Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Polish tests and javadoc 

When using AssertJ, it's easy to commit the following error

assertThat(some boolean condition)

The above actually does nothing. It at least needs to be

assertThat(some boolean condition).isTrue()

This commit refines some assertions that were missing a verify
condition.

Also, one Javadoc was just a little bit confusing, so this
clarifies it.

Issue: gh-6259
This commit is contained in:
Josh Cummings 2018-12-20 14:53:52 -07:00
parent 086b105273
commit 7a55af246e
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
4 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
View File

@ -96,8 +96,8 @@ public class SessionManagementConfigurerServlet31Tests {
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(!request.getSession().getId().equals(id));
assertThat(request.getSession().getAttribute("attribute1").equals("value1"));
assertThat(request.getSession().getId()).isNotEqualTo(id);
assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1");
}
@EnableWebSecurity

6
config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
View File

@ -99,8 +99,8 @@ public class SessionManagementConfigServlet31Tests {
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(!request.getSession().getId().equals(id));
assertThat(request.getSession().getAttribute("attribute1").equals("value1"));
assertThat(request.getSession().getId()).isNotEqualTo(id);
assertThat(request.getSession().getAttribute("attribute1")).isEqualTo("value1");
}
@Test
@ -123,7 +123,7 @@ public class SessionManagementConfigServlet31Tests {
springSecurityFilterChain.doFilter(request, response, chain);
assertThat(!request.getSession().getId().equals(id));
assertThat(request.getSession().getId()).isNotEqualTo(id);
}

4
web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
View File

@ -24,8 +24,8 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
/**
* The implementation of {@link SessionAuthenticationStrategy} when using <
* Servlet 3.1.
* Uses {@code HttpServletRequest.invalidate()} to protect against session fixation
* attacks.
* <p>
* Creates a new session for the newly authenticated user if they already have a session
* (as a defence against session-fixation protection attacks), and copies their session

10
web/src/test/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategyTests.java
View File

@ -15,12 +15,14 @@
*/
package org.springframework.security.web.authentication.session;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.powermock.modules.junit4.PowerMockRunner;
import org.springframework.mock.web.MockHttpServletRequest;
import static org.assertj.core.api.Assertions.assertThat;
/**
* @author Rob Winch
*
@ -32,9 +34,7 @@ public class ChangeSessionIdAuthenticationStrategyTests {
public void applySessionFixation() {
MockHttpServletRequest request = new MockHttpServletRequest();
String id = request.getSession().getId();
new ChangeSessionIdAuthenticationStrategy().applySessionFixation(request);
Assert.assertNotEquals(id, request.getSession().getId());
new ChangeSessionIdAuthenticationStrategy().applySessionFixation(request);
assertThat(request.getSession().getId()).isNotEqualTo(id);
}
}