Previously if csrf() was used and subsequently not used, the
TestCsrfTokenRepository was still used. This makes it difficult to test
the actual CsrfTokenRepository implementation.
Now the TestCsrfTokenRepository is only used if explicitly enabled.
Fixes gh-4016
WithSecurityContextTestExecutionListener should order after
SqlScriptsTestExecutionListener so sql can setup the current user's info
in the database.
Fixes gh-3962
Previously, Spring Security's test support did not work well with the
standalone setup. This was because the springSecurityFilterChain was not
found by the WebTestUtils.
This commit ensures that the springSecurityFilterChain is added as a
servlet attribute if it is explicitly defined. WebTestUtils can then
find the springSecurityFilterChain in the ServletContext.
Fixes gh-3881
Previously Spring Security's WithSecurityContextTestExecutionListener
allowed a WithSecurityContextFactory<Annotation> to be used. This
was broken in SEC-3074.
This commit ensures that WithSecurityContextFactory<Annotation> is
supported again.
Fixes gh-3837
When enabling debug for spring security, the FilterChainProxy will be wrapped by the DebugFilter.
This DebugFilter will be registered as bean springSecurityFilterChain. The WebTestUtils will now search for the bean by name instead of FilterChainProxy class.
In this case we have to cast to a Java ServletFilter to support both filter...
Fixes gh-3836
Previously if unauthenticated() experienced an AnonymousAuthenticationToken
it would not match.
This commit ensures that if the user is anonymous (not just null)
unauthenticated() works.
Fixes gh-3409
WithSecurityContextTestExecutionListener used the variable name withUser
in mulitple places when it should have been named withSecurityContext.
This commit renames the variables to withSecurityContext.
Fixes gh-3775
Previously a NullPointerException would be thrown if no HttpSecurity
matched on the request passed in. This was because findFilters would
return null rather than an empty List.
This commit returns null if findFilters gets a null result.
Fixes gh-3343
Previously if a MockMvc instance was setup with a user and then again with
no user, then the original user would be setup.
This commit ensures that if a user is setup and then no user is setup no
user is used.
