Commit Graph

307 Commits

Author SHA1 Message Date
Rob Winch 0e8c03401b javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api
Issue gh-10501
2022-01-19 14:34:16 -06:00
Rob Winch 8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
Issue gh-10501
2022-01-19 14:33:53 -06:00
Marcus Da Coregio db60df2f9c Update to Spring Framework 6.0
Issue gh-10360
2021-11-01 09:02:42 -03:00
Marcus Da Coregio 02b2fcc6f0 Restore ManagementConfigurationPlugin
Issue gh-9615
2021-10-05 11:23:29 -03:00
Marcus Da Coregio d2e5f2ae0d Update Gradle to 7.2
Closes gh-9615
2021-10-04 15:19:40 -03:00
Marcus Hert da Coregio ab098f171d Propagate TestSecurityContextHolder to SecurityContextHolder
Create SecurityMockMvcResultHandlers to define security related MockMvc ResultHandlers
Create a method to allow copying the SecurityContext from the TestSecurityContextHolder to SecurityContextHolder

Closes gh-9565
2021-09-17 16:39:53 -03:00
Dávid Kováč 3ff825576b Move and rename OAuth2IntrospectionClaimAccessor/Names
Introduced OAuth2TokenIntrospectionClaimAccessor and OAuth2TokenIntrospectionClaimNames
with copied implementation from OAuth2IntrospectionClaimAccessor/Names.
OAuth2IntrospectionClaimAccessor and OAuth2IntrospectionClaimNames are
now deprecated.

Also method getScopes() returning list of scopes was introduced
and getScope() is now deprecated.

Closes gh-9647
2021-08-12 16:51:33 -06:00
Rob Winch f73f213f50 Remove DependencySetPlugin
Closes gh-10070
2021-07-12 15:31:38 -05:00
Rob Winch c838d3a25c Use SpringExtension instead of rules 2021-07-09 14:35:10 -05:00
Rob Winch e998d4ec8a Fix serialization due to mocking 2021-07-09 14:35:10 -05:00
Rob Winch b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch 3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch 14240b2559 Remove Powermock
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
2021-07-08 12:35:32 -05:00
Christian Frommeyer 8de631d5c6 Replace StringUtils from oauth2-oidc-sdk
SecurityMockServerConfigurers.java previously used the StringUtils from
the optional oauth2-oidc-sdk dependency. Replacing this with the
StringUtils from the spring framework this should not force adding the
dependency in cases where it is not actually used.

Closes gh-9923
2021-06-16 12:18:28 -06:00
Rob Winch 60d3db5798 add management platform(project(":spring-security-dependencies"))
Closes gh-9540
2021-04-05 10:36:36 -05:00
Rob Winch 1a76ee7442 Update Gradle configuration names
Closes gh-9540
2021-04-05 10:36:36 -05:00
Eleftheria Stein 4a492846f1 Revert "Lock dependencies for 2.5.0-M3"
This reverts commit f05cc6269c.
2021-03-15 23:18:45 +01:00
Eleftheria Stein f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Josh Cummings c4be1c6a56
Revert "Lock Dependencies"
This reverts commit a85caa4098.
2021-02-11 15:49:59 -07:00
Josh Cummings a85caa4098
Lock Dependencies 2021-02-11 15:00:38 -07:00
Rob Winch 4515c86beb WithSecurityContextTestExecutionListener Respects @NestedTestConfiguration
Previously WithSecurityContextTestExecutionListener did not respect
@NestedTestConfiguration.

This commit switches to using TestContextAnnotationUtils to ensure that
@NestedTestConfiguration is respected.

Closes gh-9193
2020-11-06 15:11:50 -06:00
Joe Grandja b95e1aa209 Revert "Lock dependencies for 5.5.0-M1"
This reverts commit 25a7482c8c.
2020-11-03 19:53:28 -05:00
Rob Winch 87d8741730 WithSecurityContextTestExecutionListener Supports Nested Classes
WithSecurityContextTestExecutionListener now supports nested classes. If
the class is nested WithSecurityContext is not found, then the enclosing
class is looked at until there is no enclosing class.

Closes gh-9179
2020-11-03 17:36:37 -06:00
Rob Winch 25a7482c8c Lock dependencies for 5.5.0-M1 2020-10-30 17:52:03 -05:00
Josh Cummings 3e95f68873
Add jackson-datatype-jsr310 Dependency
Closes gh-9123
2020-10-12 17:41:16 -06:00
Phillip Webb c502312719 Replace expected @Test attributes with AssertJ
Replace JUnit expected @Test attributes with AssertJ calls.
2020-09-22 16:13:51 -06:00
Joe Grandja 7b1f574769 Revert "Lock Dependency Versions for 5.4.0"
This reverts commit 3d0e459182.
2020-09-09 18:14:12 -04:00
Joe Grandja 3d0e459182 Lock Dependency Versions for 5.4.0 2020-09-09 13:45:03 -04:00
Phillip Webb 319d3364aa Migrate to assertThatExceptionOfType
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb a5aa6b3d7f Remove blank lines from all tests
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.

Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb ef951bae90 Polish spring-security-test main code
Manually polish `spring-security-test` following the formatting
and checkstyle fixes.

Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb 834dcf5bcf Use consistent ternary expression style
Update all ternary expressions so that the condition is always in
parentheses and "not equals" is used in the test. This helps to bring
consistency across the codebase which makes ternary expression easier
to scan.

For example: `a = (a != null) ? a : b`

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 8d3f039f76 Reduce method visibility when possible
Reduce method visibility for package private classes when possible.

In the case of abstract classes that will eventually be made public,
the class has been made public and a package-private constructor has
been added.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb ec6a4cb3f0 Use consistent equals/hashCode/toString order
Ensure that `equals` `hashCode` and `toString` methods always appear in
the same order. This aligns with the style used in Spring Framework.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 52f20b5281 Use parenthesis with single-arg lambdas
Use regular expression search/replace to ensure all single-arg
lambdas have parenthesis. This aligns with the style used in Spring
Boot and ensure that single-arg and multi-arg lambdas are consistent.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 01d90c9881 Hide utility class constructors
Update all utility classes so that they have a private constructor. This
prevents users from accidentally creating an instance, when they should
just use the static methods directly.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb ff94944313 Add whitespace after copyright header
Add an additional lines after the copyright header and before the
`package` declaration. This aligns with the style used by Spring
Framework.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 8d80166aaf Update exception variable names
Consistently use `ex` for caught exception and `cause` for Exception
constructor arguments.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb e9130489a6 Remove restricted static imports
Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb db55ef4b3b Migrate to BDD Mockito
Migrate Mockito imports to use the BDD variant. This aligns better with
the "given" / "when" / "then" style used in most tests since the "given"
block now uses Mockito `given(...)` calls.

The commit also updates a few tests that were accidentally using
Power Mockito when regular Mockito could be used.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 4d487e8dc3 Ensure all files end with a new line
Update all files to ensure that they always end with a new-line
character.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb a0b9442265 Use consistent modifier order
Update code to use a consistent modifier order that aligns with that
used in the "Java Language specification".

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 3e700e7571 Remove (non-Javadoc) comments
Search and replace using '(?s)/\*\s*\* \(non-Javadoc\).*?\*/' to remove
all "(non-Javadoc)" comments. These comments used to be added
automatically by Eclipse, but are not really necessary.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb a2f2e9ac8d Move inner-types so that they are always last
Move all inner-types so that they are consistently the last item
defined. This aligns with the style used by Spring Framework and
the consistency generally makes it easier to scan the source.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 9e08b51ed3 Apply code cleanup rules to projects
Apply automated cleanup rules to add `@Override` and `@Deprecated`
annotations and to fix class references used with static methods.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 8866fa6fb0 Always use 'this.' when accessing fields
Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 6894ff5d12 Make classes final where possible
Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 37fa94fafc Organize imports
Use "organize imports" from Eclipse to cleanup import statements so
that they appear in a consistent and well defined order.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 5f64f53c3f Use consistent "@" tag order in Javadoc
Ensure that Javadoc "@" tags appear in a consistent and well defined
order.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb b7fc18262d Reformat code using spring-javaformat
Run `./gradlew format` to reformat all java files.

Issue gh-8945
2020-08-24 17:32:56 -05:00
Phillip Webb 8e092f8d2c Add noformat blocks around withDefaultPasswordEncoder
Find `withDefaultPasswordEncoder` calls and protect them against
formatting.

Issue gh-8945
2020-08-10 16:24:44 -05:00
Phillip Webb 63b5998fad Add noformat blocks around auth config
Find `auth` config using a regex search of `^\s*auths*$` and protect
them against formatting.

Issue gh-8945
2020-08-10 16:24:44 -05:00
Phillip Webb 103d822e46 Add noformat blocks around http config
Find `http` config using a regex search of `^\s*https*$` and protect
them against formatting.

Issue gh-8945
2020-08-10 16:24:44 -05:00
Joe Grandja 1d74d556c2 Revert "Lock Dependency Versions for 5.4.0-RC1"
This reverts commit f3a1e5d40c.
2020-08-05 14:59:11 -04:00
Joe Grandja f3a1e5d40c Lock Dependency Versions for 5.4.0-RC1 2020-08-05 13:46:11 -04:00
Dávid Kováč af1c96b425
Simplify OAuth 2.0 Introspection Attribute Retrieval
In order to simplify retrieving of OAuth 2.0 Introspection specific
attributes, OAuth2IntrospectionClaimAccessor interface was introduced
and also new OAuth2AuthenticatedPrincipal implementing this new
interface (OAuth2IntrospectionAuthenticatedPrincipal).

Also DefaultOAuth2AuthenticatedPrincipal was replaced by
OAuth2IntrospectionAuthenticatedPrincipal in cases where OAuth 2.0
Introspection is performed (NimbusOpaqueTokenIntrospector,
NimbusReactiveOpaqueTokenIntrospector).

DefaultOAuth2AuthenticatedPrincipal can be still used by applications
that introspected the token without OAuth 2.0 Introspection.

OAuth2IntrospectionAuthenticatedPrincipal will also be used as a
default principal in tests where request is post-processed/mutated
by OpaqueTokenRequestPostProcessor/OpaqueTokenMutator.

Closes gh-6489
2020-07-09 17:26:13 -06:00
Josh Cummings 146d0b6358
Revert "Lock Dependency Versions for 5.4.0-M2"
This reverts commit 68538897c8.
2020-07-01 13:11:50 -06:00
Josh Cummings 68538897c8
Lock Dependency Versions for 5.4.0-M2 2020-07-01 12:40:29 -06:00
Rob Winch dac7806cf5 Test beforeTestMethod delays creation of SecurityContext
Issue gh-6591
2020-06-24 16:40:09 -05:00
Markus Gabriel 97ee6d66f1 Fix SecurityContext creation for TEST_EXECUTION
Currently, there is support for setting up a SecurityContext after @Before by
using TestExecutionEvent.TEST_EXECUTION. The current implementation, however,
already creates the SecurityContext in @Before and just does not set it yet.
This leads to issues like #6591. For the case of @WithUserDetails, the
creation of the SecurityContext already looks up a user from the repository.
If the user was inserted in @Before, the user is not found despite using
TestExecutionEvent.TEST_EXECUTION. This commit changes the creation of the
SecurityContext to happen after @Before if using
TestExecutionEvent.TEST_EXECUTION.

Closes gh-6591
2020-06-24 16:40:08 -05:00
Dávid Kovács 88028d82ed formLogin() and login() implement Mergable
This is necessary so that default requests like Spring REST Docs work.

Closes gh-7572
2020-06-22 14:54:32 -05:00
Josh Cummings 900f551890
Inject TestOAuth2AuthorizedClientRepository
Fixes gh-8603
2020-05-28 10:33:02 -06:00
Joe Grandja 86ca6b013c Unlock dependencies
This reverts commit 206960cf44.
2020-05-06 17:27:35 -04:00
Joe Grandja 206960cf44 Lock dependencies for 5.4.0-M1 2020-05-06 17:13:04 -04:00
Dávid Kovács 1f1ddeb025 SecurityMockMvcConfigurer$DelegateFilter is not null-safe
This commit adds null-check to getter method, so instead of NPE an IllegalStateException will be thrown with additional details.

Fixes gh-7745
2020-05-05 09:56:37 -05:00
Markus Engelbrecht d81321bc29
Fix typo 'properites' in documentation
Fixes gh-8095
2020-03-11 10:54:14 -06:00
Josh Cummings 6eadf7b140
Unlock dependencies for 5.3.0.RELEASE
This reverts commit 147d7dadd7.
2020-03-04 12:02:48 -07:00
Josh Cummings 147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
Josh Cummings 85b0e468ad
Add missing calls to principalName
Issue gh-8054
2020-03-03 17:11:42 -07:00
Josh Cummings 2064214f39
Add principal name to oauth2Client Test Support
Fixes gh-8054
2020-03-03 16:33:08 -07:00
Josh Cummings 3bc1b7a933
Simplify opaqueToken support
Remove scopes convenience method to alleviate potential confusion with
the "scope" attribute.

Issue gh-7827
Issue gh-7712
2020-03-03 16:24:43 -07:00
Josh Cummings 689fc9df0c
Align Test Support Claims
Make all sub claims 'user' and all scopes 'read' to align with
existing support for JWT

Issue gh-7828
Issue gh-7789
Issue gh-7680
Issue gh-7618
2020-03-03 16:24:43 -07:00
Josh Cummings 30adabb685
Simplify oauth2Login Test Support
Remove nameAttributeKey as this is easily done by constructing
a DefaultOAuth2User instance.

Issue gh-7789
Issue gh-7828
2020-03-03 15:48:04 -07:00
Josh Cummings bd593a3431
Add Opaque Token WebTestClient Support
Fixes gh-7827
2020-02-27 11:29:55 -07:00
Josh Cummings ffb5a3a0d4
Add oauth2Client WebTestClient Support
Fixes gh-7910
2020-02-05 15:33:57 -07:00
Eleftheria Stein 84b8a5abd7 Unlock dependencies for next development version
This reverts commit 064616f1ef.
2020-02-05 15:53:04 +01:00
Eleftheria Stein 064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Josh Cummings c367378421
Add OAuth2Client MockMvc Test Support
Fixes gh-7886
2020-02-03 15:59:58 -07:00
Josh Cummings 982f3f902c
Add oauth2Login Reactive Test Support
Fixes gh-7828
2020-01-13 17:49:52 -07:00
Josh Cummings 8f1d0cf528
opaqueToken MockMvc Configuration Order
Fixes gh-7800
2020-01-10 16:47:31 -07:00
Eleftheria Stein fcc6457bef Unlock dependencies for next development version
This reverts commit 93acf8f0f1.
2020-01-08 22:15:17 +01:00
Eleftheria Stein 93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Josh Cummings 09810b8df9
oidcLogin Test Configuration Flow
Fixes gh-7794
2020-01-07 17:37:48 -07:00
Josh Cummings 84ba3ddf26
Add oauth2Login MockMvc Support
Fixes gh-7789
2020-01-07 14:09:36 -07:00
Josh Cummings e1fdb24b5d
Add opaqueToken MockMvc Test Support
Fixes gh-7712
2019-12-20 15:34:11 -07:00
Josh Cummings d102cae243
oidcLogin MockMvc Documentation
Remove documentation requiring a valid ClientRegistrationRepository

Issue: gh-7618
2019-12-02 22:49:17 -07:00
Josh Cummings 8c32d5fe48
Add oidcLogin WebFlux Test Support
Fixes: gh-7680
2019-12-02 22:28:24 -07:00
Josh Cummings b35e18ff31
Add oidcLogin MockMvc Test Support
Fixes gh-7618
2019-11-26 16:12:06 -07:00
Josh Cummings 7cbd1665a6
Isolate Jwt Test Support
Isolating Jwt test support inside JwtRequestPostProcessor and
JwtMutator.

Fixes gh-7641
2019-11-22 15:07:05 -07:00
Drummond Dawson 4f82be7e68 Support URI vars in formLogin and logout MockMvc requests 2019-11-05 09:46:50 +01:00
Rob Winch 00f8991fac Merge Remove Redudant Throws
Fixes gh-7301
2019-09-19 11:04:53 -05:00
Josh Cummings 05caf3d8fb
Use Jwt.Builder
Fixes gh-7443
2019-09-16 14:00:25 -06:00
Josh Cummings b55b2914c2 Mock Jwt Disables CSRF
Fixes gh-7170
2019-09-13 19:04:05 +01:00
Lars Grefer 95511331fa fix checkstyle 2019-08-26 22:42:26 +02:00
Lars Grefer 34dd5fea30 Remove redundant throws clauses
Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.
2019-08-23 01:03:54 +02:00
Rob Winch 9d63c36f93 Fix JDK 10+
Issue gh-7265
2019-08-16 11:13:11 -05:00
Rob Winch 0c6bff4afb SecurityMockMvcConfigurer Honors Filter Order
Fixes gh-7265
2019-08-16 09:24:33 -05:00
Rob Winch c1db1aad91
Cleanup Code Style Issues
Cleanup Code Style Issues
2019-08-12 13:06:49 -05:00
Lars Grefer ff1070df36 remove redundant modifiers found by checkstyle 2019-08-10 00:18:56 +02:00
Lars Grefer 38de737663 Java 8: Statement lambda can be replaced with expression lambda 2019-08-09 16:59:07 -05:00