diff --git a/web/src/main/java/org/springframework/security/web/access/HandlerMappingIntrospectorRequestTransformer.java b/web/src/main/java/org/springframework/security/web/access/HandlerMappingIntrospectorRequestTransformer.java deleted file mode 100644 index f78ad46a50..0000000000 --- a/web/src/main/java/org/springframework/security/web/access/HandlerMappingIntrospectorRequestTransformer.java +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright 2002-2023 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.web.access; - -import java.util.Collections; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Map; - -import jakarta.servlet.DispatcherType; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletRequestWrapper; - -import org.springframework.util.Assert; -import org.springframework.web.servlet.handler.HandlerMappingIntrospector; - -/** - * Transforms by passing it into - * {@link HandlerMappingIntrospector#setCache(HttpServletRequest)}. Before, it wraps the - * {@link HttpServletRequest} to ensure that the methods needed work since some methods by - * default throw {@link UnsupportedOperationException}. - * - * @author Rob Winch - * @deprecated please use {@link PathPatternRequestTransformer} instead - */ -@Deprecated(forRemoval = true) -public class HandlerMappingIntrospectorRequestTransformer - implements AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer { - - private final HandlerMappingIntrospector introspector; - - public HandlerMappingIntrospectorRequestTransformer(HandlerMappingIntrospector introspector) { - Assert.notNull(introspector, "introspector canot be null"); - this.introspector = introspector; - } - - @Override - public HttpServletRequest transform(HttpServletRequest request) { - CacheableRequestWrapper cacheableRequest = new CacheableRequestWrapper(request); - this.introspector.setCache(cacheableRequest); - return cacheableRequest; - } - - static final class CacheableRequestWrapper extends HttpServletRequestWrapper { - - private final Map attributes = new HashMap<>(); - - /** - * Constructs a request object wrapping the given request. - * @param request the {@link HttpServletRequest} to be wrapped. - * @throws IllegalArgumentException if the request is null - */ - CacheableRequestWrapper(HttpServletRequest request) { - super(request); - } - - @Override - public DispatcherType getDispatcherType() { - return DispatcherType.REQUEST; - } - - @Override - public Enumeration getAttributeNames() { - return Collections.enumeration(this.attributes.keySet()); - } - - @Override - public Object getAttribute(String name) { - return this.attributes.get(name); - } - - @Override - public void setAttribute(String name, Object o) { - this.attributes.put(name, o); - } - - @Override - public void removeAttribute(String name) { - this.attributes.remove(name); - } - - } - -} diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java index 16a737a9f7..9c7a0a2997 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java @@ -46,11 +46,12 @@ import org.springframework.security.web.authentication.session.NullAuthenticated import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; import org.springframework.security.web.context.SecurityContextRepository; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; import org.springframework.web.filter.GenericFilterBean; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; + /** * Abstract processor of browser-based HTTP-based authentication requests. * @@ -395,7 +396,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt * @param filterProcessesUrl */ public void setFilterProcessesUrl(String filterProcessesUrl) { - setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(filterProcessesUrl)); + setRequiresAuthenticationRequestMatcher(pathPattern(filterProcessesUrl)); } public final void setRequiresAuthenticationRequestMatcher(RequestMatcher requestMatcher) { diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java index e8003ea4cf..94bafca971 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java @@ -29,13 +29,14 @@ import org.springframework.core.log.LogMessage; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolderStrategy; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.UrlUtils; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; import org.springframework.util.StringUtils; import org.springframework.web.filter.GenericFilterBean; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; + /** * Logs a principal out. *

@@ -140,7 +141,7 @@ public class LogoutFilter extends GenericFilterBean { } public void setFilterProcessesUrl(String filterProcessesUrl) { - this.logoutRequestMatcher = PathPatternRequestMatcher.withDefaults().matcher(filterProcessesUrl); + this.logoutRequestMatcher = pathPattern(filterProcessesUrl); } } diff --git a/web/src/main/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationFilter.java index e520921257..67f359cb5f 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/ott/OneTimeTokenAuthenticationFilter.java @@ -18,7 +18,8 @@ package org.springframework.security.web.authentication.ott; import org.springframework.http.HttpMethod; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; + +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; /** * Filter that processes a one-time token for log in. @@ -34,7 +35,7 @@ public final class OneTimeTokenAuthenticationFilter extends AbstractAuthenticati public static final String DEFAULT_LOGIN_PROCESSING_URL = "/login/ott"; public OneTimeTokenAuthenticationFilter() { - super(PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.POST, DEFAULT_LOGIN_PROCESSING_URL)); + super(pathPattern(HttpMethod.POST, DEFAULT_LOGIN_PROCESSING_URL)); setAuthenticationConverter(new OneTimeTokenAuthenticationConverter()); } diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java index 335262b05c..ac85c23d59 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java @@ -63,13 +63,12 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; import org.springframework.security.web.context.SecurityContextRepository; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.UrlUtils; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; import org.springframework.web.filter.GenericFilterBean; -import org.springframework.web.util.UrlPathHelper; + +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; /** * Switch User processing filter responsible for user context switching. @@ -129,9 +128,9 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); - private RequestMatcher exitUserMatcher = createMatcher("/logout/impersonate", true); + private RequestMatcher exitUserMatcher = createMatcher("/logout/impersonate"); - private RequestMatcher switchUserMatcher = createMatcher("/login/impersonate", true); + private RequestMatcher switchUserMatcher = createMatcher("/login/impersonate"); private String targetUrl; @@ -408,7 +407,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv public void setExitUserUrl(String exitUserUrl) { Assert.isTrue(UrlUtils.isValidRedirectUrl(exitUserUrl), "exitUserUrl cannot be empty and must be a valid redirect URL"); - this.exitUserMatcher = createMatcher(exitUserUrl, false); + this.exitUserMatcher = createMatcher(exitUserUrl); } /** @@ -428,7 +427,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv public void setSwitchUserUrl(String switchUserUrl) { Assert.isTrue(UrlUtils.isValidRedirectUrl(switchUserUrl), "switchUserUrl cannot be empty and must be a valid redirect URL"); - this.switchUserMatcher = createMatcher(switchUserUrl, false); + this.switchUserMatcher = createMatcher(switchUserUrl); } /** @@ -547,11 +546,8 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv this.securityContextRepository = securityContextRepository; } - private static RequestMatcher createMatcher(String pattern, boolean usePathPatterns) { - if (usePathPatterns) { - return PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.POST, pattern); - } - return new AntPathRequestMatcher(pattern, "POST", true, new UrlPathHelper()); + private static RequestMatcher createMatcher(String pattern) { + return pathPattern(HttpMethod.POST, pattern); } } diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java index 9e4999a7e2..b577eeaf8c 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java @@ -28,11 +28,12 @@ import jakarta.servlet.http.HttpServletResponse; import org.springframework.core.log.LogMessage; import org.springframework.http.HttpMethod; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; import org.springframework.web.filter.OncePerRequestFilter; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; + /** * Generates a default log out page. * @@ -41,7 +42,7 @@ import org.springframework.web.filter.OncePerRequestFilter; */ public class DefaultLogoutPageGeneratingFilter extends OncePerRequestFilter { - private RequestMatcher matcher = PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/logout"); + private RequestMatcher matcher = pathPattern(HttpMethod.GET, "/logout"); private Function> resolveHiddenInputs = (request) -> Collections.emptyMap(); diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultResourcesFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultResourcesFilter.java index ee52dc682b..a534b866d5 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultResourcesFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultResourcesFilter.java @@ -28,11 +28,12 @@ import jakarta.servlet.http.HttpServletRequest; import org.springframework.core.io.ClassPathResource; import org.springframework.http.HttpMethod; import org.springframework.http.MediaType; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; import org.springframework.web.filter.GenericFilterBean; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; + /** * Serve common static assets used in default UIs, such as CSS or Javascript files. For * internal use only. @@ -89,8 +90,7 @@ public final class DefaultResourcesFilter extends GenericFilterBean { * @return - */ public static DefaultResourcesFilter css() { - return new DefaultResourcesFilter( - PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/default-ui.css"), + return new DefaultResourcesFilter(pathPattern(HttpMethod.GET, "/default-ui.css"), new ClassPathResource("org/springframework/security/default-ui.css"), new MediaType("text", "css", StandardCharsets.UTF_8)); } @@ -107,8 +107,7 @@ public final class DefaultResourcesFilter extends GenericFilterBean { * @return - */ public static DefaultResourcesFilter webauthn() { - return new DefaultResourcesFilter( - PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/login/webauthn.js"), + return new DefaultResourcesFilter(pathPattern(HttpMethod.GET, "/login/webauthn.js"), new ClassPathResource("org/springframework/security/spring-security-webauthn.js"), new MediaType("text", "javascript", StandardCharsets.UTF_8)); } diff --git a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java index 17faf11432..cf48c63a93 100644 --- a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java +++ b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java @@ -202,7 +202,7 @@ public final class PathPatternRequestMatcher implements RequestMatcher { *

* To match a request URI like {@code /app/servlet/my/resource/**} where {@code /app} * is the context path, you can do - * {@code PathPatternRequestMatcher.withDefaults().matcher("/servlet/my/resource/**")} + * {@code PathPatternRequestMatcher.pathPattern("/servlet/my/resource/**")} * *

* If you have many paths that have a common path prefix, you can use diff --git a/web/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationFilter.java index 5e56212dfe..53183b1333 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationFilter.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationFilter.java @@ -37,7 +37,6 @@ import org.springframework.security.web.authentication.AuthenticationEntryPointF import org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler; import org.springframework.security.web.authentication.HttpStatusEntryPoint; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse; import org.springframework.security.web.webauthn.api.PublicKeyCredential; import org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions; @@ -45,6 +44,8 @@ import org.springframework.security.web.webauthn.jackson.WebauthnJackson2Module; import org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest; import org.springframework.util.Assert; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; + /** * Authenticates {@code PublicKeyCredential} that is * parsed from the body of the {@link HttpServletRequest} using the @@ -77,7 +78,7 @@ public class WebAuthnAuthenticationFilter extends AbstractAuthenticationProcessi private PublicKeyCredentialRequestOptionsRepository requestOptionsRepository = new HttpSessionPublicKeyCredentialRequestOptionsRepository(); public WebAuthnAuthenticationFilter() { - super(PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.POST, "/login/webauthn")); + super(pathPattern(HttpMethod.POST, "/login/webauthn")); setSecurityContextRepository(new HttpSessionSecurityContextRepository()); setAuthenticationFailureHandler( new AuthenticationEntryPointFailureHandler(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))); diff --git a/web/src/test/java/org/springframework/security/web/RequestMatcherRedirectFilterTests.java b/web/src/test/java/org/springframework/security/web/RequestMatcherRedirectFilterTests.java index 4ecb023d95..623693fc95 100644 --- a/web/src/test/java/org/springframework/security/web/RequestMatcherRedirectFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/RequestMatcherRedirectFilterTests.java @@ -22,7 +22,6 @@ import org.junit.jupiter.api.Test; import org.springframework.http.HttpStatus; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; @@ -30,6 +29,7 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyNoInteractions; import static org.springframework.security.web.servlet.TestMockHttpServletRequests.get; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; /** * Tests for {@link RequestMatcherRedirectFilter}. @@ -40,8 +40,7 @@ public class RequestMatcherRedirectFilterTests { @Test public void doFilterWhenRequestMatchThenRedirectToSpecifiedUrl() throws Exception { - RequestMatcherRedirectFilter filter = new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/context"), - "/test"); + RequestMatcherRedirectFilter filter = new RequestMatcherRedirectFilter(pathPattern("/context"), "/test"); MockHttpServletRequest request = get("/context").build(); MockHttpServletResponse response = new MockHttpServletResponse(); @@ -57,8 +56,7 @@ public class RequestMatcherRedirectFilterTests { @Test public void doFilterWhenRequestNotMatchThenNextFilter() throws Exception { - RequestMatcherRedirectFilter filter = new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/context"), - "/test"); + RequestMatcherRedirectFilter filter = new RequestMatcherRedirectFilter(pathPattern("/context"), "/test"); MockHttpServletRequest request = get("/test").build(); @@ -81,21 +79,19 @@ public class RequestMatcherRedirectFilterTests { @Test public void constructWhenRedirectUrlNull() { assertThatIllegalArgumentException() - .isThrownBy(() -> new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/**"), null)) + .isThrownBy(() -> new RequestMatcherRedirectFilter(pathPattern("/**"), null)) .withMessage("redirectUrl cannot be empty"); } @Test public void constructWhenRedirectUrlEmpty() { - assertThatIllegalArgumentException() - .isThrownBy(() -> new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/**"), "")) + assertThatIllegalArgumentException().isThrownBy(() -> new RequestMatcherRedirectFilter(pathPattern("/**"), "")) .withMessage("redirectUrl cannot be empty"); } @Test public void constructWhenRedirectUrlBlank() { - assertThatIllegalArgumentException() - .isThrownBy(() -> new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/**"), " ")) + assertThatIllegalArgumentException().isThrownBy(() -> new RequestMatcherRedirectFilter(pathPattern("/**"), " ")) .withMessage("redirectUrl cannot be empty"); } diff --git a/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java index 0fd298ec96..7b96c639d7 100644 --- a/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java @@ -32,7 +32,6 @@ import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer; import org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager; -import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; @@ -40,6 +39,7 @@ import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.verify; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; @ExtendWith(MockitoExtension.class) class AuthorizationManagerWebInvocationPrivilegeEvaluatorTests { @@ -118,7 +118,7 @@ class AuthorizationManagerWebInvocationPrivilegeEvaluatorTests { void isAllowedWhenInvokesDelegateThenCachesRequestPath() { RequestMatcherDelegatingAuthorizationManager authorizationManager = RequestMatcherDelegatingAuthorizationManager .builder() - .add(PathPatternRequestMatcher.withDefaults().matcher("/test/**"), + .add(pathPattern("/test/**"), (authentication, context) -> this.authorizationManager.check(authentication, context.getRequest())) .build(); AuthorizationManagerWebInvocationPrivilegeEvaluator privilegeEvaluator = new AuthorizationManagerWebInvocationPrivilegeEvaluator( diff --git a/web/src/test/java/org/springframework/security/web/access/HandlerMappingIntrospectorRequestTransformerTests.java b/web/src/test/java/org/springframework/security/web/access/HandlerMappingIntrospectorRequestTransformerTests.java deleted file mode 100644 index 96bf8e9581..0000000000 --- a/web/src/test/java/org/springframework/security/web/access/HandlerMappingIntrospectorRequestTransformerTests.java +++ /dev/null @@ -1,206 +0,0 @@ -/* - * Copyright 2002-2023 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.web.access; - -import java.util.Collections; - -import jakarta.servlet.DispatcherType; -import jakarta.servlet.http.HttpServletRequest; -import org.assertj.core.api.AssertionsForClassTypes; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.ArgumentCaptor; -import org.mockito.Mock; -import org.mockito.junit.jupiter.MockitoExtension; - -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.web.servlet.handler.HandlerMappingIntrospector; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.verifyNoInteractions; - -/** - * @author Rob Winch - */ -@ExtendWith(MockitoExtension.class) -class HandlerMappingIntrospectorRequestTransformerTests { - - @Mock - HandlerMappingIntrospector hmi; - - HandlerMappingIntrospectorRequestTransformer transformer; - - @BeforeEach - void setup() { - this.transformer = new HandlerMappingIntrospectorRequestTransformer(this.hmi); - } - - @Test - void constructorWhenHmiIsNullThenIllegalArgumentException() { - AssertionsForClassTypes.assertThatExceptionOfType(IllegalArgumentException.class) - .isThrownBy(() -> new HandlerMappingIntrospectorRequestTransformer(null)); - } - - @Test - void transformThenNewRequestPassedToSetCache() { - MockHttpServletRequest request = new MockHttpServletRequest(); - - HttpServletRequest transformedRequest = this.transformer.transform(request); - - ArgumentCaptor requestArg = ArgumentCaptor.forClass(HttpServletRequest.class); - verify(this.hmi).setCache(requestArg.capture()); - assertThat(transformedRequest).isNotEqualTo(request); - } - - @Test - void transformThenResultPassedToSetCache() { - MockHttpServletRequest request = new MockHttpServletRequest(); - - HttpServletRequest transformedRequest = this.transformer.transform(request); - - ArgumentCaptor requestArg = ArgumentCaptor.forClass(HttpServletRequest.class); - verify(this.hmi).setCache(requestArg.capture()); - assertThat(requestArg.getValue()).isEqualTo(transformedRequest); - } - - /** - * The request passed into the transformer does not allow interactions on certain - * methods, we need to ensure that the methods used by - * {@link HandlerMappingIntrospector#setCache(HttpServletRequest)} are overridden. - */ - @Test - void transformThenResultDoesNotDelegateToSetAttribute() { - HttpServletRequest request = mock(HttpServletRequest.class); - - this.transformer.transform(request); - - ArgumentCaptor requestArg = ArgumentCaptor.forClass(HttpServletRequest.class); - verify(this.hmi).setCache(requestArg.capture()); - HttpServletRequest transformedRequest = requestArg.getValue(); - String attrName = "any"; - String attrValue = "value"; - transformedRequest.setAttribute(attrName, attrValue); - verifyNoInteractions(request); - assertThat(transformedRequest.getAttribute(attrName)).isEqualTo(attrValue); - } - - @Test - void transformThenSetAttributeWorks() { - HttpServletRequest request = mock(HttpServletRequest.class); - - this.transformer.transform(request); - - ArgumentCaptor requestArg = ArgumentCaptor.forClass(HttpServletRequest.class); - verify(this.hmi).setCache(requestArg.capture()); - HttpServletRequest transformedRequest = requestArg.getValue(); - String attrName = "any"; - String attrValue = "value"; - transformedRequest.setAttribute(attrName, attrValue); - assertThat(transformedRequest.getAttribute(attrName)).isEqualTo(attrValue); - } - - /** - * The request passed into the transformer does not allow interactions on certain - * methods, we need to ensure that the methods used by - * {@link HandlerMappingIntrospector#setCache(HttpServletRequest)} are overridden. - */ - @Test - void transformThenResultDoesNotDelegateToGetAttribute() { - HttpServletRequest request = mock(HttpServletRequest.class); - - this.transformer.transform(request); - - ArgumentCaptor requestArg = ArgumentCaptor.forClass(HttpServletRequest.class); - verify(this.hmi).setCache(requestArg.capture()); - HttpServletRequest transformedRequest = requestArg.getValue(); - transformedRequest.getAttribute("any"); - verifyNoInteractions(request); - } - - /** - * The request passed into the transformer does not allow interactions on certain - * methods, we need to ensure that the methods used by - * {@link HandlerMappingIntrospector#setCache(HttpServletRequest)} are overridden. - */ - @Test - void transformThenResultDoesNotDelegateToGetAttributeNames() { - HttpServletRequest request = mock(HttpServletRequest.class); - - this.transformer.transform(request); - - ArgumentCaptor requestArg = ArgumentCaptor.forClass(HttpServletRequest.class); - verify(this.hmi).setCache(requestArg.capture()); - HttpServletRequest transformedRequest = requestArg.getValue(); - transformedRequest.getAttributeNames(); - verifyNoInteractions(request); - } - - @Test - void transformThenGetAttributeNamesWorks() { - HttpServletRequest request = mock(HttpServletRequest.class); - - this.transformer.transform(request); - - ArgumentCaptor requestArg = ArgumentCaptor.forClass(HttpServletRequest.class); - verify(this.hmi).setCache(requestArg.capture()); - HttpServletRequest transformedRequest = requestArg.getValue(); - String attrName = "any"; - String attrValue = "value"; - transformedRequest.setAttribute(attrName, attrValue); - assertThat(Collections.list(transformedRequest.getAttributeNames())).containsExactly(attrName); - } - - /** - * The request passed into the transformer does not allow interactions on certain - * methods, we need to ensure that the methods used by - * {@link HandlerMappingIntrospector#setCache(HttpServletRequest)} are overridden. - */ - @Test - void transformThenResultDoesNotDelegateToRemoveAttribute() { - HttpServletRequest request = mock(HttpServletRequest.class); - - this.transformer.transform(request); - - ArgumentCaptor requestArg = ArgumentCaptor.forClass(HttpServletRequest.class); - verify(this.hmi).setCache(requestArg.capture()); - HttpServletRequest transformedRequest = requestArg.getValue(); - transformedRequest.removeAttribute("any"); - verifyNoInteractions(request); - } - - /** - * The request passed into the transformer does not allow interactions on certain - * methods, we need to ensure that the methods used by - * {@link HandlerMappingIntrospector#setCache(HttpServletRequest)} are overridden. - */ - @Test - void transformThenResultDoesNotDelegateToGetDispatcherType() { - HttpServletRequest request = mock(HttpServletRequest.class); - - this.transformer.transform(request); - - ArgumentCaptor requestArg = ArgumentCaptor.forClass(HttpServletRequest.class); - verify(this.hmi).setCache(requestArg.capture()); - HttpServletRequest transformedRequest = requestArg.getValue(); - assertThat(transformedRequest.getDispatcherType()).isEqualTo(DispatcherType.REQUEST); - verifyNoInteractions(request); - } - -} diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java index 0c6a005587..65ea3d9f4f 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java @@ -22,17 +22,18 @@ import java.util.LinkedHashMap; import jakarta.servlet.FilterChain; import org.junit.jupiter.api.Test; +import org.springframework.http.HttpMethod; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityConfig; import org.springframework.security.web.FilterInvocation; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.springframework.security.web.servlet.TestMockHttpServletRequests.request; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; /** * Tests {@link DefaultFilterInvocationSecurityMetadataSource}. @@ -45,9 +46,9 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { private Collection def = SecurityConfig.createList("ROLE_ONE"); - private void createFids(String pattern, String method) { + private void createFids(String pattern, HttpMethod method) { LinkedHashMap> requestMap = new LinkedHashMap<>(); - requestMap.put(new AntPathRequestMatcher(pattern, method), this.def); + requestMap.put(pathPattern(method, pattern), this.def); this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap); } @@ -89,7 +90,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void httpMethodLookupSucceeds() { - createFids("/somepage**", "GET"); + createFids("/somepage**", HttpMethod.GET); FilterInvocation fi = createFilterInvocation("/somepage", null, null, "GET"); Collection attrs = this.fids.getAttributes(fi); assertThat(attrs).isEqualTo(this.def); @@ -105,7 +106,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { @Test public void requestWithDifferentHttpMethodDoesntMatch() { - createFids("/somepage**", "GET"); + createFids("/somepage**", HttpMethod.GET); FilterInvocation fi = createFilterInvocation("/somepage", null, null, "POST"); Collection attrs = this.fids.getAttributes(fi); assertThat(attrs).isNull(); @@ -116,8 +117,8 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests { public void mixingPatternsWithAndWithoutHttpMethodsIsSupported() { LinkedHashMap> requestMap = new LinkedHashMap<>(); Collection userAttrs = SecurityConfig.createList("A"); - requestMap.put(new AntPathRequestMatcher("/user/**", null), userAttrs); - requestMap.put(new AntPathRequestMatcher("/teller/**", "GET"), SecurityConfig.createList("B")); + requestMap.put(pathPattern("/user/**"), userAttrs); + requestMap.put(pathPattern(HttpMethod.GET, "/teller/**"), SecurityConfig.createList("B")); this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap); FilterInvocation fi = createFilterInvocation("/user", null, null, "GET"); Collection attrs = this.fids.getAttributes(fi); diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java index dfb754fed5..d9509caca6 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java @@ -28,14 +28,13 @@ import org.springframework.security.authorization.AuthorityAuthorizationManager; import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.SingleResultAuthorizationManager; import org.springframework.security.core.Authentication; -import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.AnyRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcherEntry; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; import static org.assertj.core.api.Assertions.assertThatIllegalStateException; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; /** * Tests for {@link RequestMatcherDelegatingAuthorizationManager}. @@ -63,18 +62,16 @@ public class RequestMatcherDelegatingAuthorizationManagerTests { @Test public void addWhenManagerNullThenException() { - assertThatIllegalArgumentException() - .isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder() - .add(new MvcRequestMatcher(null, "/grant"), null) - .build()) + assertThatIllegalArgumentException().isThrownBy( + () -> RequestMatcherDelegatingAuthorizationManager.builder().add(pathPattern("/grant"), null).build()) .withMessage("manager cannot be null"); } @Test public void checkWhenMultipleMappingsConfiguredThenDelegatesMatchingManager() { RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder() - .add(new MvcRequestMatcher(null, "/grant"), SingleResultAuthorizationManager.permitAll()) - .add(new MvcRequestMatcher(null, "/deny"), SingleResultAuthorizationManager.denyAll()) + .add(pathPattern(null, "/grant"), SingleResultAuthorizationManager.permitAll()) + .add(pathPattern(null, "/deny"), SingleResultAuthorizationManager.denyAll()) .build(); Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER"); @@ -97,11 +94,10 @@ public class RequestMatcherDelegatingAuthorizationManagerTests { public void checkWhenMultipleMappingsConfiguredWithConsumerThenDelegatesMatchingManager() { RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder() .mappings((m) -> { - m.add(new RequestMatcherEntry<>(new MvcRequestMatcher(null, "/grant"), - SingleResultAuthorizationManager.permitAll())); + m.add(new RequestMatcherEntry<>(pathPattern("/grant"), SingleResultAuthorizationManager.permitAll())); m.add(new RequestMatcherEntry<>(AnyRequestMatcher.INSTANCE, AuthorityAuthorizationManager.hasRole("ADMIN"))); - m.add(new RequestMatcherEntry<>(new MvcRequestMatcher(null, "/afterAny"), + m.add(new RequestMatcherEntry<>(pathPattern("/afterAny"), SingleResultAuthorizationManager.permitAll())); }) .build(); @@ -156,7 +152,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests { .isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder() .anyRequest() .authenticated() - .requestMatchers(new AntPathRequestMatcher("/authenticated")) + .requestMatchers(pathPattern("/authenticated")) .authenticated() .build()) .withMessage("Can't configure requestMatchers after anyRequest"); diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java index 752838d2da..caaef4a083 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java @@ -47,7 +47,6 @@ import org.springframework.security.web.authentication.session.SessionAuthentica import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.security.web.firewall.DefaultHttpFirewall; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.test.util.ReflectionTestUtils; @@ -62,6 +61,7 @@ import static org.mockito.Mockito.verify; import static org.springframework.security.web.servlet.TestMockHttpServletRequests.Builder; import static org.springframework.security.web.servlet.TestMockHttpServletRequests.get; import static org.springframework.security.web.servlet.TestMockHttpServletRequests.post; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; /** * Tests {@link AbstractAuthenticationProcessingFilter}. @@ -238,8 +238,8 @@ public class AbstractAuthenticationProcessingFilterTests { MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); // Setup our test object, to grant access - MockAuthenticationFilter filter = new MockAuthenticationFilter( - new AntPathRequestMatcher("/j_eradicate_corona_virus"), mock(AuthenticationManager.class)); + MockAuthenticationFilter filter = new MockAuthenticationFilter(pathPattern("/j_eradicate_corona_virus"), + mock(AuthenticationManager.class)); filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class)); filter.setAuthenticationSuccessHandler(this.successHandler); filter.setAuthenticationFailureHandler(this.failureHandler); @@ -273,7 +273,7 @@ public class AbstractAuthenticationProcessingFilterTests { filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.setAuthenticationSuccessHandler(this.successHandler); assertThatIllegalArgumentException().isThrownBy(() -> filter.setFilterProcessesUrl(null)) - .withMessage("Pattern cannot be null or empty"); + .withMessage("pattern cannot be null"); } @Test diff --git a/web/src/test/java/org/springframework/security/web/authentication/RequestMatcherDelegatingAuthenticationManagerResolverTests.java b/web/src/test/java/org/springframework/security/web/authentication/RequestMatcherDelegatingAuthenticationManagerResolverTests.java index 385ff38d50..00dd0b87df 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/RequestMatcherDelegatingAuthenticationManagerResolverTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/RequestMatcherDelegatingAuthenticationManagerResolverTests.java @@ -23,12 +23,12 @@ import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; import static org.mockito.Mockito.mock; import static org.springframework.security.web.servlet.TestMockHttpServletRequests.get; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; /** * Tests for {@link RequestMatcherDelegatingAuthenticationManagerResolverTests} @@ -45,8 +45,8 @@ public class RequestMatcherDelegatingAuthenticationManagerResolverTests { public void resolveWhenMatchesThenReturnsAuthenticationManager() { RequestMatcherDelegatingAuthenticationManagerResolver resolver = RequestMatcherDelegatingAuthenticationManagerResolver .builder() - .add(new AntPathRequestMatcher("/one/**"), this.one) - .add(new AntPathRequestMatcher("/two/**"), this.two) + .add(pathPattern("/one/**"), this.one) + .add(pathPattern("/two/**"), this.two) .build(); MockHttpServletRequest request = get("/one/location").build(); @@ -57,8 +57,8 @@ public class RequestMatcherDelegatingAuthenticationManagerResolverTests { public void resolveWhenDoesNotMatchThenReturnsDefaultAuthenticationManager() { RequestMatcherDelegatingAuthenticationManagerResolver resolver = RequestMatcherDelegatingAuthenticationManagerResolver .builder() - .add(new AntPathRequestMatcher("/one/**"), this.one) - .add(new AntPathRequestMatcher("/two/**"), this.two) + .add(pathPattern("/one/**"), this.one) + .add(pathPattern("/two/**"), this.two) .build(); MockHttpServletRequest request = new MockHttpServletRequest("GET", "/wrong/location"); diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java index 5598b5543d..c7b11b0b35 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java @@ -41,7 +41,6 @@ import org.springframework.security.web.WebAttributes; import org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler; import org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler; import org.springframework.security.web.context.SecurityContextRepository; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; @@ -52,6 +51,7 @@ import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyNoMoreInteractions; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; /** * @author Rob Winch @@ -367,7 +367,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); - filter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/no-matching")); + filter.setRequiresAuthenticationRequestMatcher(pathPattern("/no-matching")); AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); @@ -381,7 +381,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); - filter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/**")); + filter.setRequiresAuthenticationRequestMatcher(pathPattern("/**")); AuthenticationManager am = mock(AuthenticationManager.class); filter.setAuthenticationManager(am); filter.afterPropertiesSet(); diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java index d2e9c6806e..c0bd3aab93 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilterTests.java @@ -46,7 +46,6 @@ import org.springframework.security.web.authentication.AuthenticationConverter; import org.springframework.security.web.authentication.WebAuthenticationDetails; import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; import org.springframework.security.web.context.SecurityContextRepository; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.web.util.WebUtils; @@ -62,6 +61,7 @@ import static org.mockito.Mockito.spy; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyNoMoreInteractions; import static org.springframework.security.web.servlet.TestMockHttpServletRequests.get; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; /** * Tests {@link BasicAuthenticationFilter}. @@ -513,7 +513,7 @@ public class BasicAuthenticationFilterTests { static class TestAuthenticationConverter implements AuthenticationConverter { - private final RequestMatcher matcher = AntPathRequestMatcher.antMatcher("/ignored"); + private final RequestMatcher matcher = pathPattern("/ignored"); private final BasicAuthenticationConverter delegate = new BasicAuthenticationConverter(); diff --git a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcherTests.java index 5040ecb50f..dac986ec5c 100644 --- a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcherTests.java @@ -29,6 +29,7 @@ import org.springframework.web.util.ServletRequestPathUtils; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; /** @@ -38,49 +39,49 @@ public class PathPatternRequestMatcherTests { @Test void matcherWhenPatternMatchesRequestThenMatchResult() { - RequestMatcher matcher = PathPatternRequestMatcher.withDefaults().matcher("/uri"); + RequestMatcher matcher = pathPattern("/uri"); assertThat(matcher.matches(request("/uri"))).isTrue(); } @Test void matcherWhenPatternContainsPlaceholdersThenMatchResult() { - RequestMatcher matcher = PathPatternRequestMatcher.withDefaults().matcher("/uri/{username}"); + RequestMatcher matcher = pathPattern("/uri/{username}"); assertThat(matcher.matcher(request("/uri/bob")).getVariables()).containsEntry("username", "bob"); } @Test void matcherWhenOnlyPathInfoMatchesThenNoMatch() { - RequestMatcher matcher = PathPatternRequestMatcher.withDefaults().matcher("/uri"); + RequestMatcher matcher = pathPattern("/uri"); assertThat(matcher.matches(request("GET", "/mvc/uri", "/mvc"))).isFalse(); } @Test void matcherWhenUriContainsServletPathThenMatch() { - RequestMatcher matcher = PathPatternRequestMatcher.withDefaults().matcher("/mvc/uri"); + RequestMatcher matcher = pathPattern("/mvc/uri"); assertThat(matcher.matches(request("GET", "/mvc/uri", "/mvc"))).isTrue(); } @Test void matcherWhenSameMethodThenMatchResult() { - RequestMatcher matcher = PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/uri"); + RequestMatcher matcher = pathPattern(HttpMethod.GET, "/uri"); assertThat(matcher.matches(request("/uri"))).isTrue(); } @Test void matcherWhenDifferentPathThenNoMatch() { - RequestMatcher matcher = PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/uri"); + RequestMatcher matcher = pathPattern(HttpMethod.GET, "/uri"); assertThat(matcher.matches(request("GET", "/urj", ""))).isFalse(); } @Test void matcherWhenDifferentMethodThenNoMatch() { - RequestMatcher matcher = PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/uri"); + RequestMatcher matcher = pathPattern(HttpMethod.GET, "/uri"); assertThat(matcher.matches(request("POST", "/mvc/uri", "/mvc"))).isFalse(); } @Test void matcherWhenNoMethodThenMatches() { - RequestMatcher matcher = PathPatternRequestMatcher.withDefaults().matcher("/uri"); + RequestMatcher matcher = pathPattern("/uri"); assertThat(matcher.matches(request("POST", "/uri", ""))).isTrue(); assertThat(matcher.matches(request("GET", "/uri", ""))).isTrue(); } diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java index 62b3781790..d5be83e1fd 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java @@ -33,6 +33,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; import static org.assertj.core.api.Assertions.assertThatNullPointerException; import static org.mockito.BDDMockito.given; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; /** * @author Rob Winch @@ -59,7 +60,7 @@ public class AndRequestMatcherTests { @Test public void constructorListOfDoesNotThrowNullPointer() { - new AndRequestMatcher(List.of(new AntPathRequestMatcher("/test"))); + new AndRequestMatcher(List.of(pathPattern("/test"))); } @Test diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java index 72dd4162bd..006473fa55 100644 --- a/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java @@ -34,6 +34,7 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException import static org.assertj.core.api.Assertions.assertThatNullPointerException; import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.verifyNoInteractions; +import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern; /** * @author Rob Winch @@ -60,7 +61,7 @@ public class OrRequestMatcherTests { @Test public void constructorListOfDoesNotThrowNullPointer() { - new OrRequestMatcher(List.of(new AntPathRequestMatcher("/test"))); + new OrRequestMatcher(List.of(pathPattern("/test"))); } @Test