Commit Graph

307 Commits

Author SHA1 Message Date
Rob Winch 03f2d654ad Fix WebTestClient Support
Fixes gh-4419
2017-07-13 21:02:07 -05:00
Rob Winch 915de03f42 Polish ExchangeMutatorWebFilter Support
Issue gh-4343
2017-05-31 13:23:55 -05:00
Rob Winch 7bc98db23c Add WebTestClient test support
SecurityExchangeMutators

Fixes gh-4343
2017-05-19 15:09:23 -05:00
Rob Winch e631805635 Remove RedirectMatcher
This is no longer necessary now that Spring 5 is the minimum version.

Fixes gh-4092
2017-05-11 14:38:18 -05:00
Rob Winch d81b436e5d Remove pom.xml from build
Gradle is easy enough to import into IDEs, so pom.xml should no
longer be necessary.

This commit removes the pom.xml files from the build.

Fixes gh-4283
2017-05-11 14:32:36 -05:00
Vedran Pavic 85719fcd64 Use Base64 implementation provided by Java 8 2017-05-10 00:27:36 -05:00
Rob Winch dd6fc48dd8 Standardize Build
The build now uses spring build conventions to simplify the build

Fixes gh-4284
2017-04-21 10:55:05 -05:00
Joe Grandja 2ce174dbf0 Update poms to 5.0.0.BUILD-SNAPSHOT 2017-04-07 16:49:50 -04:00
Rob Winch d2524eadfc Update poms to new to SNAPSHOT version 2017-03-02 09:20:34 -06:00
Spring Buildmaster 081f0c4d94 Release version 4.2.2.RELEASE 2017-03-02 07:29:42 +00:00
Rob Winch 9c03571bbb Use message in all Assert
This ensures compatibility with Spring 5.

Fixes gh-4193
2017-01-30 19:58:24 -06:00
Spring Buildmaster 7a7ce11ebb Release version 4.2.1.RELEASE 2016-12-21 17:23:28 +00:00
Spring Buildmaster 24fcb6c45a Release version 4.2.0.RELEASE 2016-11-09 23:42:11 +00:00
Spring Buildmaster 97b4cb0b73 Release version 4.2.0.RC1 2016-10-26 02:49:23 +00:00
Rob Winch 6a3a5f7beb Polish Deprecations
Issue gh-4080
2016-10-17 17:02:59 -05:00
Rob Winch 52c6e3cf89 Create RedirectMatcher
This commit creates RedirectMatcher for binary backward compatability with
Spring 4.3.x and Spring 5 to ensure that the Spring IO tests pass.

Issue gh-4080
2016-10-17 17:02:58 -05:00
Rob Winch 17cfd4707b Fix deprecations
Issue gh-4080
2016-10-17 17:00:18 -05:00
Rob Winch 8a7ac398e6 Remove TheController from Bean
It is already picked up with classpath scanning

Issue gh-4080
2016-10-17 17:00:17 -05:00
Spring Buildmaster c1b8150439 Release version 4.2.0.M1 2016-09-23 19:39:33 +00:00
Rob Winch 4d02a5c0a0 Update pom.xml dependencies 2016-08-30 11:27:29 -05:00
Rob Winch 050198e51b Fix csrf() when used then not used
Previously if csrf() was used and subsequently not used, the
TestCsrfTokenRepository was still used. This makes it difficult to test
the actual CsrfTokenRepository implementation.

Now the TestCsrfTokenRepository is only used if explicitly enabled.

Fixes gh-4016
2016-08-09 17:09:16 -04:00
Spring Buildmaster 919f000c80 Release version 4.1.1.RELEASE 2016-07-07 00:57:35 +00:00
Rob Winch 8ad91ef6a5 WithSecurityContextTestExecutionListener > SqlScriptsTestExecutionListener
WithSecurityContextTestExecutionListener should order after
SqlScriptsTestExecutionListener so sql can setup the current user's info
in the database.

Fixes gh-3962
2016-07-06 16:09:17 -05:00
Rob Winch bbeb7f94d7 Fix checkstyle
Issue gh-3920
2016-06-20 19:36:51 -05:00
Rob Winch a2a06d19c1 Add formLogin() Accept Test
Issue gh-3920
2016-06-20 16:23:29 -05:00
Micah Silverman 314828859e Added accept method call to buildRequest in SecurityMockMvcRequestBuilders with default of MediaType.APPLICATION_FORM_URLENCODED 2016-06-20 15:46:01 -05:00
Eddú Meléndez a2ead4cf7a Polish
Fixes gh-3892
2016-06-20 12:35:43 -05:00
Rob Winch 2d6051625f Update pom.xml 2016-06-17 14:30:11 -05:00
Rob Winch 101190ad8b Format WithSecurityContextTestExecutionListener 2016-05-20 10:46:26 -05:00
Rob Winch 336de35874 Polish WithSecurityContextTestExecutionListener
Extract method for reuse

SecurityContext createSecurityContext(AnnotatedElement annotated,
    WithSecurityContext withSecurityContext,
    TestContext context)

Issue gh-3888
2016-05-20 10:46:26 -05:00
Eddú Meléndez a53d022312 Support WithSecurityContextFactory on superclass
Fixes gh-3888
2016-05-20 10:46:14 -05:00
Rob Winch 7b61a44929 Fix test .standaloneSetup
Previously, Spring Security's test support did not work well with the
standalone setup. This was because the springSecurityFilterChain was not
found by the WebTestUtils.

This commit ensures that the springSecurityFilterChain is added as a
servlet attribute if it is explicitly defined. WebTestUtils can then
find the springSecurityFilterChain in the ServletContext.

Fixes gh-3881
2016-05-16 11:02:40 -04:00
Rob Winch 602bb457b8 Formatting
Issue gh-3881
2016-05-16 11:02:40 -04:00
Spring Buildmaster 001b05569a Release version 4.1.0.RELEASE 2016-05-05 04:25:46 +00:00
Rob Winch 78bf6e2bd5 WithSecurityContextTestExecutionListener supports generic Annotation
Previously Spring Security's WithSecurityContextTestExecutionListener
allowed a WithSecurityContextFactory<Annotation> to be used. This
was broken in SEC-3074.

This commit ensures that WithSecurityContextFactory<Annotation> is
supported again.

Fixes gh-3837
2016-05-03 15:41:25 -04:00
Jens Goldhammer ceef70946b Resolve springSecurityFilterChain to Filter
When enabling debug for spring security, the FilterChainProxy will be wrapped by the DebugFilter.
This DebugFilter will be registered as bean springSecurityFilterChain. The WebTestUtils will now search for the bean by name instead of FilterChainProxy class.
In this case we have to cast to a Java ServletFilter to support both filter...

Fixes gh-3836
2016-04-26 15:53:38 -04:00
Spring Buildmaster 24d0069668 Release version 4.1.0.RC2 2016-04-21 01:47:25 +00:00
Rob Winch b2b53f7a81 Fix unauthenitcated() and AnonymousAuthenticationToken
Previously if unauthenticated() experienced an AnonymousAuthenticationToken
it would not match.

This commit ensures that if the user is anonymous (not just null)
unauthenticated() works.

Fixes gh-3409
2016-04-19 15:08:47 -05:00
Rob Winch 8a28a27225 Formatting Polish 2016-04-19 14:24:11 -05:00
Rob Winch d3a9cc6eae Add CsrfTokenRepository (#3805)
* Create LazyCsrfTokenRepository

Fixes gh-3790

* Add CookieCsrfTokenRepository

Fixes gh-3009
2016-04-12 17:26:53 -04:00
Joe Grandja b90242f2fa Updates all POM versions to 4.1.0 snapshot build.
Fixes gh-3804
2016-04-12 10:35:43 -04:00
Eddú Meléndez Gonzales a5a5d9a1a9 Add support to subclass of GrantedAuthority in SecurityMockMvcResultMatchers withAuthorities (#3793)
SecurityMockMvcResultMatchers.withAuthorities(Collection<? extends GrantedAuthority>)

Fixes gh-3791
2016-04-08 08:55:53 -05:00
Rob Winch 8abb882927 Rename poorly named withUser variable
WithSecurityContextTestExecutionListener used the variable name withUser
in mulitple places when it should have been named withSecurityContext.

This commit renames the variables to withSecurityContext.

Fixes gh-3775
2016-04-01 10:27:14 -05:00
Spring Buildmaster 044acf7e27 Release version 4.1.0.RC1 2016-03-23 07:15:15 -07:00
Rob Winch ec4e6c7453 Update pom.xml to 4.1.0.BUILD-SNAPSHOT 2016-03-14 00:51:35 -05:00
Rob Winch f221920a19 Clean up code to conform to basic checkstyle
Issue gh-3746
2016-03-14 00:15:12 -05:00
Rob Winch df5e3ba6ee Polish Imports 2016-03-09 16:24:50 -06:00
Rob Winch 835ac0a217 Add @WithUserDetails userDetailsServiceBeanName
Fixes gh-3346
2016-03-09 15:59:23 -06:00
Rob Winch 618b8a2d83 Fix WebTestUtils when no matching HttpSecurity found
Previously a NullPointerException would be thrown if no HttpSecurity
matched on the request passed in. This was because findFilters would
return null rather than an empty List.

This commit returns null if findFilters gets a null result.

Fixes gh-3343
2016-03-09 15:20:10 -06:00
Billy Korando 71d4ce96ad Convert to assertj
Fixes gh-3175
2016-03-09 14:30:17 -06:00
Rob Winch bb600a473e Start AssertJ Migration
Issue gh-3175
2016-03-09 14:26:30 -06:00
Rob Winch dd092431a0 SEC-2941: Default RequestPostProcessor overrides
Previously a default RequestPostProcessor overrode additional
RequestPostProcessor instances added to the request. This was due to
SPR-12945. Now that SPR-12945 is fixed, this commit adds a test to
ensure this stays fixed.
2015-10-21 16:06:49 -05:00
zhanhb 29f2cc0ab1 snasphot -> snapshot 2015-09-25 15:28:39 -05:00
Rob Winch 81e2778106 SEC-3097: Change CsrfRequestPostProcessor to use TestCsrfTokenRepository
This ensures that when using a wrapped HttpServletRequest (i.e. Spring
Session) that the CSRF token test support still works.
2015-09-02 00:21:40 -05:00
Rob Winch ea94706319 SEC-3097: Use MockMvc for SecurityMockMVcRequestPostProcessorsCsrfTests
This is necessary because the changes for this issue are going to make
the mocked version of the tests invalid.
2015-09-02 00:21:39 -05:00
Rob Winch 35393098f8 SEC-3094: Add @WithAnonymousUser & anonymous() MockMvcRequestPostProcessor 2015-08-27 15:17:44 -05:00
Rob Winch 5f328b1178 SEC-2709: Fix WithSecurityContextTestExecutionListener Order 2015-08-20 10:41:09 -05:00
Rob Winch 327695ab0c SEC-3084: Doc SecurityContextRequestPostProcessorSupport & SecurityContextHolder 2015-08-20 09:30:24 -05:00
Rob Winch 567c51e109 SEC-3074: Add Test Meta Annotation Support 2015-08-19 16:05:54 -05:00
Rob Winch 969f3a7d1b Update pom.xml to latest snapshots 2015-08-03 09:46:01 -05:00
Thomas Darimont ad1d858e2b SEC-3056 - Fix JavaDoc errors.
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
2015-08-03 08:02:24 -05:00
Rob Winch e8c9f75f9c Update pom.xml to latest versions 2015-07-22 12:51:04 -05:00
Rob Winch bc53945d89 Remove unused import in WithSecurityContextTestExecutionListenerTests 2015-07-22 12:44:34 -05:00
Rob Winch 2d448658cd SEC-3042: Add SecurityTestExecutionListeners 2015-07-16 13:51:37 -05:00
Rob Winch 4cafd575c0 SEC-3041: Fix WithSecurityContextTestExecutionListener w/ no ApplicationContext 2015-07-16 13:13:46 -05:00
Rob Winch e4517016ca SEC-2984: Add @WithMockUser authorities property 2015-07-16 08:41:40 -05:00
Rob Winch 1bca645add SEC-2935: Multiple MockMvc invocations proper SecurityContext setup
Previously if a MockMvc instance was setup with a user and then again with
no user, then the original user would be setup.

This commit ensures that if a user is setup and then no user is setup no
user is used.
2015-04-22 16:12:18 -05:00
Rob Winch d5dfeeca49 SEC-2927: Update chat-jc pom so Maven Builds
Previously there were some incorrect dependency versions. This commit fixes
that.

We added dependencyManagement for Spring Framework and corrected
Thymeleaf and embedded redis versions.
2015-04-20 15:53:26 -05:00
Rob Winch db531d9100 SEC-2917: Update to Spring 4.1.6 2015-03-25 15:18:59 -05:00
Rob Winch ae6af5d73c SEC-2915: Updated Java Code Formatting 2015-03-25 13:09:18 -05:00
Rob Winch 0a2e496a84 SEC-2915: groovy/gradle spaces->tabs 2015-03-25 13:08:59 -05:00
Rob Winch cf9f58a4ac SEC-2915: XML spaces->tabs 2015-03-25 13:08:52 -05:00
Rob Winch 706e7fd7a2 SEC-2863: Update to Spring 4.1.5 2015-02-20 11:43:04 -06:00
Rob Winch 9c5cb2f438 SEC-2593: Add additional test 2015-02-05 10:58:49 -06:00
Rob Winch 8f0001f59a Next Development Version 2014-12-11 20:39:26 -06:00
Spring Buildmaster 49b69196de Release version 4.0.0.RC1 2014-12-11 20:36:55 -06:00
Rob Winch 1677836d53 SEC-2790: Deprecate @EnableWebMvcConfig 2014-12-10 21:10:27 -06:00
Rob Winch 3171cc4364 SEC-2788: Add @Configuration as meta annotation to @Enable* annotations 2014-12-10 21:10:15 -06:00
Rob Winch 11116c2b80 SEC-2787: Update Versions 2014-12-10 16:37:19 -06:00
Rob Winch c67ff42b8a SEC-2783: XML Configuration Defaults Should Match JavaConfig
* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
2014-12-08 15:09:15 -06:00
Rob Winch b56e5edbbd SEC-2784: Fix build plugins 2014-12-08 14:24:34 -06:00
Rob Winch dfa17bdb98 SEC-2747: Remove spring-core dependency from spring-security-crypto 2014-11-20 16:16:22 -06:00
Rob Winch 5ba8f000a7 SEC-2714: Add AuthenticationPrincipal resolver for messaging support 2014-09-23 16:28:48 -05:00
Rob Winch d316f661e8 SEC-2719: Fix order sensitive authenticated().withRoles(..) 2014-09-16 10:54:50 -05:00
Rob Winch 02c3565e22 Fix compiling in Eclipse 2014-09-16 10:18:46 -05:00
Rob Winch 533b71b9b8 SEC-2688: Remove ORDER constant 2014-08-15 21:14:12 -05:00
Rob Winch 3187ee8bf3 SEC-2700: Register WithSecurityContextTestExecutionListener by default 2014-08-15 16:41:33 -05:00
Rob Winch b72c1ad314 SEC-2686: Create SecurityMockMvcConfigurer 2014-07-22 15:11:37 -05:00
Rob Winch 9654817fd8 SEC-2601: Add DigestRequestPostProcessor 2014-07-21 22:46:18 -05:00
Rob Winch c8348d60e1 SEC-2602: Add test support for x509 certificate 2014-07-21 15:09:30 -05:00
Rob Winch 906a0cb0e2 SEC-2684: Correct spelling of WithSecurityContextTestExecutionListener 2014-07-18 13:53:41 -05:00
Rob Winch e4fa42c399 SEC-2593: Add test for TestSecurityContext RPP in stateless mode 2014-06-13 15:28:06 -05:00
Rob Winch 7e3e821db1 SEC-2593: Support stateless mode in Spring Security Test 2014-06-13 15:22:06 -05:00
Rob Winch 6d45957eec SEC-2572: Add spring-security-test method showcase
This will allow for using the showcase in the documentation.
2014-05-07 10:45:52 -05:00
Rob Winch dabe3a03e7 SEC-2586: Create DefaultSecurityTestExecutionListeners 2014-05-07 10:44:05 -05:00
Rob Winch 00e1094178 Add springio-platform plugin 2014-04-23 14:35:22 -05:00
Rob Winch 8baf82532c SEC-2015: Add spring-security-test 2014-04-22 16:47:48 -05:00
Ben Alex b8b31d6f65 Tidy up Maven migration by eliminating unnecessary directories and having Eclipse classpath use MAVEN_REPO. 2004-12-05 07:21:30 +00:00
Ben Alex 2426bb9e8e Make JdbcDaoTests use in-memory database. 2004-07-29 03:32:23 +00:00
Colin Sampaleanu e2de3c9dbc Enhance AuthenticationProcessingFilterEntryPoint and related classes, to support a property forcing the login page to be access via https even if the original intercepted request came in as http. 2004-04-22 21:47:05 +00:00
Colin Sampaleanu 3ceb492cb2 move password encoder tests to proper packages.
rename saltSource param in PasswordEncoder interfce to salt. It was already called salt in subclasses, and is in fact supposed to be the salt, not the source for the salt, although depending on the implementation it may still be treated as the latter.
2004-04-17 02:18:46 +00:00
Colin Sampaleanu 3d089aaa67 move and rename password encoding classes.
change saltSource arument to salt argument, which impl may or may not use.
2004-04-16 03:44:04 +00:00
Colin Sampaleanu 5d9d734735 more final version of the various PasswordEncoder implementations.
add unit tests for PasswordEncoder implementations.
remove ignore password case and ignore username case flags and handling from DaoAuthenticationProvider.
remove requirement described in JavaDoc for AuthenticationDao that it ignore case when returning a user by username. Implementations may still do so if configured as such.
2004-04-15 16:32:09 +00:00
Colin Sampaleanu 41a837f8cd add back HSQL db in test dir, as it turns out _it is_ supposed to be in CVS
modify JdbcDaoTests to test for role prefix functionality
fix glitch in JdbcDaoImpl
modify Eclipse classpath so HSQL lib is loaded, so unit tests can run in Eclipse as well.
2004-04-15 03:34:18 +00:00
Colin Sampaleanu 547b1ff4e3 remove test data that somehow got checked into CVS 2004-04-14 03:39:30 +00:00
Colin Sampaleanu 6c26e79a0f change AuthenticationProcessingFilter and SecurityEnforcementFilter to use Spring's WebApplicationContextUtils by defualt to find their config context. 2004-04-09 02:44:17 +00:00
Ben Alex 0a17d65d37 Initial commit. 2004-03-29 02:49:51 +00:00