diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.groovy deleted file mode 100644 index ac91a0f09b..0000000000 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.groovy +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright 2002-2013 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.springframework.security.config.annotation.web.configurers; - -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.context.annotation.Bean -import org.springframework.context.annotation.Configuration -import org.springframework.security.access.AccessDecisionManager -import org.springframework.security.access.AccessDeniedException; -import org.springframework.security.access.ConfigAttribute -import org.springframework.security.authentication.AnonymousAuthenticationToken -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.config.annotation.BaseSpringSpec -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.authority.AuthorityUtils; -import org.springframework.security.web.AuthenticationEntryPoint -import org.springframework.security.web.FilterInvocation -import org.springframework.security.web.access.AccessDeniedHandler; -import org.springframework.security.web.access.AccessDeniedHandlerImpl; -import org.springframework.security.web.access.ExceptionTranslationFilter -import org.springframework.security.web.access.intercept.FilterSecurityInterceptor -import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; -import org.springframework.security.web.authentication.AnonymousAuthenticationFilter; -import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; -import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; -import org.springframework.security.web.context.HttpSessionSecurityContextRepository; -import org.springframework.security.web.context.NullSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextPersistenceFilter -import org.springframework.security.web.debug.DebugFilter; -import org.springframework.security.web.jaasapi.JaasApiIntegrationFilter; -import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher -import org.springframework.security.web.util.matcher.AnyRequestMatcher; -import org.springframework.security.web.util.matcher.RequestMatcher - -import spock.lang.Ignore; - -/** - * Tests to verify that all the functionality of attributes is present - * - * @author Rob Winch - * - */ -public class NamespaceDebugTests extends BaseSpringSpec { - def "debug=true"() { - when: "Load configuraiton with debug enabled" - loadConfig(DebugWebSecurity) - then: "The DebugFilter is present" - context.getBean("springSecurityFilterChain").class == DebugFilter - } - - @EnableWebSecurity(debug=true) - static class DebugWebSecurity extends WebSecurityConfigurerAdapter { - } -} diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java new file mode 100644 index 0000000000..b276f53e6b --- /dev/null +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.java @@ -0,0 +1,91 @@ +/* + * Copyright 2002-2019 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.config.annotation.web.configurers; + +import ch.qos.logback.classic.Level; +import ch.qos.logback.classic.Logger; +import ch.qos.logback.classic.spi.ILoggingEvent; +import ch.qos.logback.core.Appender; +import org.junit.Rule; +import org.junit.Test; +import org.slf4j.LoggerFactory; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.test.SpringTestRule; +import org.springframework.security.web.debug.DebugFilter; +import org.springframework.test.web.servlet.MockMvc; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.atLeastOnce; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.verify; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; + +/** + * Tests to verify {@code EnableWebSecurity(debug)} functionality + * + * @author Rob Winch + * @author Josh Cummings + */ +public class NamespaceDebugTests { + @Rule + public final SpringTestRule spring = new SpringTestRule(); + + @Autowired + MockMvc mvc; + + @Test + public void requestWhenDebugSetToTrueThenLogsDebugInformation() throws Exception { + Appender appender = mockAppenderFor("Spring Security Debugger"); + this.spring.register(DebugWebSecurity.class).autowire(); + this.mvc.perform(get("/")); + assertThat(filterChainClass()).isEqualTo(DebugFilter.class); + verify(appender, atLeastOnce()).doAppend(any(ILoggingEvent.class)); + } + + @EnableWebSecurity(debug=true) + static class DebugWebSecurity extends WebSecurityConfigurerAdapter { + } + + @Test + public void requestWhenDebugSetToFalseThenDoesNotLogDebugInformation() throws Exception { + Appender appender = mockAppenderFor("Spring Security Debugger"); + this.spring.register(NoDebugWebSecurity.class).autowire(); + this.mvc.perform(get("/")); + assertThat(filterChainClass()).isNotEqualTo(DebugFilter.class); + verify(appender, never()).doAppend(any(ILoggingEvent.class)); + } + + @EnableWebSecurity + static class NoDebugWebSecurity extends WebSecurityConfigurerAdapter { + } + + private Appender mockAppenderFor(String name) { + Appender appender = mock(Appender.class); + Logger logger = (Logger) LoggerFactory.getLogger(name); + logger.setLevel(Level.DEBUG); + logger.addAppender(appender); + return appender; + } + + private Class filterChainClass() { + return this.spring.getContext().getBean("springSecurityFilterChain").getClass(); + } +}