(new Object()).webFilter(filter).build().get().exchange().expectStatus() - .isNotFound(); + WebTestClient.bindToController(new Object()) + .webFilter(filter) + .build() + .get() + .exchange() + .expectStatus() + .isNotFound(); } static class Http200WebFilter implements WebFilter { diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java index 7fcd199c47..6e34e63480 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/AnonymousAuthenticationWebFilterTests.java @@ -42,8 +42,10 @@ public class AnonymousAuthenticationWebFilterTests { @Test public void anonymousAuthenticationFilterWorking() { - WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(HttpMeController.class, - new AnonymousAuthenticationWebFilter(UUID.randomUUID().toString())).build(); + WebTestClient client = WebTestClientBuilder + .bindToControllerAndWebFilters(HttpMeController.class, + new AnonymousAuthenticationWebFilter(UUID.randomUUID().toString())) + .build(); client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser"); } @@ -53,8 +55,10 @@ public class AnonymousAuthenticationWebFilterTests { @GetMapping public Mono me(ServerWebExchange exchange) { - return ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication) - .map(Authentication::getPrincipal).ofType(String.class); + return ReactiveSecurityContextHolder.getContext() + .map(SecurityContext::getAuthentication) + .map(Authentication::getPrincipal) + .ofType(String.class); } } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java index 649bd4e6dc..0229231434 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationConverterServerWebExchangeMatcherTests.java @@ -61,7 +61,7 @@ public class AuthenticationConverterServerWebExchangeMatcherTests { @Test public void constructorConverterWhenConverterNullThenThrowsException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AuthenticationConverterServerWebExchangeMatcher(null)); + .isThrownBy(() -> new AuthenticationConverterServerWebExchangeMatcher(null)); } @Test diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java index a58f87adb1..615fa59ddb 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java @@ -85,9 +85,14 @@ public class AuthenticationWebFilterTests { public void filterWhenDefaultsAndNoAuthenticationThenContinues() { this.filter = new AuthenticationWebFilter(this.authenticationManager); WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/").exchange().expectStatus().isOk() - .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) - .returnResult(); + EntityExchangeResult result = client.get() + .uri("/") + .exchange() + .expectStatus() + .isOk() + .expectBody(String.class) + .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) + .returnResult(); verifyNoMoreInteractions(this.authenticationManager); assertThat(result.getResponseCookies()).isEmpty(); } @@ -96,9 +101,14 @@ public class AuthenticationWebFilterTests { public void filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues() { this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver); WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/").exchange().expectStatus().isOk() - .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) - .returnResult(); + EntityExchangeResult result = client.get() + .uri("/") + .exchange() + .expectStatus() + .isOk() + .expectBody(String.class) + .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) + .returnResult(); verifyNoMoreInteractions(this.authenticationManagerResolver); assertThat(result.getResponseCookies()).isEmpty(); } @@ -106,52 +116,76 @@ public class AuthenticationWebFilterTests { @Test public void filterWhenDefaultsAndAuthenticationSuccessThenContinues() { given(this.authenticationManager.authenticate(any())) - .willReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE"))); + .willReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE"))); this.filter = new AuthenticationWebFilter(this.authenticationManager); WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") - .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk() - .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) - .returnResult(); + EntityExchangeResult result = client.get() + .uri("/") + .headers((headers) -> headers.setBasicAuth("test", "this")) + .exchange() + .expectStatus() + .isOk() + .expectBody(String.class) + .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) + .returnResult(); assertThat(result.getResponseCookies()).isEmpty(); } @Test public void filterWhenAuthenticationManagerResolverDefaultsAndAuthenticationSuccessThenContinues() { given(this.authenticationManager.authenticate(any())) - .willReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE"))); + .willReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE"))); given(this.authenticationManagerResolver.resolve(any())).willReturn(Mono.just(this.authenticationManager)); this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver); WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") - .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk() - .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) - .returnResult(); + EntityExchangeResult result = client.get() + .uri("/") + .headers((headers) -> headers.setBasicAuth("test", "this")) + .exchange() + .expectStatus() + .isOk() + .expectBody(String.class) + .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) + .returnResult(); assertThat(result.getResponseCookies()).isEmpty(); } @Test public void filterWhenDefaultsAndAuthenticationFailThenUnauthorized() { given(this.authenticationManager.authenticate(any())) - .willReturn(Mono.error(new BadCredentialsException("failed"))); + .willReturn(Mono.error(new BadCredentialsException("failed"))); this.filter = new AuthenticationWebFilter(this.authenticationManager); WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") - .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized() - .expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"").expectBody().isEmpty(); + EntityExchangeResult result = client.get() + .uri("/") + .headers((headers) -> headers.setBasicAuth("test", "this")) + .exchange() + .expectStatus() + .isUnauthorized() + .expectHeader() + .valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"") + .expectBody() + .isEmpty(); assertThat(result.getResponseCookies()).isEmpty(); } @Test public void filterWhenAuthenticationManagerResolverDefaultsAndAuthenticationFailThenUnauthorized() { given(this.authenticationManager.authenticate(any())) - .willReturn(Mono.error(new BadCredentialsException("failed"))); + .willReturn(Mono.error(new BadCredentialsException("failed"))); given(this.authenticationManagerResolver.resolve(any())).willReturn(Mono.just(this.authenticationManager)); this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver); WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") - .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isUnauthorized() - .expectHeader().valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"").expectBody().isEmpty(); + EntityExchangeResult result = client.get() + .uri("/") + .headers((headers) -> headers.setBasicAuth("test", "this")) + .exchange() + .expectStatus() + .isUnauthorized() + .expectHeader() + .valueMatches("WWW-Authenticate", "Basic realm=\"Realm\"") + .expectBody() + .isEmpty(); assertThat(result.getResponseCookies()).isEmpty(); } @@ -159,8 +193,14 @@ public class AuthenticationWebFilterTests { public void filterWhenConvertEmptyThenOk() { given(this.authenticationConverter.convert(any())).willReturn(Mono.empty()); WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class) - .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult(); + client.get() + .uri("/") + .exchange() + .expectStatus() + .isOk() + .expectBody(String.class) + .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) + .returnResult(); verify(this.securityContextRepository, never()).save(any(), any()); verifyNoMoreInteractions(this.authenticationManager, this.successHandler, this.failureHandler); } @@ -203,10 +243,15 @@ public class AuthenticationWebFilterTests { public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() { this.filter.setRequiresAuthenticationMatcher((e) -> ServerWebExchangeMatcher.MatchResult.notMatch()); WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); - EntityExchangeResult result = client.get().uri("/") - .headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk() - .expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) - .returnResult(); + EntityExchangeResult result = client.get() + .uri("/") + .headers((headers) -> headers.setBasicAuth("test", "this")) + .exchange() + .expectStatus() + .isOk() + .expectBody(String.class) + .consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")) + .returnResult(); assertThat(result.getResponseCookies()).isEmpty(); verifyNoMoreInteractions(this.authenticationConverter, this.authenticationManager, this.successHandler); } @@ -216,7 +261,7 @@ public class AuthenticationWebFilterTests { Mono authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER")); given(this.authenticationConverter.convert(any())).willReturn(authentication); given(this.authenticationManager.authenticate(any())) - .willReturn(Mono.error(new BadCredentialsException("Failed"))); + .willReturn(Mono.error(new BadCredentialsException("Failed"))); given(this.failureHandler.onAuthenticationFailure(any(), any())).willReturn(Mono.empty()); WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build(); client.get().uri("/").exchange().expectStatus().isOk().expectBody().isEmpty(); diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java index 23c178f434..75852dbccc 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationSuccessHandlerTests.java @@ -103,12 +103,12 @@ public class DelegatingServerAuthenticationSuccessHandlerTests { public void onAuthenticationSuccessSequential() throws Exception { AtomicBoolean slowDone = new AtomicBoolean(); CountDownLatch latch = new CountDownLatch(1); - ServerAuthenticationSuccessHandler slow = (exchange, authentication) -> Mono.delay(Duration.ofMillis(100)) - .doOnSuccess((__) -> slowDone.set(true)).then(); + ServerAuthenticationSuccessHandler slow = (exchange, + authentication) -> Mono.delay(Duration.ofMillis(100)).doOnSuccess((__) -> slowDone.set(true)).then(); ServerAuthenticationSuccessHandler second = (exchange, authentication) -> Mono.fromRunnable(() -> { latch.countDown(); assertThat(slowDone.get()).describedAs("ServerAuthenticationSuccessHandler should be executed sequentially") - .isTrue(); + .isTrue(); }); DelegatingServerAuthenticationSuccessHandler handler = new DelegatingServerAuthenticationSuccessHandler(slow, second); diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java index f223504353..f660cd7ea3 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/HttpBasicServerAuthenticationEntryPointTests.java @@ -58,7 +58,7 @@ public class HttpBasicServerAuthenticationEntryPointTests { this.entryPoint.commence(this.exchange, this.exception).block(); assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); assertThat(this.exchange.getResponse().getHeaders().get("WWW-Authenticate")) - .containsOnly("Basic realm=\"Realm\""); + .containsOnly("Basic realm=\"Realm\""); } @Test @@ -68,7 +68,7 @@ public class HttpBasicServerAuthenticationEntryPointTests { this.entryPoint.commence(this.exchange, this.exception).block(); assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); assertThat(this.exchange.getResponse().getHeaders().get("WWW-Authenticate")) - .containsOnly("Basic realm=\"Custom\""); + .containsOnly("Basic realm=\"Custom\""); } @Test diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPointTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPointTests.java index f9122445fb..55a3617466 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/HttpStatusServerEntryPointTests.java @@ -53,7 +53,7 @@ public class HttpStatusServerEntryPointTests { @Test public void constructorNullStatus() { assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> new HttpStatusServerEntryPoint(null)) - .withMessage("httpStatus cannot be null"); + .withMessage("httpStatus cannot be null"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java index 23d6ca10c9..37035fce8f 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ReactivePreAuthenticatedAuthenticationManagerTests.java @@ -65,44 +65,45 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests { public void returnsAuthenticatedTokenForValidAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.validAccount)); Authentication authentication = this.manager.authenticate(tokenForUser(this.validAccount.getUsername())) - .block(); + .block(); assertThat(authentication.isAuthenticated()).isEqualTo(true); } @Test public void returnsNullForNonExistingAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.empty()); - assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy( - () -> this.manager.authenticate(tokenForUser(this.nonExistingAccount.getUsername())).block()); + assertThatExceptionOfType(UsernameNotFoundException.class) + .isThrownBy(() -> this.manager.authenticate(tokenForUser(this.nonExistingAccount.getUsername())).block()); } @Test public void throwsExceptionForLockedAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.lockedAccount)); assertThatExceptionOfType(LockedException.class) - .isThrownBy(() -> this.manager.authenticate(tokenForUser(this.lockedAccount.getUsername())).block()); + .isThrownBy(() -> this.manager.authenticate(tokenForUser(this.lockedAccount.getUsername())).block()); } @Test public void throwsExceptionForDisabledAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.disabledAccount)); assertThatExceptionOfType(DisabledException.class) - .isThrownBy(() -> this.manager.authenticate(tokenForUser(this.disabledAccount.getUsername())).block()); + .isThrownBy(() -> this.manager.authenticate(tokenForUser(this.disabledAccount.getUsername())).block()); } @Test public void throwsExceptionForExpiredAccount() { given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.expiredAccount)); assertThatExceptionOfType(AccountExpiredException.class) - .isThrownBy(() -> this.manager.authenticate(tokenForUser(this.expiredAccount.getUsername())).block()); + .isThrownBy(() -> this.manager.authenticate(tokenForUser(this.expiredAccount.getUsername())).block()); } @Test public void throwsExceptionForAccountWithExpiredCredentials() { given(this.mockUserDetailsService.findByUsername(anyString())) - .willReturn(Mono.just(this.accountWithExpiredCredentials)); - assertThatExceptionOfType(CredentialsExpiredException.class).isThrownBy(() -> this.manager - .authenticate(tokenForUser(this.accountWithExpiredCredentials.getUsername())).block()); + .willReturn(Mono.just(this.accountWithExpiredCredentials)); + assertThatExceptionOfType(CredentialsExpiredException.class) + .isThrownBy(() -> this.manager.authenticate(tokenForUser(this.accountWithExpiredCredentials.getUsername())) + .block()); } private Authentication tokenForUser(String username) { diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java index 5d10a01e74..bafecc1c2a 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationSuccessHandlerTests.java @@ -80,7 +80,7 @@ public class RedirectServerAuthenticationSuccessHandlerTests { public void successWhenSubscribeThenStatusAndLocationSet() { this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication) - .block(); + .block(); assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(HttpStatus.FOUND); assertThat(this.exchange.getResponse().getHeaders().getLocation()).isEqualTo(this.location); } @@ -92,7 +92,7 @@ public class RedirectServerAuthenticationSuccessHandlerTests { this.handler.setRedirectStrategy(this.redirectStrategy); this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); this.handler.onAuthenticationSuccess(new WebFilterExchange(this.exchange, this.chain), this.authentication) - .block(); + .block(); redirectResult.assertWasSubscribed(); verify(this.redirectStrategy).sendRedirect(any(), eq(this.location)); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java index 670f476c65..a20d204e1d 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerAuthenticationEntryPointFailureHandlerTests.java @@ -82,7 +82,7 @@ public class ServerAuthenticationEntryPointFailureHandlerTests { AuthenticationServiceException e = new AuthenticationServiceException("fail"); this.handler.setRethrowAuthenticationServiceException(true); assertThatExceptionOfType(AuthenticationServiceException.class) - .isThrownBy(() -> this.handler.onAuthenticationFailure(this.filterExchange, e).block()); + .isThrownBy(() -> this.handler.onAuthenticationFailure(this.filterExchange, e).block()); } } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java index d735311a7f..346f01bed7 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java @@ -43,7 +43,7 @@ public class ServerHttpBasicAuthenticationConverterTests { @Test public void setCredentialsCharsetWhenNullThenThrowsIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setCredentialsCharset(null)) - .withMessage("credentialsCharset cannot be null"); + .withMessage("credentialsCharset cannot be null"); } @Test @@ -81,7 +81,7 @@ public class ServerHttpBasicAuthenticationConverterTests { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd29yZA==")); UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class) - .block(); + .block(); assertThat(authentication.getPrincipal()).isEqualTo("user"); assertThat(authentication.getCredentials()).isEqualTo("password"); } @@ -91,7 +91,7 @@ public class ServerHttpBasicAuthenticationConverterTests { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzOndvcmQ=")); UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class) - .block(); + .block(); assertThat(authentication.getPrincipal()).isEqualTo("user"); assertThat(authentication.getCredentials()).isEqualTo("pass:word"); } @@ -101,7 +101,7 @@ public class ServerHttpBasicAuthenticationConverterTests { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "basic dXNlcjpwYXNzd29yZA==")); UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class) - .block(); + .block(); assertThat(authentication.getPrincipal()).isEqualTo("user"); assertThat(authentication.getCredentials()).isEqualTo("password"); } @@ -118,7 +118,7 @@ public class ServerHttpBasicAuthenticationConverterTests { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "Basic w7xzZXI6cGFzc3fDtnJk")); UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class) - .block(); + .block(); assertThat(authentication.getPrincipal()).isEqualTo("üser"); assertThat(authentication.getCredentials()).isEqualTo("passwörd"); } @@ -129,7 +129,7 @@ public class ServerHttpBasicAuthenticationConverterTests { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd29yZA==")); UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class) - .block(); + .block(); assertThat(authentication.getPrincipal()).isEqualTo("user"); assertThat(authentication.getCredentials()).isEqualTo("password"); } @@ -140,7 +140,7 @@ public class ServerHttpBasicAuthenticationConverterTests { Mono result = apply( this.request.header(HttpHeaders.AUTHORIZATION, "Basic /HNlcjpwYXNzd/ZyZA==")); UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class) - .block(); + .block(); assertThat(authentication.getPrincipal()).isEqualTo("üser"); assertThat(authentication.getCredentials()).isEqualTo("passwörd"); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerWebExchangeDelegatingReactiveAuthenticationManagerResolverTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerWebExchangeDelegatingReactiveAuthenticationManagerResolverTests.java index f40b794ee2..b63c96a7cf 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerWebExchangeDelegatingReactiveAuthenticationManagerResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerWebExchangeDelegatingReactiveAuthenticationManagerResolverTests.java @@ -44,8 +44,10 @@ public class ServerWebExchangeDelegatingReactiveAuthenticationManagerResolverTes @Test public void resolveWhenMatchesThenReturnsReactiveAuthenticationManager() { ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver resolver = ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver - .builder().add(new PathPatternParserServerWebExchangeMatcher("/one/**"), this.one) - .add(new PathPatternParserServerWebExchangeMatcher("/two/**"), this.two).build(); + .builder() + .add(new PathPatternParserServerWebExchangeMatcher("/one/**"), this.one) + .add(new PathPatternParserServerWebExchangeMatcher("/two/**"), this.two) + .build(); MockServerHttpRequest request = MockServerHttpRequest.get("/one/location").build(); assertThat(resolver.resolve(MockServerWebExchange.from(request)).block()).isEqualTo(this.one); @@ -54,16 +56,18 @@ public class ServerWebExchangeDelegatingReactiveAuthenticationManagerResolverTes @Test public void resolveWhenDoesNotMatchThenReturnsDefaultReactiveAuthenticationManager() { ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver resolver = ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver - .builder().add(new PathPatternParserServerWebExchangeMatcher("/one/**"), this.one) - .add(new PathPatternParserServerWebExchangeMatcher("/two/**"), this.two).build(); + .builder() + .add(new PathPatternParserServerWebExchangeMatcher("/one/**"), this.one) + .add(new PathPatternParserServerWebExchangeMatcher("/two/**"), this.two) + .build(); MockServerHttpRequest request = MockServerHttpRequest.get("/wrong/location").build(); ReactiveAuthenticationManager authenticationManager = resolver.resolve(MockServerWebExchange.from(request)) - .block(); + .block(); Authentication authentication = new TestingAuthenticationToken("principal", "creds"); assertThatExceptionOfType(AuthenticationServiceException.class) - .isThrownBy(() -> authenticationManager.authenticate(authentication).block()); + .isThrownBy(() -> authenticationManager.authenticate(authentication).block()); } } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java index 693309e1d4..86ff9f42e1 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerX509AuthenticationConverterTests.java @@ -62,7 +62,7 @@ public class ServerX509AuthenticationConverterTests { @Test public void shouldReturnNullForInvalidCertificate() { Authentication authentication = this.converter.convert(MockServerWebExchange.from(this.request.build())) - .block(); + .block(); assertThat(authentication).isNull(); } @@ -71,7 +71,7 @@ public class ServerX509AuthenticationConverterTests { givenExtractPrincipalWillReturn(); this.request.sslInfo(new MockSslInfo(this.certificate)); Authentication authentication = this.converter.convert(MockServerWebExchange.from(this.request.build())) - .block(); + .block(); assertThat(authentication.getName()).isEqualTo("Luke Taylor"); assertThat(authentication.getCredentials()).isEqualTo(this.certificate); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java index 4e7609f303..fbc839ed08 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/SwitchUserWebFilterTests.java @@ -108,19 +108,19 @@ public class SwitchUserWebFilterTests { final String targetUsername = "TEST_USERNAME"; final UserDetails switchUserDetails = switchUserDetails(targetUsername, true); final MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); + .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); final WebFilterChain chain = mock(WebFilterChain.class); final Authentication originalAuthentication = UsernamePasswordAuthenticationToken.unauthenticated("principal", "credentials"); final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication); given(this.userDetailsService.findByUsername(targetUsername)).willReturn(Mono.just(switchUserDetails)); given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))) - .willReturn(Mono.empty()); + .willReturn(Mono.empty()); given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class))) - .willReturn(Mono.empty()); + .willReturn(Mono.empty()); this.switchUserWebFilter.filter(exchange, chain) - .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) - .block(); + .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) + .block(); verifyNoInteractions(chain); verify(this.userDetailsService).findByUsername(targetUsername); final ArgumentCaptor securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class); @@ -134,55 +134,59 @@ public class SwitchUserWebFilterTests { assertThat(switchUserAuthentication.getName()).isEqualTo(targetUsername); assertThat(switchUserAuthentication.getAuthorities()).anyMatch(SwitchUserGrantedAuthority.class::isInstance); assertThat(switchUserAuthentication.getAuthorities()) - .anyMatch((a) -> a.getAuthority().contains(SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR)); - assertThat(switchUserAuthentication.getAuthorities().stream() - .filter((a) -> a instanceof SwitchUserGrantedAuthority) - .map((a) -> ((SwitchUserGrantedAuthority) a).getSource()).map(Principal::getName)) - .contains(originalAuthentication.getName()); + .anyMatch((a) -> a.getAuthority().contains(SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR)); + assertThat(switchUserAuthentication.getAuthorities() + .stream() + .filter((a) -> a instanceof SwitchUserGrantedAuthority) + .map((a) -> ((SwitchUserGrantedAuthority) a).getSource()) + .map(Principal::getName)).contains(originalAuthentication.getName()); } @Test public void switchUserWhenUserAlreadySwitchedThenExitSwitchAndSwitchAgain() { final Authentication originalAuthentication = UsernamePasswordAuthenticationToken - .unauthenticated("origPrincipal", "origCredentials"); + .unauthenticated("origPrincipal", "origCredentials"); final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority( SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR, originalAuthentication); final Authentication switchUserAuthentication = UsernamePasswordAuthenticationToken - .authenticated("switchPrincipal", "switchCredentials", Collections.singleton(switchAuthority)); + .authenticated("switchPrincipal", "switchCredentials", Collections.singleton(switchAuthority)); final SecurityContextImpl securityContext = new SecurityContextImpl(switchUserAuthentication); final String targetUsername = "newSwitchPrincipal"; final MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); + .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); final WebFilterChain chain = mock(WebFilterChain.class); given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))) - .willReturn(Mono.empty()); + .willReturn(Mono.empty()); given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class))) - .willReturn(Mono.empty()); + .willReturn(Mono.empty()); given(this.userDetailsService.findByUsername(targetUsername)) - .willReturn(Mono.just(switchUserDetails(targetUsername, true))); + .willReturn(Mono.just(switchUserDetails(targetUsername, true))); this.switchUserWebFilter.filter(exchange, chain) - .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) - .block(); + .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) + .block(); final ArgumentCaptor authenticationCaptor = ArgumentCaptor.forClass(Authentication.class); verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class), authenticationCaptor.capture()); final Authentication secondSwitchUserAuthentication = authenticationCaptor.getValue(); assertThat(secondSwitchUserAuthentication.getName()).isEqualTo(targetUsername); - assertThat(secondSwitchUserAuthentication.getAuthorities().stream() - .filter((a) -> a instanceof SwitchUserGrantedAuthority) - .map((a) -> ((SwitchUserGrantedAuthority) a).getSource()).map(Principal::getName).findFirst() - .orElse(null)).isEqualTo(originalAuthentication.getName()); + assertThat(secondSwitchUserAuthentication.getAuthorities() + .stream() + .filter((a) -> a instanceof SwitchUserGrantedAuthority) + .map((a) -> ((SwitchUserGrantedAuthority) a).getSource()) + .map(Principal::getName) + .findFirst() + .orElse(null)).isEqualTo(originalAuthentication.getName()); } @Test public void switchUserWhenUsernameIsMissingThenThrowException() { final MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.post("/login/impersonate")); + .from(MockServerHttpRequest.post("/login/impersonate")); final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class)); assertThatIllegalArgumentException().isThrownBy(() -> { Context securityContextHolder = ReactiveSecurityContextHolder - .withSecurityContext(Mono.just(securityContext)); + .withSecurityContext(Mono.just(securityContext)); this.switchUserWebFilter.filter(exchange, chain).subscriberContext(securityContextHolder).block(); }).withMessage("The userName can not be null."); verifyNoInteractions(chain); @@ -192,16 +196,16 @@ public class SwitchUserWebFilterTests { public void switchUserWhenExceptionThenCallFailureHandler() { final String targetUsername = "TEST_USERNAME"; final MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); + .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class)); final UserDetails switchUserDetails = switchUserDetails(targetUsername, false); given(this.userDetailsService.findByUsername(any(String.class))).willReturn(Mono.just(switchUserDetails)); given(this.failureHandler.onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class))) - .willReturn(Mono.empty()); + .willReturn(Mono.empty()); this.switchUserWebFilter.filter(exchange, chain) - .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) - .block(); + .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) + .block(); verify(this.failureHandler).onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class)); verifyNoInteractions(chain); } @@ -211,14 +215,14 @@ public class SwitchUserWebFilterTests { this.switchUserWebFilter = new SwitchUserWebFilter(this.userDetailsService, this.successHandler, null); final String targetUsername = "TEST_USERNAME"; final MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); + .from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername)); final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class)); final UserDetails switchUserDetails = switchUserDetails(targetUsername, false); given(this.userDetailsService.findByUsername(any(String.class))).willReturn(Mono.just(switchUserDetails)); assertThatExceptionOfType(DisabledException.class).isThrownBy(() -> { Context securityContextHolder = ReactiveSecurityContextHolder - .withSecurityContext(Mono.just(securityContext)); + .withSecurityContext(Mono.just(securityContext)); this.switchUserWebFilter.filter(exchange, chain).subscriberContext(securityContextHolder).block(); }); verifyNoInteractions(chain); @@ -227,22 +231,22 @@ public class SwitchUserWebFilterTests { @Test public void exitSwitchThenReturnToOriginalAuthentication() { final MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.post("/logout/impersonate")); + .from(MockServerHttpRequest.post("/logout/impersonate")); final Authentication originalAuthentication = UsernamePasswordAuthenticationToken - .unauthenticated("origPrincipal", "origCredentials"); + .unauthenticated("origPrincipal", "origCredentials"); final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority( SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR, originalAuthentication); final Authentication switchUserAuthentication = UsernamePasswordAuthenticationToken - .authenticated("switchPrincipal", "switchCredentials", Collections.singleton(switchAuthority)); + .authenticated("switchPrincipal", "switchCredentials", Collections.singleton(switchAuthority)); final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(switchUserAuthentication); given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))) - .willReturn(Mono.empty()); + .willReturn(Mono.empty()); given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class))) - .willReturn(Mono.empty()); + .willReturn(Mono.empty()); this.switchUserWebFilter.filter(exchange, chain) - .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) - .block(); + .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))) + .block(); final ArgumentCaptor securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class); verify(this.serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture()); final SecurityContext savedSecurityContext = securityContextCaptor.getValue(); @@ -258,14 +262,14 @@ public class SwitchUserWebFilterTests { @Test public void exitSwitchWhenUserNotSwitchedThenThrowError() { final MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.post("/logout/impersonate")); + .from(MockServerHttpRequest.post("/logout/impersonate")); final Authentication originalAuthentication = UsernamePasswordAuthenticationToken - .unauthenticated("origPrincipal", "origCredentials"); + .unauthenticated("origPrincipal", "origCredentials"); final WebFilterChain chain = mock(WebFilterChain.class); final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication); assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class).isThrownBy(() -> { Context securityContextHolder = ReactiveSecurityContextHolder - .withSecurityContext(Mono.just(securityContext)); + .withSecurityContext(Mono.just(securityContext)); this.switchUserWebFilter.filter(exchange, chain).subscriberContext(securityContextHolder).block(); }).withMessage("Could not find original Authentication object"); verifyNoInteractions(chain); @@ -274,37 +278,36 @@ public class SwitchUserWebFilterTests { @Test public void exitSwitchWhenNoCurrentUserThenThrowError() { final MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.post("/logout/impersonate")); + .from(MockServerHttpRequest.post("/logout/impersonate")); final WebFilterChain chain = mock(WebFilterChain.class); assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class) - .isThrownBy(() -> this.switchUserWebFilter.filter(exchange, chain).block()) - .withMessage("No current user associated with this request"); + .isThrownBy(() -> this.switchUserWebFilter.filter(exchange, chain).block()) + .withMessage("No current user associated with this request"); verifyNoInteractions(chain); } @Test public void constructorUserDetailsServiceRequired() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.switchUserWebFilter = new SwitchUserWebFilter(null, - mock(ServerAuthenticationSuccessHandler.class), mock(ServerAuthenticationFailureHandler.class))) - .withMessage("userDetailsService must be specified"); + .isThrownBy(() -> this.switchUserWebFilter = new SwitchUserWebFilter(null, + mock(ServerAuthenticationSuccessHandler.class), mock(ServerAuthenticationFailureHandler.class))) + .withMessage("userDetailsService must be specified"); } @Test public void constructorServerAuthenticationSuccessHandlerRequired() { assertThatIllegalArgumentException() - .isThrownBy( - () -> this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), - null, mock(ServerAuthenticationFailureHandler.class))) - .withMessage("successHandler must be specified"); + .isThrownBy(() -> this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), + null, mock(ServerAuthenticationFailureHandler.class))) + .withMessage("successHandler must be specified"); } @Test public void constructorSuccessTargetUrlRequired() { - assertThatIllegalArgumentException().isThrownBy( - () -> this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), null, - "failure/target/url")) - .withMessage("successTargetUrl must be specified"); + assertThatIllegalArgumentException() + .isThrownBy(() -> this.switchUserWebFilter = new SwitchUserWebFilter(mock(ReactiveUserDetailsService.class), + null, "failure/target/url")) + .withMessage("successTargetUrl must be specified"); } @Test @@ -336,8 +339,8 @@ public class SwitchUserWebFilterTests { @Test public void setSecurityContextRepositoryWhenNullThenThrowException() { assertThatIllegalArgumentException() - .isThrownBy(() -> this.switchUserWebFilter.setSecurityContextRepository(null)) - .withMessage("securityContextRepository cannot be null"); + .isThrownBy(() -> this.switchUserWebFilter.setSecurityContextRepository(null)) + .withMessage("securityContextRepository cannot be null"); } @Test @@ -356,94 +359,94 @@ public class SwitchUserWebFilterTests { @Test public void setExitUserUrlWhenNullThenThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> this.switchUserWebFilter.setExitUserUrl(null)) - .withMessage("exitUserUrl cannot be empty and must be a valid redirect URL"); + .withMessage("exitUserUrl cannot be empty and must be a valid redirect URL"); } @Test public void setExitUserUrlWhenInvalidUrlThenThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> this.switchUserWebFilter.setExitUserUrl("wrongUrl")) - .withMessage("exitUserUrl cannot be empty and must be a valid redirect URL"); + .withMessage("exitUserUrl cannot be empty and must be a valid redirect URL"); } @Test public void setExitUserUrlWhenDefinedThenChangeDefaultValue() { final MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.post("/logout/impersonate")); + .from(MockServerHttpRequest.post("/logout/impersonate")); final ServerWebExchangeMatcher oldExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils - .getField(this.switchUserWebFilter, "exitUserMatcher"); + .getField(this.switchUserWebFilter, "exitUserMatcher"); assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue(); this.switchUserWebFilter.setExitUserUrl("/exit-url"); final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/exit-url")); final ServerWebExchangeMatcher newExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils - .getField(this.switchUserWebFilter, "exitUserMatcher"); + .getField(this.switchUserWebFilter, "exitUserMatcher"); assertThat(newExitUserMatcher.matches(newExchange).block().isMatch()).isTrue(); } @Test public void setExitUserMatcherWhenNullThenThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> this.switchUserWebFilter.setExitUserMatcher(null)) - .withMessage("exitUserMatcher cannot be null"); + .withMessage("exitUserMatcher cannot be null"); } @Test public void setExitUserMatcherWhenDefinedThenChangeDefaultValue() { final MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.post("/logout/impersonate")); + .from(MockServerHttpRequest.post("/logout/impersonate")); final ServerWebExchangeMatcher oldExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils - .getField(this.switchUserWebFilter, "exitUserMatcher"); + .getField(this.switchUserWebFilter, "exitUserMatcher"); assertThat(oldExitUserMatcher.matches(exchange).block().isMatch()).isTrue(); final ServerWebExchangeMatcher newExitUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/exit-url"); this.switchUserWebFilter.setExitUserMatcher(newExitUserMatcher); final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils - .getField(this.switchUserWebFilter, "exitUserMatcher"); + .getField(this.switchUserWebFilter, "exitUserMatcher"); assertThat(currentExitUserMatcher).isSameAs(newExitUserMatcher); } @Test public void setSwitchUserUrlWhenNullThenThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> this.switchUserWebFilter.setSwitchUserUrl(null)) - .withMessage("switchUserUrl cannot be empty and must be a valid redirect URL"); + .withMessage("switchUserUrl cannot be empty and must be a valid redirect URL"); } @Test public void setSwitchUserUrlWhenInvalidThenThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> this.switchUserWebFilter.setSwitchUserUrl("wrongUrl")) - .withMessage("switchUserUrl cannot be empty and must be a valid redirect URL"); + .withMessage("switchUserUrl cannot be empty and must be a valid redirect URL"); } @Test public void setSwitchUserUrlWhenDefinedThenChangeDefaultValue() { final MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.post("/login/impersonate")); + .from(MockServerHttpRequest.post("/login/impersonate")); final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils - .getField(this.switchUserWebFilter, "switchUserMatcher"); + .getField(this.switchUserWebFilter, "switchUserMatcher"); assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue(); this.switchUserWebFilter.setSwitchUserUrl("/switch-url"); final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/switch-url")); final ServerWebExchangeMatcher newSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils - .getField(this.switchUserWebFilter, "switchUserMatcher"); + .getField(this.switchUserWebFilter, "switchUserMatcher"); assertThat(newSwitchUserMatcher.matches(newExchange).block().isMatch()).isTrue(); } @Test public void setSwitchUserMatcherWhenNullThenThrowException() { assertThatIllegalArgumentException().isThrownBy(() -> this.switchUserWebFilter.setSwitchUserMatcher(null)) - .withMessage("switchUserMatcher cannot be null"); + .withMessage("switchUserMatcher cannot be null"); } @Test public void setSwitchUserMatcherWhenDefinedThenChangeDefaultValue() { final MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.post("/login/impersonate")); + .from(MockServerHttpRequest.post("/login/impersonate")); final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils - .getField(this.switchUserWebFilter, "switchUserMatcher"); + .getField(this.switchUserWebFilter, "switchUserMatcher"); assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue(); final ServerWebExchangeMatcher newSwitchUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/switch-url"); this.switchUserWebFilter.setSwitchUserMatcher(newSwitchUserMatcher); final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils - .getField(this.switchUserWebFilter, "switchUserMatcher"); + .getField(this.switchUserWebFilter, "switchUserMatcher"); assertThat(currentExitUserMatcher).isSameAs(newSwitchUserMatcher); } diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java index 8d609a6cfb..b0bb281ae0 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/DelegatingServerLogoutHandlerTests.java @@ -62,33 +62,36 @@ public class DelegatingServerLogoutHandlerTests { private void givenDelegate1WillReturn() { given(this.delegate1.logout(any(WebFilterExchange.class), any(Authentication.class))) - .willReturn(this.delegate1Result.mono()); + .willReturn(this.delegate1Result.mono()); } private void givenDelegate2WillReturn() { given(this.delegate2.logout(any(WebFilterExchange.class), any(Authentication.class))) - .willReturn(this.delegate2Result.mono()); + .willReturn(this.delegate2Result.mono()); } @Test public void constructorWhenNullVargsThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingServerLogoutHandler((ServerLogoutHandler[]) null)) - .withMessage("delegates cannot be null or empty").withNoCause(); + .isThrownBy(() -> new DelegatingServerLogoutHandler((ServerLogoutHandler[]) null)) + .withMessage("delegates cannot be null or empty") + .withNoCause(); } @Test public void constructorWhenNullListThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingServerLogoutHandler((List) null)) - .withMessage("delegates cannot be null or empty").withNoCause(); + .isThrownBy(() -> new DelegatingServerLogoutHandler((List) null)) + .withMessage("delegates cannot be null or empty") + .withNoCause(); } @Test public void constructorWhenEmptyThenIllegalArgumentException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new DelegatingServerLogoutHandler(new ServerLogoutHandler[0])) - .withMessage("delegates cannot be null or empty").withNoCause(); + .isThrownBy(() -> new DelegatingServerLogoutHandler(new ServerLogoutHandler[0])) + .withMessage("delegates cannot be null or empty") + .withNoCause(); } @Test @@ -113,8 +116,8 @@ public class DelegatingServerLogoutHandlerTests { public void logoutSequential() throws Exception { AtomicBoolean slowDone = new AtomicBoolean(); CountDownLatch latch = new CountDownLatch(1); - ServerLogoutHandler slow = (exchange, authentication) -> Mono.delay(Duration.ofMillis(100)) - .doOnSuccess((__) -> slowDone.set(true)).then(); + ServerLogoutHandler slow = (exchange, + authentication) -> Mono.delay(Duration.ofMillis(100)).doOnSuccess((__) -> slowDone.set(true)).then(); ServerLogoutHandler second = (exchange, authentication) -> Mono.fromRunnable(() -> { latch.countDown(); assertThat(slowDone.get()).describedAs("ServerLogoutHandler should be executed sequentially").isTrue(); diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java index a8c86d6e0a..120d153ad9 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HeaderWriterServerLogoutHandlerTests.java @@ -37,7 +37,7 @@ public class HeaderWriterServerLogoutHandlerTests { @Test public void constructorWhenHeadersWriterIsNullThenExceptionThrown() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> new HeaderWriterServerLogoutHandler(null)); + .isThrownBy(() -> new HeaderWriterServerLogoutHandler(null)); } @Test diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java index e64002ca9e..35f071f2be 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/HttpStatusReturningServerLogoutSuccessHandlerTests.java @@ -39,7 +39,7 @@ public class HttpStatusReturningServerLogoutSuccessHandlerTests { public void defaultHttpStatusBeingReturned() { WebFilterExchange filterExchange = buildFilterExchange(); new HttpStatusReturningServerLogoutSuccessHandler().onLogoutSuccess(filterExchange, mock(Authentication.class)) - .block(); + .block(); assertThat(filterExchange.getExchange().getResponse().getStatusCode()).isEqualTo(HttpStatus.OK); } @@ -47,15 +47,16 @@ public class HttpStatusReturningServerLogoutSuccessHandlerTests { public void customHttpStatusBeingReturned() { WebFilterExchange filterExchange = buildFilterExchange(); new HttpStatusReturningServerLogoutSuccessHandler(HttpStatus.NO_CONTENT) - .onLogoutSuccess(filterExchange, mock(Authentication.class)).block(); + .onLogoutSuccess(filterExchange, mock(Authentication.class)) + .block(); assertThat(filterExchange.getExchange().getResponse().getStatusCode()).isEqualTo(HttpStatus.NO_CONTENT); } @Test public void nullHttpStatusThrowsException() { assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> new HttpStatusReturningServerLogoutSuccessHandler(null)) - .withMessage("The provided HttpStatus must not be null."); + .isThrownBy(() -> new HttpStatusReturningServerLogoutSuccessHandler(null)) + .withMessage("The provided HttpStatus must not be null."); } private static WebFilterExchange buildFilterExchange() { diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java index 13517a61a6..10de830d87 100644 --- a/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilterTests.java @@ -56,20 +56,24 @@ public class LogoutWebFilterTests { public void singleLogoutHandler() { this.logoutWebFilter.setLogoutHandler(this.handler1); this.logoutWebFilter.setLogoutHandler(this.handler2); - assertThat(getLogoutHandler()).isNotNull().isInstanceOf(ServerLogoutHandler.class) - .isNotInstanceOf(SecurityContextServerLogoutHandler.class).extracting(ServerLogoutHandler::getClass) - .isEqualTo(this.handler2.getClass()); + assertThat(getLogoutHandler()).isNotNull() + .isInstanceOf(ServerLogoutHandler.class) + .isNotInstanceOf(SecurityContextServerLogoutHandler.class) + .extracting(ServerLogoutHandler::getClass) + .isEqualTo(this.handler2.getClass()); } @Test public void multipleLogoutHandlers() { this.logoutWebFilter - .setLogoutHandler(new DelegatingServerLogoutHandler(this.handler1, this.handler2, this.handler3)); - assertThat(getLogoutHandler()).isNotNull().isExactlyInstanceOf(DelegatingServerLogoutHandler.class) - .extracting((delegatingLogoutHandler) -> ((Collection) ReflectionTestUtils - .getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream() - .map(ServerLogoutHandler::getClass).collect(Collectors.toList())) - .isEqualTo(Arrays.asList(this.handler1.getClass(), this.handler2.getClass(), this.handler3.getClass())); + .setLogoutHandler(new DelegatingServerLogoutHandler(this.handler1, this.handler2, this.handler3)); + assertThat(getLogoutHandler()).isNotNull() + .isExactlyInstanceOf(DelegatingServerLogoutHandler.class) + .extracting((delegatingLogoutHandler) -> ((Collection) ReflectionTestUtils + .getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream() + .map(ServerLogoutHandler::getClass) + .collect(Collectors.toList())) + .isEqualTo(Arrays.asList(this.handler1.getClass(), this.handler2.getClass(), this.handler3.getClass())); } private ServerLogoutHandler getLogoutHandler() { diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java index 8d348cba16..8b74f242b4 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java @@ -65,8 +65,8 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> a.flatMap((auth) -> Mono.error(new AccessDeniedException("Denied")))); - Mono result = filter.filter(this.exchange, this.chain).subscriberContext( - ReactiveSecurityContextHolder.withSecurityContext(Mono.just(new SecurityContextImpl()))); + Mono result = filter.filter(this.exchange, this.chain) + .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(new SecurityContextImpl()))); StepVerifier.create(result).expectError(AccessDeniedException.class).verify(); this.chainResult.assertWasNotSubscribed(); } @@ -76,8 +76,9 @@ public class AuthorizationWebFilterTests { given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> Mono.error(new AccessDeniedException("Denied"))); - Mono result = filter.filter(this.exchange, this.chain).subscriberContext( - ReactiveSecurityContextHolder.withAuthentication(new TestingAuthenticationToken("a", "b", "R"))); + Mono result = filter.filter(this.exchange, this.chain) + .subscriberContext( + ReactiveSecurityContextHolder.withAuthentication(new TestingAuthenticationToken("a", "b", "R"))); StepVerifier.create(result).expectError(AccessDeniedException.class).verify(); this.chainResult.assertWasNotSubscribed(); } @@ -89,7 +90,7 @@ public class AuthorizationWebFilterTests { AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> Mono.error(new AccessDeniedException("Denied"))); Mono result = filter.filter(this.exchange, this.chain) - .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono())); + .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono())); StepVerifier.create(result).expectError(AccessDeniedException.class).verify(); this.chainResult.assertWasNotSubscribed(); context.assertWasNotSubscribed(); @@ -102,7 +103,7 @@ public class AuthorizationWebFilterTests { AuthorizationWebFilter filter = new AuthorizationWebFilter( (a, e) -> Mono.just(new AuthorizationDecision(true))); Mono result = filter.filter(this.exchange, this.chain) - .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono())); + .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono())); StepVerifier.create(result).verifyComplete(); this.chainResult.assertWasSubscribed(); context.assertWasNotSubscribed(); @@ -112,10 +113,10 @@ public class AuthorizationWebFilterTests { public void filterWhenGrantedAndDoeAccessAuthenticationThenChainSubscribedAndSecurityContextSubscribed() { PublisherProbe context = PublisherProbe.empty(); given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); - AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> a - .map((auth) -> new AuthorizationDecision(true)).defaultIfEmpty(new AuthorizationDecision(true))); + AuthorizationWebFilter filter = new AuthorizationWebFilter((a, + e) -> a.map((auth) -> new AuthorizationDecision(true)).defaultIfEmpty(new AuthorizationDecision(true))); Mono result = filter.filter(this.exchange, this.chain) - .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono())); + .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(context.mono())); StepVerifier.create(result).verifyComplete(); this.chainResult.assertWasSubscribed(); context.assertWasSubscribed(); diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java index f7ef26d8bf..8d916142d2 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java @@ -69,8 +69,9 @@ public class DelegatingReactiveAuthorizationManagerTests { public void setup() { MockitoAnnotations.initMocks(this); this.manager = DelegatingReactiveAuthorizationManager.builder() - .add(new ServerWebExchangeMatcherEntry<>(this.match1, this.delegate1)) - .add(new ServerWebExchangeMatcherEntry<>(this.match2, this.delegate2)).build(); + .add(new ServerWebExchangeMatcherEntry<>(this.match1, this.delegate1)) + .add(new ServerWebExchangeMatcherEntry<>(this.match2, this.delegate2)) + .build(); MockServerHttpRequest request = MockServerHttpRequest.get("/test").build(); this.exchange = MockServerWebExchange.from(request); } @@ -79,7 +80,7 @@ public class DelegatingReactiveAuthorizationManagerTests { public void checkWhenFirstMatchesThenNoMoreMatchersAndNoMoreDelegatesInvoked() { given(this.match1.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match()); given(this.delegate1.check(eq(this.authentication), any(AuthorizationContext.class))) - .willReturn(Mono.just(this.decision)); + .willReturn(Mono.just(this.decision)); assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision); verifyNoMoreInteractions(this.match2, this.delegate2); } @@ -89,7 +90,7 @@ public class DelegatingReactiveAuthorizationManagerTests { given(this.match1.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); given(this.match2.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match()); given(this.delegate2.check(eq(this.authentication), any(AuthorizationContext.class))) - .willReturn(Mono.just(this.decision)); + .willReturn(Mono.just(this.decision)); assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision); verifyNoMoreInteractions(this.delegate1); } diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java index b6648bea4f..e323572b1a 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java @@ -89,8 +89,9 @@ public class ExceptionTranslationWebFilterTests { @Test public void filterWhenNotAccessDeniedExceptionThenNotHandled() { given(this.chain.filter(this.exchange)).willReturn(Mono.error(new IllegalArgumentException("oops"))); - StepVerifier.create(this.filter.filter(this.exchange, this.chain)).expectError(IllegalArgumentException.class) - .verify(); + StepVerifier.create(this.filter.filter(this.exchange, this.chain)) + .expectError(IllegalArgumentException.class) + .verify(); this.deniedPublisher.assertWasNotSubscribed(); this.entryPointPublisher.assertWasNotSubscribed(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManagerTests.java index 5b42423e2c..6cb2f2b8cf 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManagerTests.java @@ -37,7 +37,7 @@ public class IpAddressReactiveAuthorizationManagerTests { @Test public void checkWhenHasIpv6AddressThenReturnTrue() throws UnknownHostException { IpAddressReactiveAuthorizationManager v6manager = IpAddressReactiveAuthorizationManager - .hasIpAddress("fe80::21f:5bff:fe33:bd68"); + .hasIpAddress("fe80::21f:5bff:fe33:bd68"); boolean granted = v6manager.check(null, context("fe80::21f:5bff:fe33:bd68")).block().isGranted(); assertThat(granted).isTrue(); } @@ -45,7 +45,7 @@ public class IpAddressReactiveAuthorizationManagerTests { @Test public void checkWhenHasIpv6AddressThenReturnFalse() throws UnknownHostException { IpAddressReactiveAuthorizationManager v6manager = IpAddressReactiveAuthorizationManager - .hasIpAddress("fe80::21f:5bff:fe33:bd68"); + .hasIpAddress("fe80::21f:5bff:fe33:bd68"); boolean granted = v6manager.check(null, context("fe80::1c9a:7cfd:29a8:a91e")).block().isGranted(); assertThat(granted).isFalse(); } @@ -53,7 +53,7 @@ public class IpAddressReactiveAuthorizationManagerTests { @Test public void checkWhenHasIpv4AddressThenReturnTrue() throws UnknownHostException { IpAddressReactiveAuthorizationManager v4manager = IpAddressReactiveAuthorizationManager - .hasIpAddress("192.168.1.104"); + .hasIpAddress("192.168.1.104"); boolean granted = v4manager.check(null, context("192.168.1.104")).block().isGranted(); assertThat(granted).isTrue(); } @@ -61,14 +61,16 @@ public class IpAddressReactiveAuthorizationManagerTests { @Test public void checkWhenHasIpv4AddressThenReturnFalse() throws UnknownHostException { IpAddressReactiveAuthorizationManager v4manager = IpAddressReactiveAuthorizationManager - .hasIpAddress("192.168.1.104"); + .hasIpAddress("192.168.1.104"); boolean granted = v4manager.check(null, context("192.168.100.15")).block().isGranted(); assertThat(granted).isFalse(); } private static AuthorizationContext context(String ipAddress) throws UnknownHostException { - MockServerWebExchange exchange = MockServerWebExchange.builder(MockServerHttpRequest.get("/") - .remoteAddress(new InetSocketAddress(InetAddress.getByName(ipAddress), 8080))).build(); + MockServerWebExchange exchange = MockServerWebExchange + .builder(MockServerHttpRequest.get("/") + .remoteAddress(new InetSocketAddress(InetAddress.getByName(ipAddress), 8080))) + .build(); return new AuthorizationContext(exchange); } diff --git a/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java index 5f3971292e..c1c61c27a0 100644 --- a/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java @@ -40,7 +40,7 @@ public class NoOpServerSecurityContextRepositoryTests { public void saveAndLoad() { SecurityContext context = new SecurityContextImpl(); Mono result = this.repository.save(this.exchange, context) - .then(this.repository.load(this.exchange)); + .then(this.repository.load(this.exchange)); StepVerifier.create(result).verifyComplete(); } diff --git a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java index 7f3e6a3f1f..932c61f31d 100644 --- a/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/context/ReactorContextWebFilterTests.java @@ -97,8 +97,10 @@ public class ReactorContextWebFilterTests { SecurityContextImpl context = new SecurityContextImpl(this.principal); given(this.repository.load(any())).willReturn(Mono.just(context)); this.handler = WebTestHandler.bindToWebFilters(this.filter, - (e, c) -> ReactiveSecurityContextHolder.getContext().map(SecurityContext::getAuthentication) - .doOnSuccess((p) -> assertThat(p).isSameAs(this.principal)).flatMap((p) -> c.filter(e))); + (e, c) -> ReactiveSecurityContextHolder.getContext() + .map(SecurityContext::getAuthentication) + .doOnSuccess((p) -> assertThat(p).isSameAs(this.principal)) + .flatMap((p) -> c.filter(e))); WebTestHandler.WebHandlerResult result = this.handler.exchange(this.exchange); this.securityContext.assertWasNotSubscribed(); } diff --git a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java index bcf3d2bba4..cb5ad7721a 100644 --- a/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/context/SecurityContextServerWebExchangeWebFilterTests.java @@ -45,24 +45,25 @@ public class SecurityContextServerWebExchangeWebFilterTests { @Test public void filterWhenExistingContextAndPrincipalNotNullThenContextPopulated() { Mono result = this.filter - .filter(this.exchange, new DefaultWebFilterChain((e) -> e.getPrincipal() + .filter(this.exchange, + new DefaultWebFilterChain((e) -> e.getPrincipal() .doOnSuccess((contextPrincipal) -> assertThat(contextPrincipal).isEqualTo(this.principal)) .flatMap((contextPrincipal) -> Mono.subscriberContext()) - .doOnSuccess((context) -> assertThat(context.get("foo")).isEqualTo("bar")).then())) - .subscriberContext((context) -> context.put("foo", "bar")) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal)); + .doOnSuccess((context) -> assertThat(context.get("foo")).isEqualTo("bar")) + .then())) + .subscriberContext((context) -> context.put("foo", "bar")) + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal)); StepVerifier.create(result).verifyComplete(); } @Test public void filterWhenPrincipalNotNullThenContextPopulated() { Mono result = this.filter - .filter(this.exchange, - new DefaultWebFilterChain((e) -> e.getPrincipal() - .doOnSuccess( - (contextPrincipal) -> assertThat(contextPrincipal).isEqualTo(this.principal)) - .then())) - .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal)); + .filter(this.exchange, + new DefaultWebFilterChain((e) -> e.getPrincipal() + .doOnSuccess((contextPrincipal) -> assertThat(contextPrincipal).isEqualTo(this.principal)) + .then())) + .subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal)); StepVerifier.create(result).verifyComplete(); } @@ -70,10 +71,10 @@ public class SecurityContextServerWebExchangeWebFilterTests { public void filterWhenPrincipalNullThenContextEmpty() { Authentication defaultAuthentication = new TestingAuthenticationToken("anonymouse", "anonymous", "TEST"); Mono result = this.filter.filter(this.exchange, - new DefaultWebFilterChain((e) -> e.getPrincipal().defaultIfEmpty(defaultAuthentication) - .doOnSuccess( - (contextPrincipal) -> assertThat(contextPrincipal).isEqualTo(defaultAuthentication)) - .then())); + new DefaultWebFilterChain((e) -> e.getPrincipal() + .defaultIfEmpty(defaultAuthentication) + .doOnSuccess((contextPrincipal) -> assertThat(contextPrincipal).isEqualTo(defaultAuthentication)) + .then())); StepVerifier.create(result).verifyComplete(); } diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java index b190642158..3507c9122c 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepositoryTests.java @@ -254,7 +254,7 @@ public class CookieServerCsrfTokenRepositoryTests { private void loadAndAssertExpectedValues() { MockServerHttpRequest.BodyBuilder request = MockServerHttpRequest.post("/someUri") - .cookie(new HttpCookie(this.expectedCookieName, this.expectedCookieValue)); + .cookie(new HttpCookie(this.expectedCookieName, this.expectedCookieValue)); MockServerWebExchange exchange = MockServerWebExchange.from(request); CsrfToken csrfToken = this.csrfTokenRepository.loadToken(exchange).block(); if (StringUtils.hasText(this.expectedCookieValue)) { diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java index 397b2b1890..ec82182559 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java @@ -62,14 +62,15 @@ public class CsrfServerLogoutHandlerTests { @Test public void constructorNullCsrfTokenRepository() { assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> new CsrfServerLogoutHandler(null)) - .withMessage("csrfTokenRepository cannot be null").withNoCause(); + .withMessage("csrfTokenRepository cannot be null") + .withNoCause(); } @Test public void logoutRemovesCsrfToken() { given(this.csrfTokenRepository.saveToken(this.exchange, null)).willReturn(Mono.empty()); this.handler.logout(this.filterExchange, new TestingAuthenticationToken("user", "password", "ROLE_USER")) - .block(); + .block(); verify(this.csrfTokenRepository).saveToken(this.exchange, null); } diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java index c938829a0e..5198ee1085 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfWebFilterTests.java @@ -104,7 +104,7 @@ public class CsrfWebFilterTests { StepVerifier.create(result).verifyComplete(); assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); StepVerifier.create(this.post.getResponse().getBodyAsString()) - .assertNext((body) -> assertThat(body).contains("An expected CSRF token cannot be found")); + .assertNext((body) -> assertThat(body).contains("An expected CSRF token cannot be found")); } @Test @@ -112,7 +112,7 @@ public class CsrfWebFilterTests { this.csrfFilter.setCsrfTokenRepository(this.repository); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); this.post = MockServerWebExchange.from(MockServerHttpRequest.post("/") - .body(this.token.getParameterName() + "=" + this.token.getToken() + "INVALID")); + .body(this.token.getParameterName() + "=" + this.token.getToken() + "INVALID")); Mono result = this.csrfFilter.filter(this.post, this.chain); StepVerifier.create(result).verifyComplete(); assertThat(this.post.getResponse().getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN); @@ -125,9 +125,9 @@ public class CsrfWebFilterTests { this.csrfFilter.setCsrfTokenRepository(this.repository); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); - this.post = MockServerWebExchange - .from(MockServerHttpRequest.post("/").contentType(MediaType.APPLICATION_FORM_URLENCODED) - .body(this.token.getParameterName() + "=" + this.token.getToken())); + this.post = MockServerWebExchange.from(MockServerHttpRequest.post("/") + .contentType(MediaType.APPLICATION_FORM_URLENCODED) + .body(this.token.getParameterName() + "=" + this.token.getToken())); Mono result = this.csrfFilter.filter(this.post, this.chain); StepVerifier.create(result).verifyComplete(); chainResult.assertWasSubscribed(); @@ -152,7 +152,7 @@ public class CsrfWebFilterTests { given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); this.post = MockServerWebExchange - .from(MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken())); + .from(MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken())); Mono result = this.csrfFilter.filter(this.post, this.chain); StepVerifier.create(result).verifyComplete(); chainResult.assertWasSubscribed(); @@ -162,7 +162,7 @@ public class CsrfWebFilterTests { public void filterWhenRequestHandlerSetThenUsed() { ServerCsrfTokenRequestHandler requestHandler = mock(ServerCsrfTokenRequestHandler.class); given(requestHandler.resolveCsrfTokenValue(any(ServerWebExchange.class), any(CsrfToken.class))) - .willReturn(Mono.just(this.token.getToken())); + .willReturn(Mono.just(this.token.getToken())); this.csrfFilter.setRequestHandler(requestHandler); PublisherProbe chainResult = PublisherProbe.empty(); @@ -171,7 +171,7 @@ public class CsrfWebFilterTests { given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); this.post = MockServerWebExchange - .from(MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken())); + .from(MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken())); Mono result = this.csrfFilter.filter(this.post, this.chain); StepVerifier.create(result).verifyComplete(); chainResult.assertWasSubscribed(); @@ -195,9 +195,9 @@ public class CsrfWebFilterTests { Mono csrfTokenAttribute = this.get.getAttribute(CsrfToken.class.getName()); assertThat(csrfTokenAttribute).isNotNull(); StepVerifier.create(csrfTokenAttribute) - .consumeNextWith((csrfToken) -> this.post = MockServerWebExchange - .from(MockServerHttpRequest.post("/").header(csrfToken.getHeaderName(), csrfToken.getToken()))) - .verifyComplete(); + .consumeNextWith((csrfToken) -> this.post = MockServerWebExchange + .from(MockServerHttpRequest.post("/").header(csrfToken.getHeaderName(), csrfToken.getToken()))) + .verifyComplete(); StepVerifier.create(this.csrfFilter.filter(this.post, this.chain)).verifyComplete(); chainResult.assertWasSubscribed(); @@ -211,7 +211,7 @@ public class CsrfWebFilterTests { XorServerCsrfTokenRequestAttributeHandler requestHandler = new XorServerCsrfTokenRequestAttributeHandler(); this.csrfFilter.setRequestHandler(requestHandler); this.post = MockServerWebExchange - .from(MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken())); + .from(MockServerHttpRequest.post("/").header(this.token.getHeaderName(), this.token.getToken())); Mono result = this.csrfFilter.filter(this.post, this.chain); StepVerifier.create(result).verifyComplete(); chainResult.assertWasNotSubscribed(); @@ -222,10 +222,10 @@ public class CsrfWebFilterTests { // gh-8452 public void matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed() { MockServerWebExchange nonStandardHttpExchange = MockServerWebExchange - .from(MockServerHttpRequest.method("non-standard-http-method", "/")); + .from(MockServerHttpRequest.method("non-standard-http-method", "/")); ServerWebExchangeMatcher serverWebExchangeMatcher = CsrfWebFilter.DEFAULT_CSRF_MATCHER; assertThat(serverWebExchangeMatcher.matches(nonStandardHttpExchange).map(MatchResult::isMatch).block()) - .isTrue(); + .isTrue(); } @Test @@ -245,9 +245,13 @@ public class CsrfWebFilterTests { this.csrfFilter.setCsrfTokenRepository(this.repository); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA) - .body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange() - .expectStatus().isForbidden(); + client.post() + .uri("/") + .contentType(MediaType.MULTIPART_FORM_DATA) + .body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())) + .exchange() + .expectStatus() + .isForbidden(); } @Test @@ -259,9 +263,13 @@ public class CsrfWebFilterTests { given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA) - .body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange() - .expectStatus().is2xxSuccessful(); + client.post() + .uri("/") + .contentType(MediaType.MULTIPART_FORM_DATA) + .body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())) + .exchange() + .expectStatus() + .is2xxSuccessful(); } @Test @@ -273,8 +281,12 @@ public class CsrfWebFilterTests { given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").header(this.token.getHeaderName(), this.token.getToken()).exchange().expectStatus() - .is2xxSuccessful(); + client.post() + .uri("/") + .header(this.token.getHeaderName(), this.token.getToken()) + .exchange() + .expectStatus() + .is2xxSuccessful(); } @Test @@ -286,9 +298,13 @@ public class CsrfWebFilterTests { given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); given(this.repository.generateToken(any())).willReturn(Mono.just(this.token)); WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").contentType(MediaType.APPLICATION_FORM_URLENCODED) - .bodyValue(this.token.getParameterName() + "=" + this.token.getToken()).exchange().expectStatus() - .is2xxSuccessful(); + client.post() + .uri("/") + .contentType(MediaType.APPLICATION_FORM_URLENCODED) + .bodyValue(this.token.getParameterName() + "=" + this.token.getToken()) + .exchange() + .expectStatus() + .is2xxSuccessful(); } @Test @@ -299,9 +315,13 @@ public class CsrfWebFilterTests { this.csrfFilter.setRequestHandler(requestHandler); given(this.repository.loadToken(any())).willReturn(Mono.just(this.token)); WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").contentType(MediaType.MULTIPART_MIXED) - .bodyValue(this.token.getParameterName() + "=" + this.token.getToken()).exchange().expectStatus() - .isForbidden(); + client.post() + .uri("/") + .contentType(MediaType.MULTIPART_MIXED) + .bodyValue(this.token.getParameterName() + "=" + this.token.getToken()) + .exchange() + .expectStatus() + .isForbidden(); } // gh-9561 @@ -314,9 +334,13 @@ public class CsrfWebFilterTests { given(token.getParameterName()).willReturn(this.token.getParameterName()); given(this.repository.loadToken(any())).willReturn(Mono.just(token)); WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build(); - client.post().uri("/").contentType(MediaType.APPLICATION_FORM_URLENCODED) - .bodyValue(this.token.getParameterName() + "=" + this.token.getToken()).exchange().expectStatus() - .isForbidden(); + client.post() + .uri("/") + .contentType(MediaType.APPLICATION_FORM_URLENCODED) + .bodyValue(this.token.getParameterName() + "=" + this.token.getToken()) + .exchange() + .expectStatus() + .isForbidden(); } // gh-9113 diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRequestAttributeHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRequestAttributeHandlerTests.java index 8ee5ed9f3a..120e83e58f 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRequestAttributeHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRequestAttributeHandlerTests.java @@ -103,28 +103,34 @@ public class ServerCsrfTokenRequestAttributeHandlerTests { @Test public void resolveCsrfTokenValueWhenFormDataSetThenReturnsTokenValue() { - this.exchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/") + this.exchange = MockServerWebExchange + .builder(MockServerHttpRequest.post("/") .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) - .body(this.token.getParameterName() + "=" + this.token.getToken())).build(); + .body(this.token.getParameterName() + "=" + this.token.getToken())) + .build(); Mono csrfToken = this.handler.resolveCsrfTokenValue(this.exchange, this.token); StepVerifier.create(csrfToken).expectNext(this.token.getToken()).verifyComplete(); } @Test public void resolveCsrfTokenValueWhenHeaderSetThenReturnsTokenValue() { - this.exchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/") + this.exchange = MockServerWebExchange + .builder(MockServerHttpRequest.post("/") .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) - .header(this.token.getHeaderName(), this.token.getToken())).build(); + .header(this.token.getHeaderName(), this.token.getToken())) + .build(); Mono csrfToken = this.handler.resolveCsrfTokenValue(this.exchange, this.token); StepVerifier.create(csrfToken).expectNext(this.token.getToken()).verifyComplete(); } @Test public void resolveCsrfTokenValueWhenHeaderAndFormDataSetThenFormDataIsPreferred() { - this.exchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/") + this.exchange = MockServerWebExchange + .builder(MockServerHttpRequest.post("/") .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) .header(this.token.getHeaderName(), "header") - .body(this.token.getParameterName() + "=" + this.token.getToken())).build(); + .body(this.token.getParameterName() + "=" + this.token.getToken())) + .build(); Mono csrfToken = this.handler.resolveCsrfTokenValue(this.exchange, this.token); StepVerifier.create(csrfToken).expectNext(this.token.getToken()).verifyComplete(); } diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java index e1124c0805..1bf940ee87 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java @@ -55,7 +55,7 @@ public class WebSessionServerCsrfTokenRepositoryTests { @Test public void saveTokenWhenDefaultThenAddsToSession() { Mono result = this.repository.generateToken(this.exchange) - .delayUntil((t) -> this.repository.saveToken(this.exchange, t)); + .delayUntil((t) -> this.repository.saveToken(this.exchange, t)); result.block(); WebSession session = this.exchange.getSession().block(); Map attributes = session.getAttributes(); diff --git a/web/src/test/java/org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandlerTests.java index ef5b8c0cd6..c6b800af06 100644 --- a/web/src/test/java/org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandlerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandlerTests.java @@ -156,28 +156,34 @@ public class XorServerCsrfTokenRequestAttributeHandlerTests { @Test public void resolveCsrfTokenValueWhenFormDataSetThenReturnsTokenValue() { - this.exchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/") + this.exchange = MockServerWebExchange + .builder(MockServerHttpRequest.post("/") .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) - .body(this.token.getParameterName() + "=" + XOR_CSRF_TOKEN_VALUE)).build(); + .body(this.token.getParameterName() + "=" + XOR_CSRF_TOKEN_VALUE)) + .build(); Mono csrfToken = this.handler.resolveCsrfTokenValue(this.exchange, this.token); StepVerifier.create(csrfToken).expectNext(this.token.getToken()).verifyComplete(); } @Test public void resolveCsrfTokenValueWhenHeaderSetThenReturnsTokenValue() { - this.exchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/") + this.exchange = MockServerWebExchange + .builder(MockServerHttpRequest.post("/") .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) - .header(this.token.getHeaderName(), XOR_CSRF_TOKEN_VALUE)).build(); + .header(this.token.getHeaderName(), XOR_CSRF_TOKEN_VALUE)) + .build(); Mono csrfToken = this.handler.resolveCsrfTokenValue(this.exchange, this.token); StepVerifier.create(csrfToken).expectNext(this.token.getToken()).verifyComplete(); } @Test public void resolveCsrfTokenValueWhenHeaderAndFormDataSetThenFormDataIsPreferred() { - this.exchange = MockServerWebExchange.builder(MockServerHttpRequest.post("/") + this.exchange = MockServerWebExchange + .builder(MockServerHttpRequest.post("/") .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) .header(this.token.getHeaderName(), "header") - .body(this.token.getParameterName() + "=" + XOR_CSRF_TOKEN_VALUE)).build(); + .body(this.token.getParameterName() + "=" + XOR_CSRF_TOKEN_VALUE)) + .build(); Mono csrfToken = this.handler.resolveCsrfTokenValue(this.exchange, this.token); StepVerifier.create(csrfToken).expectNext(this.token.getToken()).verifyComplete(); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java index b346353349..822750041a 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java @@ -44,9 +44,9 @@ public class CacheControlServerHttpHeadersWriterTests { this.writer.writeHttpHeaders(this.exchange); assertThat(this.headers).hasSize(3); assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)) - .containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE); + .containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE); assertThat(this.headers.get(HttpHeaders.EXPIRES)) - .containsOnly(CacheControlServerHttpHeadersWriter.EXPIRES_VALUE); + .containsOnly(CacheControlServerHttpHeadersWriter.EXPIRES_VALUE); assertThat(this.headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlServerHttpHeadersWriter.PRAGMA_VALUE); } diff --git a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java index e8d17f4b1d..9fdfc825bb 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/ClearSiteDataServerHttpHeadersWriterTests.java @@ -47,7 +47,7 @@ public class ClearSiteDataServerHttpHeadersWriterTests { public void writeHttpHeadersWhenSecureConnectionThenHeaderWritten() { ClearSiteDataServerHttpHeadersWriter writer = new ClearSiteDataServerHttpHeadersWriter(Directive.ALL); ServerWebExchange secureExchange = MockServerWebExchange - .from(MockServerHttpRequest.get("https://localhost").build()); + .from(MockServerHttpRequest.get("https://localhost").build()); writer.writeHttpHeaders(secureExchange); assertThat(secureExchange.getResponse()).hasClearSiteDataHeaderDirectives(Directive.ALL); } @@ -65,7 +65,7 @@ public class ClearSiteDataServerHttpHeadersWriterTests { ClearSiteDataServerHttpHeadersWriter writer = new ClearSiteDataServerHttpHeadersWriter(Directive.CACHE, Directive.COOKIES); ServerWebExchange secureExchange = MockServerWebExchange - .from(MockServerHttpRequest.get("https://localhost").build()); + .from(MockServerHttpRequest.get("https://localhost").build()); writer.writeHttpHeaders(secureExchange); assertThat(secureExchange.getResponse()).hasClearSiteDataHeaderDirectives(Directive.CACHE, Directive.COOKIES); } @@ -84,8 +84,9 @@ public class ClearSiteDataServerHttpHeadersWriterTests { isNotNull(); List header = getHeader(); String actualHeaderValue = String.join("", header); - String expectedHeaderVale = Stream.of(directives).map(Directive::getHeaderValue) - .collect(Collectors.joining(", ")); + String expectedHeaderVale = Stream.of(directives) + .map(Directive::getHeaderValue) + .collect(Collectors.joining(", ")); if (!actualHeaderValue.equals(expectedHeaderVale)) { failWithMessage("Expected to have %s as Clear-Site-Data header value but found %s", expectedHeaderVale, actualHeaderValue); diff --git a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java index 865a542aaf..3065df90bf 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java @@ -90,8 +90,8 @@ public class CompositeServerHttpHeadersWriterTests { public void writeHttpHeadersSequential() throws Exception { AtomicBoolean slowDone = new AtomicBoolean(); CountDownLatch latch = new CountDownLatch(1); - ServerHttpHeadersWriter slow = (exchange) -> Mono.delay(Duration.ofMillis(100)) - .doOnSuccess((__) -> slowDone.set(true)).then(); + ServerHttpHeadersWriter slow = ( + exchange) -> Mono.delay(Duration.ofMillis(100)).doOnSuccess((__) -> slowDone.set(true)).then(); ServerHttpHeadersWriter second = (exchange) -> Mono.fromRunnable(() -> { latch.countDown(); assertThat(slowDone.get()).describedAs("ServerLogoutHandler should be executed sequentially").isTrue(); diff --git a/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java index 1946cc57d1..28efe3b190 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/ContentSecurityPolicyServerHttpHeadersWriterTests.java @@ -59,7 +59,7 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests { HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY)) - .containsOnly(DEFAULT_POLICY_DIRECTIVES); + .containsOnly(DEFAULT_POLICY_DIRECTIVES); } @Test @@ -70,7 +70,7 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests { HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY_REPORT_ONLY)) - .containsOnly(DEFAULT_POLICY_DIRECTIVES); + .containsOnly(DEFAULT_POLICY_DIRECTIVES); } @Test @@ -84,13 +84,14 @@ public class ContentSecurityPolicyServerHttpHeadersWriterTests { @Test public void writeHeadersWhenAlreadyWrittenThenWritesHeader() { String headerValue = "default-src https: 'self'"; - this.exchange.getResponse().getHeaders() - .set(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, headerValue); + this.exchange.getResponse() + .getHeaders() + .set(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, headerValue); this.writer.writeHttpHeaders(this.exchange); HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY)) - .containsOnly(headerValue); + .containsOnly(headerValue); } } diff --git a/web/src/test/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriterTests.java index 1fa585fe34..4221e36a1e 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriterTests.java @@ -43,7 +43,7 @@ class ContentTypeOptionsServerHttpHeadersWriterTests { this.writer.writeHttpHeaders(this.exchange); assertThat(this.headers).hasSize(1); assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) - .containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF); + .containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF); } @Test @@ -53,7 +53,7 @@ class ContentTypeOptionsServerHttpHeadersWriterTests { this.writer.writeHttpHeaders(this.exchange); assertThat(this.headers).hasSize(1); assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) - .containsOnly(headerValue); + .containsOnly(headerValue); } @Test diff --git a/web/src/test/java/org/springframework/security/web/server/header/CrossOriginEmbedderPolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CrossOriginEmbedderPolicyServerHttpHeadersWriterTests.java index b4e99336fc..c4be94b856 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/CrossOriginEmbedderPolicyServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/CrossOriginEmbedderPolicyServerHttpHeadersWriterTests.java @@ -42,7 +42,7 @@ class CrossOriginEmbedderPolicyServerHttpHeadersWriterTests { @Test void setEmbedderPolicyWhenNullEmbedderPolicyThenThrowsIllegalArgument() { assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setPolicy(null)) - .withMessage("embedderPolicy cannot be null"); + .withMessage("embedderPolicy cannot be null"); } @Test @@ -54,13 +54,14 @@ class CrossOriginEmbedderPolicyServerHttpHeadersWriterTests { @Test void writeHeadersWhenResponseHeaderExistsThenDontOverride() { - this.exchange.getResponse().getHeaders().add(CrossOriginEmbedderPolicyServerHttpHeadersWriter.EMBEDDER_POLICY, - "require-corp"); + this.exchange.getResponse() + .getHeaders() + .add(CrossOriginEmbedderPolicyServerHttpHeadersWriter.EMBEDDER_POLICY, "require-corp"); this.writer.writeHttpHeaders(this.exchange); HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(CrossOriginEmbedderPolicyServerHttpHeadersWriter.EMBEDDER_POLICY)) - .containsOnly("require-corp"); + .containsOnly("require-corp"); } @Test @@ -70,7 +71,7 @@ class CrossOriginEmbedderPolicyServerHttpHeadersWriterTests { HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(CrossOriginEmbedderPolicyServerHttpHeadersWriter.EMBEDDER_POLICY)) - .containsOnly("require-corp"); + .containsOnly("require-corp"); } } diff --git a/web/src/test/java/org/springframework/security/web/server/header/CrossOriginOpenerPolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CrossOriginOpenerPolicyServerHttpHeadersWriterTests.java index 0159665b4e..0f5f993377 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/CrossOriginOpenerPolicyServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/CrossOriginOpenerPolicyServerHttpHeadersWriterTests.java @@ -42,7 +42,7 @@ class CrossOriginOpenerPolicyServerHttpHeadersWriterTests { @Test void setOpenerPolicyWhenNullOpenerPolicyThenThrowsIllegalArgument() { assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setPolicy(null)) - .withMessage("openerPolicy cannot be null"); + .withMessage("openerPolicy cannot be null"); } @Test @@ -54,24 +54,25 @@ class CrossOriginOpenerPolicyServerHttpHeadersWriterTests { @Test void writeHeadersWhenResponseHeaderExistsThenDontOverride() { - this.exchange.getResponse().getHeaders().add(CrossOriginOpenerPolicyServerHttpHeadersWriter.OPENER_POLICY, - "same-origin"); + this.exchange.getResponse() + .getHeaders() + .add(CrossOriginOpenerPolicyServerHttpHeadersWriter.OPENER_POLICY, "same-origin"); this.writer.writeHttpHeaders(this.exchange); HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(CrossOriginOpenerPolicyServerHttpHeadersWriter.OPENER_POLICY)) - .containsOnly("same-origin"); + .containsOnly("same-origin"); } @Test void writeHeadersWhenSetHeaderValuesThenWrites() { - this.writer.setPolicy( - CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy.SAME_ORIGIN_ALLOW_POPUPS); + this.writer + .setPolicy(CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy.SAME_ORIGIN_ALLOW_POPUPS); this.writer.writeHttpHeaders(this.exchange); HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(CrossOriginOpenerPolicyServerHttpHeadersWriter.OPENER_POLICY)) - .containsOnly("same-origin-allow-popups"); + .containsOnly("same-origin-allow-popups"); } } diff --git a/web/src/test/java/org/springframework/security/web/server/header/CrossOriginResourcePolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/CrossOriginResourcePolicyServerHttpHeadersWriterTests.java index a3ba9a2ec9..01b1242f27 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/CrossOriginResourcePolicyServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/CrossOriginResourcePolicyServerHttpHeadersWriterTests.java @@ -42,7 +42,7 @@ class CrossOriginResourcePolicyServerHttpHeadersWriterTests { @Test void setResourcePolicyWhenNullThenThrowsIllegalArgument() { assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setPolicy(null)) - .withMessage("resourcePolicy cannot be null"); + .withMessage("resourcePolicy cannot be null"); } @Test @@ -54,13 +54,14 @@ class CrossOriginResourcePolicyServerHttpHeadersWriterTests { @Test void writeHeadersWhenResponseHeaderExistsThenDontOverride() { - this.exchange.getResponse().getHeaders().add(CrossOriginResourcePolicyServerHttpHeadersWriter.RESOURCE_POLICY, - "same-origin"); + this.exchange.getResponse() + .getHeaders() + .add(CrossOriginResourcePolicyServerHttpHeadersWriter.RESOURCE_POLICY, "same-origin"); this.writer.writeHttpHeaders(this.exchange); HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(CrossOriginResourcePolicyServerHttpHeadersWriter.RESOURCE_POLICY)) - .containsOnly("same-origin"); + .containsOnly("same-origin"); } @Test @@ -70,7 +71,7 @@ class CrossOriginResourcePolicyServerHttpHeadersWriterTests { HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(CrossOriginResourcePolicyServerHttpHeadersWriter.RESOURCE_POLICY)) - .containsOnly("same-origin"); + .containsOnly("same-origin"); } } diff --git a/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java index 447c90f789..8e03858642 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/FeaturePolicyServerHttpHeadersWriterTests.java @@ -59,7 +59,7 @@ public class FeaturePolicyServerHttpHeadersWriterTests { HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY)) - .containsOnly(DEFAULT_POLICY_DIRECTIVES); + .containsOnly(DEFAULT_POLICY_DIRECTIVES); } @Test diff --git a/web/src/test/java/org/springframework/security/web/server/header/PermissionsPolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/PermissionsPolicyServerHttpHeadersWriterTests.java index 4d8fc3d235..8c41443839 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/PermissionsPolicyServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/PermissionsPolicyServerHttpHeadersWriterTests.java @@ -59,15 +59,16 @@ public class PermissionsPolicyServerHttpHeadersWriterTests { HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(PermissionsPolicyServerHttpHeadersWriter.PERMISSIONS_POLICY)) - .containsOnly(DEFAULT_POLICY_DIRECTIVES); + .containsOnly(DEFAULT_POLICY_DIRECTIVES); } @Test public void writeHeadersWhenAlreadyWrittenThenWritesHeader() { this.writer.setPolicy(DEFAULT_POLICY_DIRECTIVES); String headerValue = "camera=(self)"; - this.exchange.getResponse().getHeaders().set(PermissionsPolicyServerHttpHeadersWriter.PERMISSIONS_POLICY, - headerValue); + this.exchange.getResponse() + .getHeaders() + .set(PermissionsPolicyServerHttpHeadersWriter.PERMISSIONS_POLICY, headerValue); this.writer.writeHttpHeaders(this.exchange); HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); diff --git a/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java index 75a7aa5e1e..06ca50074a 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/ReferrerPolicyServerHttpHeadersWriterTests.java @@ -50,7 +50,7 @@ public class ReferrerPolicyServerHttpHeadersWriterTests { HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY)) - .containsOnly(ReferrerPolicy.NO_REFERRER.getPolicy()); + .containsOnly(ReferrerPolicy.NO_REFERRER.getPolicy()); } @Test @@ -60,14 +60,15 @@ public class ReferrerPolicyServerHttpHeadersWriterTests { HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); assertThat(headers.get(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY)) - .containsOnly(ReferrerPolicy.SAME_ORIGIN.getPolicy()); + .containsOnly(ReferrerPolicy.SAME_ORIGIN.getPolicy()); } @Test public void writeHeadersWhenAlreadyWrittenThenWritesHeader() { String headerValue = ReferrerPolicy.SAME_ORIGIN.getPolicy(); - this.exchange.getResponse().getHeaders().set(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY, - headerValue); + this.exchange.getResponse() + .getHeaders() + .set(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY, headerValue); this.writer.writeHttpHeaders(this.exchange); HttpHeaders headers = this.exchange.getResponse().getHeaders(); assertThat(headers).hasSize(1); diff --git a/web/src/test/java/org/springframework/security/web/server/header/ServerWebExchangeDelegatingServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/ServerWebExchangeDelegatingServerHttpHeadersWriterTests.java index c3c38ff0a3..c79089d5d9 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/ServerWebExchangeDelegatingServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/ServerWebExchangeDelegatingServerHttpHeadersWriterTests.java @@ -61,44 +61,44 @@ public class ServerWebExchangeDelegatingServerHttpHeadersWriterTests { @Test public void constructorWhenNullWebExchangeMatcherThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new ServerWebExchangeDelegatingServerHttpHeadersWriter(null, this.delegate)) - .withMessage("webExchangeMatcher cannot be null"); + .isThrownBy(() -> new ServerWebExchangeDelegatingServerHttpHeadersWriter(null, this.delegate)) + .withMessage("webExchangeMatcher cannot be null"); } @Test public void constructorWhenNullWebExchangeMatcherEntryThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new ServerWebExchangeDelegatingServerHttpHeadersWriter(null)) - .withMessage("headersWriter cannot be null"); + .isThrownBy(() -> new ServerWebExchangeDelegatingServerHttpHeadersWriter(null)) + .withMessage("headersWriter cannot be null"); } @Test public void constructorWhenNullDelegateHeadersWriterThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new ServerWebExchangeDelegatingServerHttpHeadersWriter(this.matcher, null)) - .withMessage("delegateHeadersWriter cannot be null"); + .isThrownBy(() -> new ServerWebExchangeDelegatingServerHttpHeadersWriter(this.matcher, null)) + .withMessage("delegateHeadersWriter cannot be null"); } @Test public void constructorWhenEntryWithNullMatcherThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new ServerWebExchangeDelegatingServerHttpHeadersWriter( - new ServerWebExchangeMatcherEntry<>(null, this.delegate))) - .withMessage("webExchangeMatcher cannot be null"); + .isThrownBy(() -> new ServerWebExchangeDelegatingServerHttpHeadersWriter( + new ServerWebExchangeMatcherEntry<>(null, this.delegate))) + .withMessage("webExchangeMatcher cannot be null"); } @Test public void constructorWhenEntryWithNullEntryThenException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new ServerWebExchangeDelegatingServerHttpHeadersWriter( - new ServerWebExchangeMatcherEntry<>(this.matcher, null))) - .withMessage("delegateHeadersWriter cannot be null"); + .isThrownBy(() -> new ServerWebExchangeDelegatingServerHttpHeadersWriter( + new ServerWebExchangeMatcherEntry<>(this.matcher, null))) + .withMessage("delegateHeadersWriter cannot be null"); } @Test public void writeHeadersWhenMatchThenDelegateWriteHttpHeaders() { given(this.matcher.matches(this.exchange)) - .willReturn(ServerWebExchangeMatcher.MatchResult.match(Collections.emptyMap())); + .willReturn(ServerWebExchangeMatcher.MatchResult.match(Collections.emptyMap())); given(this.delegate.writeHttpHeaders(this.exchange)).willReturn(Mono.empty()); this.headerWriter.writeHttpHeaders(this.exchange).block(); verify(this.delegate).writeHttpHeaders(this.exchange); diff --git a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java index 604d20d56d..ee3734181a 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java @@ -35,9 +35,9 @@ import static org.assertj.core.api.Assertions.assertThat; public class StaticServerHttpHeadersWriterTests { StaticServerHttpHeadersWriter writer = StaticServerHttpHeadersWriter.builder() - .header(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, - ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF) - .build(); + .header(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, + ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF) + .build(); ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build()); @@ -47,7 +47,7 @@ public class StaticServerHttpHeadersWriterTests { public void writeHeadersWhenSingleHeaderThenWritesHeader() { this.writer.writeHttpHeaders(this.exchange); assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) - .containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF); + .containsOnly(ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF); } @Test @@ -56,7 +56,7 @@ public class StaticServerHttpHeadersWriterTests { this.headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue); this.writer.writeHttpHeaders(this.exchange); assertThat(this.headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) - .containsOnly(headerValue); + .containsOnly(headerValue); } // gh-10557 @@ -80,15 +80,16 @@ public class StaticServerHttpHeadersWriterTests { @Test public void writeHeadersWhenMultiHeaderThenWritesAllHeaders() { this.writer = StaticServerHttpHeadersWriter.builder() - .header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE) - .header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE) - .header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build(); + .header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE) + .header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE) + .header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE) + .build(); this.writer.writeHttpHeaders(this.exchange); assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)) - .containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE); + .containsOnly(CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE); assertThat(this.headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlServerHttpHeadersWriter.PRAGMA_VALUE); assertThat(this.headers.get(HttpHeaders.EXPIRES)) - .containsOnly(CacheControlServerHttpHeadersWriter.EXPIRES_VALUE); + .containsOnly(CacheControlServerHttpHeadersWriter.EXPIRES_VALUE); } @Test @@ -96,9 +97,10 @@ public class StaticServerHttpHeadersWriterTests { String headerValue = "other"; this.headers.set(HttpHeaders.CACHE_CONTROL, headerValue); this.writer = StaticServerHttpHeadersWriter.builder() - .header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE) - .header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE) - .header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE).build(); + .header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE) + .header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE) + .header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE) + .build(); this.writer.writeHttpHeaders(this.exchange); assertThat(this.headers).hasSize(1); assertThat(this.headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(headerValue); diff --git a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java index 8c9de1d433..617bf5592d 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java @@ -44,7 +44,7 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests { this.writer.writeHttpHeaders(this.exchange); assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) - .containsOnly(XContentTypeOptionsServerHttpHeadersWriter.NOSNIFF); + .containsOnly(XContentTypeOptionsServerHttpHeadersWriter.NOSNIFF); } @Test @@ -54,7 +54,7 @@ public class XContentTypeOptionsServerHttpHeadersWriterTests { this.writer.writeHttpHeaders(this.exchange); assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)) - .containsOnly(headerValue); + .containsOnly(headerValue); } @Test diff --git a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java index 7445810a9f..17ad86f883 100644 --- a/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java @@ -41,7 +41,7 @@ public class XXssProtectionServerHttpHeadersWriterTests { @Test void setHeaderValueNullThenThrowsIllegalArgumentException() { assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setHeaderValue(null)) - .withMessage("headerValue cannot be null"); + .withMessage("headerValue cannot be null"); } @Test @@ -49,7 +49,7 @@ public class XXssProtectionServerHttpHeadersWriterTests { this.writer.writeHttpHeaders(this.exchange); assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)) - .containsOnly("1 ; mode=block"); + .containsOnly("1 ; mode=block"); } @Test @@ -99,7 +99,7 @@ public class XXssProtectionServerHttpHeadersWriterTests { this.writer.writeHttpHeaders(this.exchange); assertThat(this.headers).hasSize(1); assertThat(this.headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)) - .containsOnly("1 ; mode=block"); + .containsOnly("1 ; mode=block"); } } diff --git a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java index 7626e1afb2..c8f8af8688 100644 --- a/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixinTests.java @@ -64,14 +64,14 @@ public class DefaultCsrfServerTokenMixinTests extends AbstractMixinTests { public void defaultCsrfTokenDeserializeWithoutClassTest() throws IOException { String tokenJson = "{\"headerName\": \"csrf-header\", \"parameterName\": \"_csrf\", \"token\": \"1\"}"; assertThatExceptionOfType(JsonMappingException.class) - .isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class)); + .isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class)); } @Test public void defaultCsrfTokenDeserializeNullValuesTest() throws IOException { String tokenJson = "{\"@class\": \"org.springframework.security.web.server.csrf.DefaultCsrfToken\", \"headerName\": \"\", \"parameterName\": null, \"token\": \"1\"}"; assertThatExceptionOfType(JsonMappingException.class) - .isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class)); + .isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class)); } } diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java index eded2e5a9b..ac4b785bac 100644 --- a/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/CookieServerRequestCacheTests.java @@ -43,7 +43,7 @@ public class CookieServerRequestCacheTests { @Test public void saveRequestWhenGetRequestThenRequestUriInCookie() { MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); + .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); MultiValueMap cookies = exchange.getResponse().getCookies(); assertThat(cookies.size()).isEqualTo(1); @@ -51,13 +51,13 @@ public class CookieServerRequestCacheTests { assertThat(cookie).isNotNull(); String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes()); assertThat(cookie.toString()) - .isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax"); + .isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax"); } @Test public void saveRequestWhenGetRequestWithQueryParamsThenRequestUriInCookie() { MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML)); + .from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); MultiValueMap cookies = exchange.getResponse().getCookies(); assertThat(cookies.size()).isEqualTo(1); @@ -65,13 +65,13 @@ public class CookieServerRequestCacheTests { assertThat(cookie).isNotNull(); String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/?key=value".getBytes()); assertThat(cookie.toString()) - .isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax"); + .isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax"); } @Test public void saveRequestWhenGetRequestFaviconThenNoCookie() { MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.get("/favicon.png").accept(MediaType.TEXT_HTML)); + .from(MockServerHttpRequest.get("/favicon.png").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); MultiValueMap cookies = exchange.getResponse().getCookies(); assertThat(cookies).isEmpty(); @@ -95,14 +95,15 @@ public class CookieServerRequestCacheTests { assertThat(cookie).isNotNull(); String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes()); assertThat(cookie.toString()) - .isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax"); + .isEqualTo("REDIRECT_URI=" + encodedRedirectUrl + "; Path=/; HttpOnly; SameSite=Lax"); } @Test public void getRedirectUriWhenCookieThenReturnsRedirectUriFromCookie() { String encodedRedirectUrl = Base64.getEncoder().encodeToString("/secured/".getBytes()); MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/") - .accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", encodedRedirectUrl))); + .accept(MediaType.TEXT_HTML) + .cookie(new HttpCookie("REDIRECT_URI", encodedRedirectUrl))); URI redirectUri = this.cache.getRedirectUri(exchange).block(); assertThat(redirectUri).isEqualTo(URI.create("/secured/")); } @@ -110,7 +111,8 @@ public class CookieServerRequestCacheTests { @Test public void getRedirectUriWhenCookieValueNotEncodedThenRedirectUriIsNull() { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/") - .accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", "/secured/"))); + .accept(MediaType.TEXT_HTML) + .cookie(new HttpCookie("REDIRECT_URI", "/secured/"))); URI redirectUri = this.cache.getRedirectUri(exchange).block(); assertThat(redirectUri).isNull(); } @@ -118,7 +120,7 @@ public class CookieServerRequestCacheTests { @Test public void getRedirectUriWhenNoCookieThenRedirectUriIsNull() { MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); + .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); URI redirectUri = this.cache.getRedirectUri(exchange).block(); assertThat(redirectUri).isNull(); } @@ -126,7 +128,8 @@ public class CookieServerRequestCacheTests { @Test public void removeMatchingRequestThenRedirectUriCookieExpired() { MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/") - .accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", "/secured/"))); + .accept(MediaType.TEXT_HTML) + .cookie(new HttpCookie("REDIRECT_URI", "/secured/"))); this.cache.removeMatchingRequest(exchange).block(); MultiValueMap cookies = exchange.getResponse().getCookies(); ResponseCookie cookie = cookies.getFirst("REDIRECT_URI"); diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java index 611bb3da1b..54ba82052f 100644 --- a/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilterTests.java @@ -68,7 +68,8 @@ public class ServerRequestCacheWebFilterTests { public void filterWhenRequestMatchesThenRequestUpdated() { ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/")); ServerHttpRequest savedRequest = MockServerHttpRequest.get("/") - .header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML.getType()).build(); + .header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML.getType()) + .build(); given(this.requestCache.removeMatchingRequest(any())).willReturn(Mono.just(savedRequest)); this.requestCacheFilter.filter(exchange, this.chain).block(); verify(this.chain).filter(this.exchangeCaptor.capture()); diff --git a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java index 4fb099f79f..fa2b1eaa8e 100644 --- a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java +++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java @@ -44,7 +44,7 @@ public class WebSessionServerRequestCacheTests { @Test public void saveRequestGetRequestWhenGetThenFound() { MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); + .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); URI saved = this.cache.getRedirectUri(exchange).block(); assertThat(saved).isEqualTo(exchange.getRequest().getURI()); @@ -53,7 +53,7 @@ public class WebSessionServerRequestCacheTests { @Test public void saveRequestGetRequestWithQueryParamsWhenGetThenFound() { MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML)); + .from(MockServerHttpRequest.get("/secured/").queryParam("key", "value").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); URI saved = this.cache.getRedirectUri(exchange).block(); assertThat(saved).isEqualTo(exchange.getRequest().getURI()); @@ -62,7 +62,7 @@ public class WebSessionServerRequestCacheTests { @Test public void saveRequestGetRequestWhenFaviconThenNotFound() { MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.get("/favicon.png").accept(MediaType.TEXT_HTML)); + .from(MockServerHttpRequest.get("/favicon.png").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); URI saved = this.cache.getRedirectUri(exchange).block(); assertThat(saved).isNull(); @@ -87,7 +87,7 @@ public class WebSessionServerRequestCacheTests { @Test public void saveRequestRemoveRequestWhenThenFound() { MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); + .from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML)); this.cache.saveRequest(exchange).block(); ServerHttpRequest saved = this.cache.removeMatchingRequest(exchange).block(); assertThat(saved.getURI()).isEqualTo(exchange.getRequest().getURI()); diff --git a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java index 38dc442cb4..59b2258c58 100644 --- a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java @@ -79,7 +79,7 @@ public class HttpsRedirectWebFilterTests { given(this.chain.filter(any(ServerWebExchange.class))).willReturn(Mono.empty()); ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class); given(matcher.matches(any(ServerWebExchange.class))) - .willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); + .willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); this.filter.setRequiresHttpsRedirectMatcher(matcher); ServerWebExchange exchange = get("http://localhost:8080"); this.filter.filter(exchange, this.chain).block(); diff --git a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java index 13932fd488..731097013b 100644 --- a/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilterTests.java @@ -31,7 +31,7 @@ public class LoginPageGeneratingWebFilterTests { LoginPageGeneratingWebFilter filter = new LoginPageGeneratingWebFilter(); filter.setFormLoginEnabled(true); MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.get("/test/login").contextPath("/test")); + .from(MockServerHttpRequest.get("/test/login").contextPath("/test")); filter.filter(exchange, (e) -> Mono.empty()).block(); assertThat(exchange.getResponse().getBodyAsString().block()).contains("action=\"/test/login\""); } diff --git a/web/src/test/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilterTests.java index 431d18a5a6..bb2feb3e98 100644 --- a/web/src/test/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilterTests.java @@ -30,7 +30,7 @@ public class LogoutPageGeneratingWebFilterTests { public void filterWhenLogoutWithContextPathThenActionContainsContextPath() throws Exception { LogoutPageGeneratingWebFilter filter = new LogoutPageGeneratingWebFilter(); MockServerWebExchange exchange = MockServerWebExchange - .from(MockServerHttpRequest.get("/test/logout").contextPath("/test")); + .from(MockServerHttpRequest.get("/test/logout").contextPath("/test")); filter.filter(exchange, (e) -> Mono.empty()).block(); assertThat(exchange.getResponse().getBodyAsString().block()).contains("action=\"/test/logout\""); } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/IpAddressServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/IpAddressServerWebExchangeMatcherTests.java index 4740728ab1..167993dd53 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/IpAddressServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/IpAddressServerWebExchangeMatcherTests.java @@ -43,7 +43,8 @@ public class IpAddressServerWebExchangeMatcherTests { public void matchesWhenIpv6RangeAndIpv6AddressThenTrue() throws UnknownHostException { ServerWebExchange ipv6Exchange = exchange("fe80::21f:5bff:fe33:bd68"); ServerWebExchangeMatcher.MatchResult matches = new IpAddressServerWebExchangeMatcher("fe80::21f:5bff:fe33:bd68") - .matches(ipv6Exchange).block(); + .matches(ipv6Exchange) + .block(); assertThat(matches.isMatch()).isTrue(); } @@ -51,7 +52,8 @@ public class IpAddressServerWebExchangeMatcherTests { public void matchesWhenIpv6RangeAndIpv4AddressThenFalse() throws UnknownHostException { ServerWebExchange ipv4Exchange = exchange("192.168.1.104"); ServerWebExchangeMatcher.MatchResult matches = new IpAddressServerWebExchangeMatcher("fe80::21f:5bff:fe33:bd68") - .matches(ipv4Exchange).block(); + .matches(ipv4Exchange) + .block(); assertThat(matches.isMatch()).isFalse(); } @@ -59,7 +61,8 @@ public class IpAddressServerWebExchangeMatcherTests { public void matchesWhenIpv4RangeAndIpv4AddressThenTrue() throws UnknownHostException { ServerWebExchange ipv4Exchange = exchange("192.168.1.104"); ServerWebExchangeMatcher.MatchResult matches = new IpAddressServerWebExchangeMatcher("192.168.1.104") - .matches(ipv4Exchange).block(); + .matches(ipv4Exchange) + .block(); assertThat(matches.isMatch()).isTrue(); } @@ -105,7 +108,8 @@ public class IpAddressServerWebExchangeMatcherTests { public void matchesWhenIpv4UnresolvedThenTrue() throws UnknownHostException { ServerWebExchange ipv4Exchange = exchange("192.168.1.104", true); ServerWebExchangeMatcher.MatchResult matches = new IpAddressServerWebExchangeMatcher("192.168.1.104") - .matches(ipv4Exchange).block(); + .matches(ipv4Exchange) + .block(); assertThat(matches.isMatch()).isTrue(); } @@ -113,7 +117,8 @@ public class IpAddressServerWebExchangeMatcherTests { public void matchesWhenIpv6UnresolvedThenTrue() throws UnknownHostException { ServerWebExchange ipv6Exchange = exchange("fe80::21f:5bff:fe33:bd68", true); ServerWebExchangeMatcher.MatchResult matches = new IpAddressServerWebExchangeMatcher("fe80::21f:5bff:fe33:bd68") - .matches(ipv6Exchange).block(); + .matches(ipv6Exchange) + .block(); assertThat(matches.isMatch()).isTrue(); } @@ -121,17 +126,17 @@ public class IpAddressServerWebExchangeMatcherTests { public void constructorWhenIpv4AddressMaskTooLongThenIllegalArgumentException() { String ipv4AddressWithTooLongMask = "192.168.1.104/33"; assertThatIllegalArgumentException() - .isThrownBy(() -> new IpAddressServerWebExchangeMatcher(ipv4AddressWithTooLongMask)) - .withMessage(String.format("IP address %s is too short for bitmask of length %d", "192.168.1.104", 33)); + .isThrownBy(() -> new IpAddressServerWebExchangeMatcher(ipv4AddressWithTooLongMask)) + .withMessage(String.format("IP address %s is too short for bitmask of length %d", "192.168.1.104", 33)); } @Test public void constructorWhenIpv6AddressMaskTooLongThenIllegalArgumentException() { String ipv6AddressWithTooLongMask = "fe80::21f:5bff:fe33:bd68/129"; assertThatIllegalArgumentException() - .isThrownBy(() -> new IpAddressServerWebExchangeMatcher(ipv6AddressWithTooLongMask)) - .withMessage(String.format("IP address %s is too short for bitmask of length %d", - "fe80::21f:5bff:fe33:bd68", 129)); + .isThrownBy(() -> new IpAddressServerWebExchangeMatcher(ipv6AddressWithTooLongMask)) + .withMessage(String.format("IP address %s is too short for bitmask of length %d", + "fe80::21f:5bff:fe33:bd68", 129)); } private static ServerWebExchange exchange(String ipAddress) throws UnknownHostException { @@ -139,10 +144,11 @@ public class IpAddressServerWebExchangeMatcherTests { } private static ServerWebExchange exchange(String ipAddress, boolean unresolved) throws UnknownHostException { - return MockServerWebExchange.builder(MockServerHttpRequest.get("/") + return MockServerWebExchange + .builder(MockServerHttpRequest.get("/") .remoteAddress(unresolved ? InetSocketAddress.createUnresolved(ipAddress, 8080) : new InetSocketAddress(InetAddress.getByName(ipAddress), 8080))) - .build(); + .build(); } } diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java index 1f33fe4b67..7e1b74c971 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcherTests.java @@ -69,13 +69,13 @@ public class PathMatcherServerWebExchangeMatcherTests { @Test public void constructorPatternWhenPatternNullThenThrowsException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new PathPatternParserServerWebExchangeMatcher((PathPattern) null)); + .isThrownBy(() -> new PathPatternParserServerWebExchangeMatcher((PathPattern) null)); } @Test public void constructorPatternAndMethodWhenPatternNullThenThrowsException() { assertThatIllegalArgumentException() - .isThrownBy(() -> new PathPatternParserServerWebExchangeMatcher((PathPattern) null, HttpMethod.GET)); + .isThrownBy(() -> new PathPatternParserServerWebExchangeMatcher((PathPattern) null, HttpMethod.GET)); } @Test diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java index 38631ae9c4..f5dcf5a638 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java @@ -43,26 +43,26 @@ public class ServerWebExchangeMatchersTests { @Test public void pathMatchersWhenSingleAndSamePatternAndMethodThenMatches() { assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/").matches(this.exchange).block().isMatch()) - .isTrue(); + .isTrue(); } @Test public void pathMatchersWhenSingleAndSamePatternAndDiffMethodThenDoesNotMatch() { assertThat( ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/").matches(this.exchange).block().isMatch()) - .isFalse(); + .isFalse(); } @Test public void pathMatchersWhenSingleAndDifferentPatternThenDoesNotMatch() { assertThat(ServerWebExchangeMatchers.pathMatchers("/foobar").matches(this.exchange).block().isMatch()) - .isFalse(); + .isFalse(); } @Test public void pathMatchersWhenMultiThenMatches() { assertThat(ServerWebExchangeMatchers.pathMatchers("/foobar", "/").matches(this.exchange).block().isMatch()) - .isTrue(); + .isTrue(); } @Test diff --git a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java index b01a5cf6db..336c1545a4 100644 --- a/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java +++ b/web/src/test/java/org/springframework/security/web/servlet/support/csrf/CsrfRequestDataValueProcessorTests.java @@ -60,8 +60,8 @@ public class CsrfRequestDataValueProcessorTests { for (Method expected : expectedMethods) { assertThat(ReflectionUtils.findMethod(CsrfRequestDataValueProcessor.class, expected.getName(), expected.getParameterTypes())) - .as("Expected to find " + expected + " defined on " + CsrfRequestDataValueProcessor.class) - .isNotNull(); + .as("Expected to find " + expected + " defined on " + CsrfRequestDataValueProcessor.class) + .isNotNull(); } } diff --git a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java index 8c9504ffb9..047f42604c 100644 --- a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java @@ -194,7 +194,7 @@ public class MvcRequestMatcherTests { @Test public void matchesGetMatchableHandlerMappingThrows() throws Exception { given(this.introspector.getMatchableHandlerMapping(this.request)) - .willThrow(new HttpRequestMethodNotSupportedException(this.request.getMethod())); + .willThrow(new HttpRequestMethodNotSupportedException(this.request.getMethod())); assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -249,7 +249,7 @@ public class MvcRequestMatcherTests { @Test public void builderWhenServletPathThenServletPathPresent() { MvcRequestMatcher matcher = new MvcRequestMatcher.Builder(this.introspector).servletPath("/path") - .pattern("/endpoint"); + .pattern("/endpoint"); assertThat(matcher.getServletPath()).isEqualTo("/path"); assertThat(ReflectionTestUtils.getField(matcher, "pattern")).isEqualTo("/endpoint"); assertThat(ReflectionTestUtils.getField(matcher, "method")).isNull(); diff --git a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java index 33019fdbec..f621f3cade 100644 --- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java @@ -136,7 +136,7 @@ public class SecurityContextHolderAwareRequestFilterTests { @Test public void authenticateTrue() throws Exception { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("test", "password", "ROLE_USER")); + .setAuthentication(new TestingAuthenticationToken("test", "password", "ROLE_USER")); assertThat(wrappedRequest().authenticate(this.response)).isTrue(); verifyNoMoreInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); verify(this.request, times(0)).authenticate(any(HttpServletResponse.class)); @@ -165,7 +165,7 @@ public class SecurityContextHolderAwareRequestFilterTests { public void login() throws Exception { TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER"); given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class))) - .willReturn(expectedAuth); + .willReturn(expectedAuth); wrappedRequest().login(expectedAuth.getName(), String.valueOf(expectedAuth.getCredentials())); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expectedAuth); verifyNoMoreInteractions(this.authenticationEntryPoint, this.logoutHandler); @@ -188,9 +188,10 @@ public class SecurityContextHolderAwareRequestFilterTests { public void loginFail() throws Exception { AuthenticationException authException = new BadCredentialsException("Invalid"); given(this.authenticationManager.authenticate(any(UsernamePasswordAuthenticationToken.class))) - .willThrow(authException); + .willThrow(authException); assertThatExceptionOfType(ServletException.class) - .isThrownBy(() -> wrappedRequest().login("invalid", "credentials")).withCause(authException); + .isThrownBy(() -> wrappedRequest().login("invalid", "credentials")) + .withCause(authException); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); verifyNoMoreInteractions(this.authenticationEntryPoint, this.logoutHandler); verify(this.request, times(0)).login(anyString(), anyString()); @@ -216,7 +217,7 @@ public class SecurityContextHolderAwareRequestFilterTests { ServletException authException = new ServletException("Failed Login"); willThrow(authException).given(this.request).login(username, password); assertThatExceptionOfType(ServletException.class).isThrownBy(() -> wrappedRequest().login(username, password)) - .isEqualTo(authException); + .isEqualTo(authException); verifyNoMoreInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler); } @@ -230,7 +231,7 @@ public class SecurityContextHolderAwareRequestFilterTests { wrappedRequest().login("username", "password"); ArgumentCaptor authenticationCaptor = ArgumentCaptor - .forClass(UsernamePasswordAuthenticationToken.class); + .forClass(UsernamePasswordAuthenticationToken.class); verify(this.authenticationManager).authenticate(authenticationCaptor.capture()); UsernamePasswordAuthenticationToken authenticationRequest = authenticationCaptor.getValue(); @@ -282,7 +283,7 @@ public class SecurityContextHolderAwareRequestFilterTests { verifyNoMoreInteractions(this.authenticationManager, this.logoutHandler); verify(asyncContext).start(runnableCaptor.capture()); DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor - .getValue(); + .getValue(); assertThat(ReflectionTestUtils.getField(wrappedRunnable, "delegateSecurityContext")).isEqualTo(context); assertThat(ReflectionTestUtils.getField(wrappedRunnable, "delegate")); } @@ -302,7 +303,7 @@ public class SecurityContextHolderAwareRequestFilterTests { verifyNoMoreInteractions(this.authenticationManager, this.logoutHandler); verify(asyncContext).start(runnableCaptor.capture()); DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor - .getValue(); + .getValue(); assertThat(ReflectionTestUtils.getField(wrappedRunnable, "delegateSecurityContext")).isEqualTo(context); assertThat(ReflectionTestUtils.getField(wrappedRunnable, "delegate")); } @@ -322,7 +323,7 @@ public class SecurityContextHolderAwareRequestFilterTests { verifyNoMoreInteractions(this.authenticationManager, this.logoutHandler); verify(asyncContext).start(runnableCaptor.capture()); DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor - .getValue(); + .getValue(); assertThat(ReflectionTestUtils.getField(wrappedRunnable, "delegateSecurityContext")).isEqualTo(context); assertThat(ReflectionTestUtils.getField(wrappedRunnable, "delegate")); } @@ -331,7 +332,7 @@ public class SecurityContextHolderAwareRequestFilterTests { @Test public void updateRequestFactory() throws Exception { SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("user", "password", "PREFIX_USER")); + .setAuthentication(new TestingAuthenticationToken("user", "password", "PREFIX_USER")); this.filter.setRolePrefix("PREFIX_"); assertThat(wrappedRequest().isUserInRole("PREFIX_USER")).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java index dd5fafd4eb..fa0decc428 100644 --- a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java @@ -117,8 +117,8 @@ public class SessionManagementFilterTests { FilterChain fc = mock(FilterChain.class); authenticateUser(); SessionAuthenticationException exception = new SessionAuthenticationException("Failure"); - willThrow(exception).given(strategy).onAuthentication(SecurityContextHolder.getContext().getAuthentication(), - request, response); + willThrow(exception).given(strategy) + .onAuthentication(SecurityContextHolder.getContext().getAuthentication(), request, response); filter.doFilter(request, response, fc); verifyNoMoreInteractions(fc); verify(failureHandler).onAuthenticationFailure(request, response, exception); diff --git a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java index 4714930e0f..87287d804f 100644 --- a/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java +++ b/web/src/test/java/org/springframework/security/web/util/ThrowableAnalyzerTests.java @@ -98,9 +98,9 @@ public class ThrowableAnalyzerTests { for (int j = 0; j < i; ++j) { Class prevClazz = registeredTypes[j]; assertThat(prevClazz.isAssignableFrom(clazz)) - .withFailMessage( - "Unexpected order of registered classes: " + prevClazz + " is assignable from " + clazz) - .isFalse(); + .withFailMessage( + "Unexpected order of registered classes: " + prevClazz + " is assignable from " + clazz) + .isFalse(); } } } @@ -117,7 +117,7 @@ public class ThrowableAnalyzerTests { } }; assertThat(analyzer.getRegisteredTypes().length).withFailMessage("Unexpected number of registered types") - .isZero(); + .isZero(); Throwable t = this.testTrace[0]; Throwable[] chain = analyzer.determineCauseChain(t); // Without extractors only the root throwable is available @@ -129,7 +129,7 @@ public class ThrowableAnalyzerTests { public void testDetermineCauseChainWithDefaultExtractors() { ThrowableAnalyzer analyzer = this.standardAnalyzer; assertThat(analyzer.getRegisteredTypes().length).withFailMessage("Unexpected number of registered types") - .isEqualTo(2); + .isEqualTo(2); Throwable[] chain = analyzer.determineCauseChain(this.testTrace[0]); // Element at index 2 is a NonStandardException which cannot be analyzed further // by default @@ -193,14 +193,14 @@ public class ThrowableAnalyzerTests { @Test public void testVerifyThrowableHierarchyWithNull() { assertThatIllegalArgumentException() - .isThrownBy(() -> ThrowableAnalyzer.verifyThrowableHierarchy(null, Throwable.class)); + .isThrownBy(() -> ThrowableAnalyzer.verifyThrowableHierarchy(null, Throwable.class)); } @Test public void testVerifyThrowableHierarchyWithNonmatchingType() { Throwable throwable = new IllegalStateException("Test"); - assertThatIllegalArgumentException().isThrownBy( - () -> ThrowableAnalyzer.verifyThrowableHierarchy(throwable, InvocationTargetException.class)); + assertThatIllegalArgumentException() + .isThrownBy(() -> ThrowableAnalyzer.verifyThrowableHierarchy(throwable, InvocationTargetException.class)); } /** diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java index 99b641580b..29b0745675 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java @@ -90,13 +90,13 @@ public class AndRequestMatcherTests { @Test public void constructorListContainsNull() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AndRequestMatcher(Arrays.asList((RequestMatcher) null))); + .isThrownBy(() -> new AndRequestMatcher(Arrays.asList((RequestMatcher) null))); } @Test public void constructorEmptyList() { assertThatIllegalArgumentException() - .isThrownBy(() -> new AndRequestMatcher(Collections.emptyList())); + .isThrownBy(() -> new AndRequestMatcher(Collections.emptyList())); } @Test diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java index 6b8db3d5d1..5915c9b1f1 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java @@ -183,7 +183,7 @@ public class AntPathRequestMatcherTests { assertThat(new AntPathRequestMatcher("/xyz")).isNotEqualTo(new AntPathRequestMatcher("/xxx")); assertThat(new AntPathRequestMatcher("/xyz").equals(AnyRequestMatcher.INSTANCE)).isFalse(); assertThat(new AntPathRequestMatcher("/xyz", "GET", false)) - .isNotEqualTo(new AntPathRequestMatcher("/xyz", "GET", true)); + .isNotEqualTo(new AntPathRequestMatcher("/xyz", "GET", true)); } @Test @@ -231,13 +231,13 @@ public class AntPathRequestMatcherTests { @Test public void staticAntMatcherWhenMethodNullThenException() { assertThatIllegalArgumentException().isThrownBy(() -> antMatcher((HttpMethod) null)) - .withMessage("method cannot be null"); + .withMessage("method cannot be null"); } @Test public void staticAntMatcherWhenPatternNullThenException() { assertThatIllegalArgumentException().isThrownBy(() -> antMatcher((String) null)) - .withMessage("pattern cannot be empty"); + .withMessage("pattern cannot be empty"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java index 1000f31853..0362917be1 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java @@ -93,7 +93,7 @@ public class IpAddressMatcherTests { public void ipv4RequiredAddressMaskTooLongThenIllegalArgumentException() { String ipv4AddressWithTooLongMask = "192.168.1.104/33"; assertThatIllegalArgumentException().isThrownBy(() -> new IpAddressMatcher(ipv4AddressWithTooLongMask)) - .withMessage(String.format("IP address %s is too short for bitmask of length %d", "192.168.1.104", 33)); + .withMessage(String.format("IP address %s is too short for bitmask of length %d", "192.168.1.104", 33)); } // SEC-2576 @@ -101,8 +101,8 @@ public class IpAddressMatcherTests { public void ipv6RequiredAddressMaskTooLongThenIllegalArgumentException() { String ipv6AddressWithTooLongMask = "fe80::21f:5bff:fe33:bd68/129"; assertThatIllegalArgumentException().isThrownBy(() -> new IpAddressMatcher(ipv6AddressWithTooLongMask)) - .withMessage(String.format("IP address %s is too short for bitmask of length %d", - "fe80::21f:5bff:fe33:bd68", 129)); + .withMessage(String.format("IP address %s is too short for bitmask of length %d", + "fe80::21f:5bff:fe33:bd68", 129)); } } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java index 2a022318ab..6267e81e32 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/MediaTypeRequestMatcherTests.java @@ -65,7 +65,7 @@ public class MediaTypeRequestMatcherTests { @Test public void constructorNullCNSSet() { assertThatIllegalArgumentException() - .isThrownBy(() -> new MediaTypeRequestMatcher(null, Collections.singleton(MediaType.ALL))); + .isThrownBy(() -> new MediaTypeRequestMatcher(null, Collections.singleton(MediaType.ALL))); } @Test @@ -77,7 +77,7 @@ public class MediaTypeRequestMatcherTests { public void constructorNullMediaTypes() { Collection mediaTypes = null; assertThatIllegalArgumentException() - .isThrownBy(() -> new MediaTypeRequestMatcher(this.negotiationStrategy, mediaTypes)); + .isThrownBy(() -> new MediaTypeRequestMatcher(this.negotiationStrategy, mediaTypes)); } @Test @@ -94,13 +94,13 @@ public class MediaTypeRequestMatcherTests { @Test public void constructorWhenEmptyMediaTypeCollectionThenIAE() { assertThatIllegalArgumentException() - .isThrownBy(() -> new MediaTypeRequestMatcher(Collections.emptyList())); + .isThrownBy(() -> new MediaTypeRequestMatcher(Collections.emptyList())); } @Test public void negotiationStrategyThrowsHMTNAE() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) - .willThrow(new HttpMediaTypeNotAcceptableException("oops")); + .willThrow(new HttpMediaTypeNotAcceptableException("oops")); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.ALL); assertThat(this.matcher.matches(this.request)).isFalse(); } @@ -108,7 +108,7 @@ public class MediaTypeRequestMatcherTests { @Test public void mediaAllMatches() throws Exception { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) - .willReturn(Arrays.asList(MediaType.ALL)); + .willReturn(Arrays.asList(MediaType.ALL)); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); assertThat(this.matcher.matches(this.request)).isTrue(); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_XHTML_XML); @@ -190,7 +190,7 @@ public class MediaTypeRequestMatcherTests { @Test public void multipleMediaType() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) - .willReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.APPLICATION_XHTML_XML, MediaType.TEXT_HTML)); + .willReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.APPLICATION_XHTML_XML, MediaType.TEXT_HTML)); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.APPLICATION_ATOM_XML, MediaType.TEXT_HTML); assertThat(this.matcher.matches(this.request)).isTrue(); @@ -205,7 +205,7 @@ public class MediaTypeRequestMatcherTests { @Test public void resolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) - .willReturn(Arrays.asList(MediaType.TEXT_PLAIN)); + .willReturn(Arrays.asList(MediaType.TEXT_PLAIN)); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "*")); assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -220,7 +220,7 @@ public class MediaTypeRequestMatcherTests { @Test public void resolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) - .willReturn(Arrays.asList(new MediaType("text", "*"))); + .willReturn(Arrays.asList(new MediaType("text", "*"))); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN); assertThat(this.matcher.matches(this.request)).isTrue(); } @@ -236,7 +236,7 @@ public class MediaTypeRequestMatcherTests { @Test public void useEqualsResolveTextAllMatchesTextPlain() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) - .willReturn(Arrays.asList(new MediaType("text", "*"))); + .willReturn(Arrays.asList(new MediaType("text", "*"))); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isFalse(); @@ -253,7 +253,7 @@ public class MediaTypeRequestMatcherTests { @Test public void useEqualsResolveTextPlainMatchesTextAll() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) - .willReturn(Arrays.asList(MediaType.TEXT_PLAIN)); + .willReturn(Arrays.asList(MediaType.TEXT_PLAIN)); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "*")); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isFalse(); @@ -270,7 +270,7 @@ public class MediaTypeRequestMatcherTests { @Test public void useEqualsSame() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) - .willReturn(Arrays.asList(MediaType.TEXT_PLAIN)); + .willReturn(Arrays.asList(MediaType.TEXT_PLAIN)); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_PLAIN); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isTrue(); @@ -287,7 +287,7 @@ public class MediaTypeRequestMatcherTests { @Test public void useEqualsWithCustomMediaType() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) - .willReturn(Arrays.asList(new MediaType("text", "unique"))); + .willReturn(Arrays.asList(new MediaType("text", "unique"))); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, new MediaType("text", "unique")); this.matcher.setUseEquals(true); assertThat(this.matcher.matches(this.request)).isTrue(); @@ -305,7 +305,7 @@ public class MediaTypeRequestMatcherTests { @Test public void mediaAllIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) - .willReturn(Arrays.asList(MediaType.ALL)); + .willReturn(Arrays.asList(MediaType.ALL)); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); assertThat(this.matcher.matches(this.request)).isFalse(); @@ -322,7 +322,7 @@ public class MediaTypeRequestMatcherTests { @Test public void mediaAllAndTextHtmlIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) - .willReturn(Arrays.asList(MediaType.ALL, MediaType.TEXT_HTML)); + .willReturn(Arrays.asList(MediaType.ALL, MediaType.TEXT_HTML)); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); assertThat(this.matcher.matches(this.request)).isTrue(); @@ -339,7 +339,7 @@ public class MediaTypeRequestMatcherTests { @Test public void mediaAllQ08AndTextPlainIgnoreMediaTypeAll() throws HttpMediaTypeNotAcceptableException { given(this.negotiationStrategy.resolveMediaTypes(any(NativeWebRequest.class))) - .willReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.parseMediaType("*/*;q=0.8"))); + .willReturn(Arrays.asList(MediaType.TEXT_PLAIN, MediaType.parseMediaType("*/*;q=0.8"))); this.matcher = new MediaTypeRequestMatcher(this.negotiationStrategy, MediaType.TEXT_HTML); this.matcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); assertThat(this.matcher.matches(this.request)).isFalse(); diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java index 02f41fbc2f..66b3724dc3 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java @@ -91,13 +91,13 @@ public class OrRequestMatcherTests { @Test public void constructorListContainsNull() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OrRequestMatcher(Arrays.asList((RequestMatcher) null))); + .isThrownBy(() -> new OrRequestMatcher(Arrays.asList((RequestMatcher) null))); } @Test public void constructorEmptyList() { assertThatIllegalArgumentException() - .isThrownBy(() -> new OrRequestMatcher(Collections.emptyList())); + .isThrownBy(() -> new OrRequestMatcher(Collections.emptyList())); } @Test diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java index b49abdf605..d65c9dcba5 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java @@ -157,13 +157,13 @@ public class RegexRequestMatcherTests { @Test public void staticRegexMatcherWhenNoPatternThenException() { assertThatIllegalArgumentException().isThrownBy(() -> regexMatcher((String) null)) - .withMessage("pattern cannot be empty"); + .withMessage("pattern cannot be empty"); } @Test public void staticRegexMatcherNoMethodThenException() { assertThatIllegalArgumentException().isThrownBy(() -> regexMatcher((HttpMethod) null)) - .withMessage("method cannot be null"); + .withMessage("method cannot be null"); } private HttpServletRequest createRequestWithNullMethod(String path) {