From 5b543f83ec17df710db1073f2dedabdc63d762a9 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Mon, 4 May 2009 02:25:49 +0000 Subject: [PATCH] Removed web dependency on core-tests --- .../access/vote/SampleServiceImpl.java | 24 ------- ...tributes2GrantedAuthoritiesMapperTest.java | 7 -- .../matcher/AuthenticationMatcher.java | 48 ------------- web/pom.xml | 7 -- .../AbstractProcessingFilterTests.java | 12 ++-- .../AuthenticationProcessingFilterTests.java | 48 ++++++++----- ...PreAuthenticatedProcessingFilterTests.java | 15 +++-- ...PreAuthenticatedProcessingFilterTests.java | 60 ++++++++++++----- ...PreAuthenticatedProcessingFilterTests.java | 23 +++++-- .../JdbcTokenRepositoryImplTests.java | 23 +++---- .../RememberMeProcessingFilterTests.java | 29 ++++---- .../www/BasicProcessingFilterTests.java | 67 +++++++------------ .../FilterSecurityInterceptorTests.java | 10 +-- .../WebInvocationPrivilegeEvaluatorTests.java | 4 +- .../src/test/resources/webxml/NoRoles.web.xml | 0 .../src/test/resources/webxml/Role1-4.web.xml | 0 16 files changed, 170 insertions(+), 207 deletions(-) delete mode 100644 core/src/test/java/org/springframework/security/matcher/AuthenticationMatcher.java rename {core => web}/src/test/resources/webxml/NoRoles.web.xml (100%) rename {core => web}/src/test/resources/webxml/Role1-4.web.xml (100%) diff --git a/core/src/test/java/org/springframework/security/access/vote/SampleServiceImpl.java b/core/src/test/java/org/springframework/security/access/vote/SampleServiceImpl.java index 3dc7680684..95291649f6 100644 --- a/core/src/test/java/org/springframework/security/access/vote/SampleServiceImpl.java +++ b/core/src/test/java/org/springframework/security/access/vote/SampleServiceImpl.java @@ -14,10 +14,6 @@ */ package org.springframework.security.access.vote; -import org.springframework.security.core.context.SecurityContextHolder; - -import org.apache.log4j.Logger; - import java.util.List; import java.util.Vector; @@ -29,32 +25,12 @@ import java.util.Vector; * @version $Id$ */ public class SampleServiceImpl implements SampleService { - //~ Instance fields ================================================================================================ - - Logger logger = Logger.getLogger(SampleServiceImpl.class); - //~ Methods ======================================================================================================== public void doSomethingOnThis(SampleBlockOfData block1, SampleBlockOfData block2) { - if (logger.isDebugEnabled()) { - logger.debug("You made it! Your context is " + SecurityContextHolder.getContext().getAuthentication()); - } - - if (logger.isDebugEnabled()) { - logger.debug("Block1 is " + block1); - } - - if (logger.isDebugEnabled()) { - logger.debug("Block2 is " + block2); - } } public List getTheSampleData() { - if (logger.isDebugEnabled()) { - logger.debug(SecurityContextHolder.getContext().getAuthentication().getName() - + " is requesting some sample data."); - } - List dataList = new Vector(); SampleBlockOfData block; diff --git a/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTest.java b/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTest.java index c20ba6ed3d..92d4fccf31 100755 --- a/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTest.java +++ b/core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTest.java @@ -8,8 +8,6 @@ import java.util.Collection; import java.util.HashMap; import java.util.List; -import org.apache.log4j.Level; -import org.apache.log4j.Logger; import org.junit.Test; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.GrantedAuthorityImpl; @@ -23,11 +21,6 @@ import org.springframework.security.core.authority.mapping.MapBasedAttributes2Gr @SuppressWarnings("unchecked") public class MapBasedAttributes2GrantedAuthoritiesMapperTest { - protected void setUp() throws Exception { - // Set Log4j loglevel to debug to include all logstatements in tests - Logger.getRootLogger().setLevel(Level.DEBUG); - } - @Test(expected=IllegalArgumentException.class) public void testAfterPropertiesSetNoMap() throws Exception { MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper(); diff --git a/core/src/test/java/org/springframework/security/matcher/AuthenticationMatcher.java b/core/src/test/java/org/springframework/security/matcher/AuthenticationMatcher.java deleted file mode 100644 index 93cfee28d1..0000000000 --- a/core/src/test/java/org/springframework/security/matcher/AuthenticationMatcher.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.springframework.security.matcher; - -import org.hamcrest.Description; -import org.hamcrest.Factory; -import org.hamcrest.Matcher; -import org.hamcrest.TypeSafeMatcher; -import org.springframework.security.core.Authentication; - -public class AuthenticationMatcher extends TypeSafeMatcher { - private String username; - private String password; - - @Override - public boolean matchesSafely(Authentication auth) { - if (!username.equals(auth.getName())) { - return false; - } - - if (password != null && !password.equals(auth.getCredentials())) { - return false; - } - - return true; - } - - public void describeTo(Description d) { - d.appendText("an authentication object with username = '" + username + "'"); - if (password != null) { - d.appendText(", password = '" + password + "'"); - } - } - - @Factory - public static Matcher anAuthenticationWithUsername(String name) { - AuthenticationMatcher matcher = new AuthenticationMatcher(); - matcher.username = name; - return matcher; - } - - @Factory - public static Matcher anAuthenticationWithUsernameAndPassword(String name, String password) { - AuthenticationMatcher matcher = new AuthenticationMatcher(); - matcher.username = name; - matcher.password = password; - return matcher; - - } -} diff --git a/web/pom.xml b/web/pom.xml index 7794d2b0a1..48ca1f6835 100644 --- a/web/pom.xml +++ b/web/pom.xml @@ -15,13 +15,6 @@ spring-security-core ${project.version} - - org.springframework.security - spring-security-core - ${project.version} - tests - true - org.springframework org.springframework.web diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractProcessingFilterTests.java index b6b23065bc..b1d3dceaff 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AbstractProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractProcessingFilterTests.java @@ -15,6 +15,8 @@ package org.springframework.security.web.authentication; +import static org.mockito.Mockito.*; + import java.io.IOException; import java.util.Properties; @@ -33,8 +35,8 @@ import junit.framework.TestCase; import org.springframework.mock.web.MockFilterConfig; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.MockAuthenticationManager; import org.springframework.security.authentication.AccountExpiredException; +import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; @@ -74,7 +76,7 @@ public class AbstractProcessingFilterTests extends TestCase { } private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request, - ServletResponse response, FilterChain filterChain) throws ServletException, IOException { + ServletResponse response, FilterChain filterChain) throws ServletException, IOException { filter.init(filterConfig); filter.doFilter(request, response, filterChain); filter.destroy(); @@ -190,7 +192,7 @@ public class AbstractProcessingFilterTests extends TestCase { public void testGettersSetters() throws Exception { AbstractProcessingFilter filter = new MockAbstractProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager()); + filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.setFilterProcessesUrl("/p"); filter.afterPropertiesSet(); @@ -239,7 +241,7 @@ public class AbstractProcessingFilterTests extends TestCase { filter.setFilterProcessesUrl("/j_mock_post"); filter.setAuthenticationSuccessHandler(successHandler); filter.setAuthenticationFailureHandler(failureHandler); - filter.setAuthenticationManager(new MockAuthenticationManager(true)); + filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.afterPropertiesSet(); // Test @@ -269,7 +271,7 @@ public class AbstractProcessingFilterTests extends TestCase { public void testStartupDetectsInvalidFilterProcessesUrl() throws Exception { AbstractProcessingFilter filter = new MockAbstractProcessingFilter(); filter.setAuthenticationFailureHandler(failureHandler); - filter.setAuthenticationManager(new MockAuthenticationManager()); + filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.setAuthenticationSuccessHandler(successHandler); filter.setFilterProcessesUrl(null); diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java index 84888315ce..64f3b3027e 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java @@ -15,17 +15,23 @@ package org.springframework.security.web.authentication; + +import static org.mockito.Matchers.any; +import static org.mockito.Mockito.*; + import javax.servlet.ServletException; import junit.framework.TestCase; import org.junit.Test; +import org.mockito.invocation.InvocationOnMock; +import org.mockito.stubbing.Answer; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.MockAuthenticationManager; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.web.authentication.AuthenticationProcessingFilter; /** @@ -45,7 +51,7 @@ public class AuthenticationProcessingFilterTests extends TestCase { AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); assertEquals("/j_spring_security_check", filter.getFilterProcessesUrl()); - filter.setAuthenticationManager(new MockAuthenticationManager(true)); + filter.setAuthenticationManager(createAuthenticationManager()); filter.init(null); Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); @@ -61,10 +67,8 @@ public class AuthenticationProcessingFilterTests extends TestCase { request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod"); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager(true)); - - Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); - assertTrue(result != null); + filter.setAuthenticationManager(createAuthenticationManager()); + assertNotNull(filter.attemptAuthentication(request, new MockHttpServletResponse())); } @Test @@ -73,16 +77,14 @@ public class AuthenticationProcessingFilterTests extends TestCase { request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala"); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager(true)); - - Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); - assertTrue(result != null); + filter.setAuthenticationManager(createAuthenticationManager()); + assertNotNull(filter.attemptAuthentication(request, new MockHttpServletResponse())); } @Test public void testUsingDifferentParameterNamesWorksAsExpected() throws ServletException { AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager(true)); + filter.setAuthenticationManager(createAuthenticationManager()); filter.setUsernameParameter("x"); filter.setPasswordParameter("y"); @@ -91,7 +93,7 @@ public class AuthenticationProcessingFilterTests extends TestCase { request.addParameter("y", "koala"); Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); - assertTrue(result != null); + assertNotNull(result); assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress()); } @@ -102,7 +104,7 @@ public class AuthenticationProcessingFilterTests extends TestCase { request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala"); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager(true)); + filter.setAuthenticationManager(createAuthenticationManager()); Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertEquals("rod", result.getName()); @@ -113,7 +115,9 @@ public class AuthenticationProcessingFilterTests extends TestCase { MockHttpServletRequest request = new MockHttpServletRequest("POST", "/"); request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod"); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager(false)); + AuthenticationManager am = mock(AuthenticationManager.class); + when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException("")); + filter.setAuthenticationManager(am); try { filter.attemptAuthentication(request, new MockHttpServletResponse()); @@ -135,10 +139,22 @@ public class AuthenticationProcessingFilterTests extends TestCase { AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); filter.setAllowSessionCreation(false); - filter.setAuthenticationManager(new MockAuthenticationManager(true)); + filter.setAuthenticationManager(createAuthenticationManager()); filter.attemptAuthentication(request, new MockHttpServletResponse()); assertNull(request.getSession(false)); } + + private AuthenticationManager createAuthenticationManager() { + AuthenticationManager am = mock(AuthenticationManager.class); + when(am.authenticate(any(Authentication.class))).thenAnswer(new Answer() { + public Authentication answer(InvocationOnMock invocation) throws Throwable { + return (Authentication) invocation.getArguments()[0]; + } + }); + + return am; + } + } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java index 7429edd0c2..d40b57c54b 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java @@ -1,7 +1,8 @@ package org.springframework.security.web.authentication.preauth; import static org.junit.Assert.assertNull; -import static org.mockito.Mockito.mock; +import static org.mockito.Matchers.any; +import static org.mockito.Mockito.*; import javax.servlet.FilterChain; import javax.servlet.http.HttpServletRequest; @@ -10,10 +11,10 @@ import org.junit.Before; import org.junit.Test; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.MockAuthenticationManager; +import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; public class AbstractPreAuthenticatedProcessingFilterTests { private AbstractPreAuthenticatedProcessingFilter filter; @@ -38,7 +39,9 @@ public class AbstractPreAuthenticatedProcessingFilterTests { @Test public void filterChainProceedsOnFailedAuthenticationByDefault() throws Exception { - filter.setAuthenticationManager(new MockAuthenticationManager(false)); + AuthenticationManager am = mock(AuthenticationManager.class); + when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException("")); + filter.setAuthenticationManager(am); filter.afterPropertiesSet(); filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class)); assertNull(SecurityContextHolder.getContext().getAuthentication()); @@ -47,8 +50,10 @@ public class AbstractPreAuthenticatedProcessingFilterTests { /* SEC-881 */ @Test(expected=BadCredentialsException.class) public void exceptionIsThrownOnFailedAuthenticationIfContinueFilterChainOnUnsuccessfulAuthenticationSetToFalse() throws Exception { + AuthenticationManager am = mock(AuthenticationManager.class); + when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException("")); filter.setContinueFilterChainOnUnsuccessfulAuthentication(false); - filter.setAuthenticationManager(new MockAuthenticationManager(false)); + filter.setAuthenticationManager(am); filter.afterPropertiesSet(); filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class)); assertNull(SecurityContextHolder.getContext().getAuthentication()); diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterTests.java index 4ff44184b5..e4d97b1b6a 100755 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterTests.java @@ -1,23 +1,33 @@ package org.springframework.security.web.authentication.preauth; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.MockAuthenticationManager; -import org.springframework.security.web.FilterChainOrder; -import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; +import static org.junit.Assert.*; +import static org.mockito.Matchers.any; +import static org.mockito.Mockito.*; import javax.servlet.http.HttpServletRequest; -import junit.framework.TestCase; - +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.mockito.invocation.InvocationOnMock; +import org.mockito.stubbing.Answer; import org.springframework.mock.web.MockFilterChain; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.web.FilterChainOrder; -public class PreAuthenticatedProcessingFilterTests extends TestCase { - protected void setUp() throws Exception { +public class PreAuthenticatedProcessingFilterTests { + @After + @Before + public void setUp() throws Exception { SecurityContextHolder.clearContext(); } - + + @Test public void testAfterPropertiesSet() { ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); try { @@ -29,29 +39,43 @@ public class PreAuthenticatedProcessingFilterTests extends TestCase { } } - public final void testDoFilterAuthenticated() throws Exception { + @Test + public void testDoFilterAuthenticated() throws Exception { testDoFilter(true); } - public final void testDoFilterUnauthenticated() throws Exception { + @Test + public void testDoFilterUnauthenticated() throws Exception { testDoFilter(false); } - - private final void testDoFilter(boolean grantAccess) throws Exception { + + private void testDoFilter(boolean grantAccess) throws Exception { MockHttpServletRequest req = new MockHttpServletRequest(); MockHttpServletResponse res = new MockHttpServletResponse(); getFilter(grantAccess).doFilter(req,res,new MockFilterChain()); assertEquals(grantAccess,null!= SecurityContextHolder.getContext().getAuthentication()); } - - private static final ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception { + + private static ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception { ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager(grantAccess)); + AuthenticationManager am = mock(AuthenticationManager.class); + + if (!grantAccess) { + when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException("")); + } else { + when(am.authenticate(any(Authentication.class))).thenAnswer(new Answer() { + public Authentication answer(InvocationOnMock invocation) throws Throwable { + return (Authentication) invocation.getArguments()[0]; + } + }); + } + + filter.setAuthenticationManager(am); filter.afterPropertiesSet(); return filter; } - - private static final class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter { + + private static class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter { protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) { return "testPrincipal"; } diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderPreAuthenticatedProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderPreAuthenticatedProcessingFilterTests.java index 1c3e5ce70f..8598de62f6 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderPreAuthenticatedProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderPreAuthenticatedProcessingFilterTests.java @@ -1,14 +1,19 @@ package org.springframework.security.web.authentication.preauth.header; import static org.junit.Assert.*; +import static org.mockito.Matchers.any; +import static org.mockito.Mockito.*; import org.junit.After; import org.junit.Before; import org.junit.Test; +import org.mockito.invocation.InvocationOnMock; +import org.mockito.stubbing.Answer; import org.springframework.mock.web.MockFilterChain; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.MockAuthenticationManager; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException; import org.springframework.security.web.authentication.preauth.RequestHeaderPreAuthenticatedProcessingFilter; @@ -44,7 +49,7 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager()); + filter.setAuthenticationManager(createAuthenticationManager()); filter.doFilter(request, response, chain); assertNotNull(SecurityContextHolder.getContext().getAuthentication()); @@ -59,7 +64,7 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager()); + filter.setAuthenticationManager(createAuthenticationManager()); filter.setPrincipalRequestHeader("myUsernameHeader"); filter.doFilter(request, response, chain); @@ -73,7 +78,7 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests { MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain chain = new MockFilterChain(); RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager()); + filter.setAuthenticationManager(createAuthenticationManager()); filter.setCredentialsRequestHeader("myCredentialsHeader"); request.addHeader("SM_USER", "cat"); request.addHeader("myCredentialsHeader", "catspassword"); @@ -83,4 +88,14 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests { assertEquals("catspassword", SecurityContextHolder.getContext().getAuthentication().getCredentials()); } + private AuthenticationManager createAuthenticationManager() { + AuthenticationManager am = mock(AuthenticationManager.class); + when(am.authenticate(any(Authentication.class))).thenAnswer(new Answer() { + public Authentication answer(InvocationOnMock invocation) throws Throwable { + return (Authentication) invocation.getArguments()[0]; + } + }); + + return am; + } } diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java index 66e9c42475..9a4a6aa5fc 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java @@ -1,35 +1,34 @@ package org.springframework.security.web.authentication.rememberme; -import org.springframework.security.TestDataSource; -import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl; -import org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken; -import org.springframework.jdbc.core.JdbcTemplate; - -import org.junit.After; -import org.junit.AfterClass; import static org.junit.Assert.*; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; import java.sql.Timestamp; import java.util.Date; import java.util.List; import java.util.Map; +import org.junit.After; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.springframework.jdbc.core.JdbcTemplate; +import org.springframework.jdbc.datasource.SingleConnectionDataSource; + /** * @author Luke Taylor * @version $Id$ */ @SuppressWarnings("unchecked") public class JdbcTokenRepositoryImplTests { - private static TestDataSource dataSource; + private static SingleConnectionDataSource dataSource; private JdbcTokenRepositoryImpl repo; private JdbcTemplate template; @BeforeClass public static void createDataSource() { - dataSource = new TestDataSource("tokenrepotest"); + dataSource = new SingleConnectionDataSource("jdbc:hsqldb:mem:tokenrepotest", "sa", "", true); + dataSource.setDriverClassName("org.hsqldb.jdbcDriver"); } @AfterClass diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilterTests.java index af220f1ffd..c71dbf4c61 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilterTests.java @@ -15,6 +15,9 @@ package org.springframework.security.web.authentication.rememberme; +import static org.mockito.Matchers.any; +import static org.mockito.Mockito.*; + import java.io.IOException; import javax.servlet.Filter; @@ -28,19 +31,18 @@ import javax.servlet.http.HttpServletResponse; import junit.framework.TestCase; +import org.springframework.context.ApplicationEventPublisher; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.MockApplicationEventPublisher; -import org.springframework.security.MockAuthenticationManager; import org.springframework.security.MockFilterConfig; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.NullRememberMeServices; import org.springframework.security.web.authentication.RememberMeServices; -import org.springframework.security.web.authentication.rememberme.RememberMeProcessingFilter; -import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices; /** @@ -74,11 +76,10 @@ public class RememberMeProcessingFilterTests extends TestCase { public void testDetectsAuthenticationManagerProperty() throws Exception { RememberMeProcessingFilter filter = new RememberMeProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager()); + filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.setRememberMeServices(new NullRememberMeServices()); filter.afterPropertiesSet(); - assertTrue(true); filter.setAuthenticationManager(null); @@ -92,7 +93,7 @@ public class RememberMeProcessingFilterTests extends TestCase { public void testDetectsRememberMeServicesProperty() throws Exception { RememberMeProcessingFilter filter = new RememberMeProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager()); + filter.setAuthenticationManager(mock(AuthenticationManager.class)); // check default is NullRememberMeServices // assertEquals(NullRememberMeServices.class, filter.getRememberMeServices().getClass()); @@ -119,7 +120,7 @@ public class RememberMeProcessingFilterTests extends TestCase { // Setup our filter correctly RememberMeProcessingFilter filter = new RememberMeProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager()); + filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.setRememberMeServices(new MockRememberMeServices(remembered)); filter.afterPropertiesSet(); @@ -136,7 +137,9 @@ public class RememberMeProcessingFilterTests extends TestCase { public void testOperationWhenNoAuthenticationInContextHolder() throws Exception { RememberMeProcessingFilter filter = new RememberMeProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager()); + AuthenticationManager am = mock(AuthenticationManager.class); + when(am.authenticate(remembered)).thenReturn(remembered); + filter.setAuthenticationManager(am); filter.setRememberMeServices(new MockRememberMeServices(remembered)); filter.afterPropertiesSet(); @@ -149,7 +152,7 @@ public class RememberMeProcessingFilterTests extends TestCase { assertEquals(remembered, SecurityContextHolder.getContext().getAuthentication()); } - public void testOnunsuccessfulLoginIsCalledWhenProviderRejectsAuth() throws Exception { + public void testOnUnsuccessfulLoginIsCalledWhenProviderRejectsAuth() throws Exception { final Authentication failedAuth = new TestingAuthenticationToken("failed", ""); RememberMeProcessingFilter filter = new RememberMeProcessingFilter() { @@ -158,9 +161,11 @@ public class RememberMeProcessingFilterTests extends TestCase { SecurityContextHolder.getContext().setAuthentication(failedAuth); } }; - filter.setAuthenticationManager(new MockAuthenticationManager(false)); + AuthenticationManager am = mock(AuthenticationManager.class); + when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException("")); + filter.setAuthenticationManager(am); filter.setRememberMeServices(new MockRememberMeServices(remembered)); - filter.setApplicationEventPublisher(new MockApplicationEventPublisher()); + filter.setApplicationEventPublisher(mock(ApplicationEventPublisher.class)); filter.afterPropertiesSet(); MockHttpServletRequest request = new MockHttpServletRequest(); diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicProcessingFilterTests.java index 60c22cad0d..88072bdead 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicProcessingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicProcessingFilterTests.java @@ -15,13 +15,10 @@ package org.springframework.security.web.authentication.www; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; -import static org.springframework.security.matcher.AuthenticationMatcher.anAuthenticationWithUsernameAndPassword; +import static org.junit.Assert.*; +import static org.mockito.AdditionalMatchers.not; +import static org.mockito.Matchers.*; +import static org.mockito.Mockito.*; import java.io.IOException; @@ -29,11 +26,9 @@ import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import org.apache.commons.codec.binary.Base64; -import org.jmock.Expectations; -import org.jmock.Mockery; -import org.jmock.integration.junit4.JUnit4Mockery; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -41,7 +36,6 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpSession; import org.springframework.security.MockAuthenticationEntryPoint; -import org.springframework.security.MockAuthenticationManager; import org.springframework.security.MockFilterConfig; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.BadCredentialsException; @@ -49,8 +43,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio import org.springframework.security.core.Authentication; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.authentication.www.BasicProcessingFilter; -import org.springframework.security.web.authentication.www.BasicProcessingFilterEntryPoint; +import org.springframework.security.web.authentication.WebAuthenticationDetails; /** @@ -63,7 +56,8 @@ public class BasicProcessingFilterTests { //~ Instance fields ================================================================================================ private BasicProcessingFilter filter; - private Mockery jmock = new JUnit4Mockery(); + private AuthenticationManager manager; +// private Mockery jmock = new JUnit4Mockery(); //~ Methods ======================================================================================================== @@ -72,32 +66,26 @@ public class BasicProcessingFilterTests { filter.init(new MockFilterConfig()); final MockHttpServletResponse response = new MockHttpServletResponse(); - Mockery jmockContext = new JUnit4Mockery(); - - final FilterChain chain = jmockContext.mock(FilterChain.class); - jmockContext.checking(new Expectations() {{ - exactly(expectChainToProceed ? 1 : 0).of(chain).doFilter(request, response); - }}); + FilterChain chain = mock(FilterChain.class); filter.doFilter(request, response, chain); filter.destroy(); - jmockContext.assertIsSatisfied(); + + verify(chain, expectChainToProceed ? times(1) : never()).doFilter(any(ServletRequest.class), any(ServletResponse.class)); return response; } @Before public void setUp() throws Exception { SecurityContextHolder.clearContext(); - - final AuthenticationManager manager = jmock.mock(AuthenticationManager.class); - final Authentication rod = + UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "koala"); + rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); + Authentication rod = new UsernamePasswordAuthenticationToken("rod", "koala", AuthorityUtils.createAuthorityList("ROLE_1")); - jmock.checking(new Expectations() {{ - allowing(manager).authenticate(with(anAuthenticationWithUsernameAndPassword("rod", "koala"))); - will(returnValue(rod)); - allowing(manager).authenticate(with(any(Authentication.class))); - will(throwException(new BadCredentialsException(""))); - }}); + + manager = mock(AuthenticationManager.class); + when(manager.authenticate(rodRequest)).thenReturn(rod); + when(manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException("")); filter = new BasicProcessingFilter(); filter.setAuthenticationManager(manager); @@ -124,7 +112,7 @@ public class BasicProcessingFilterTests { @Test public void testGettersSetters() { BasicProcessingFilter filter = new BasicProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager()); + filter.setAuthenticationManager(manager); assertTrue(filter.getAuthenticationManager() != null); filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("sx")); @@ -153,7 +141,7 @@ public class BasicProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); - request.setSession(new MockHttpSession()); +// request.setSession(new MockHttpSession()); // Test assertNull(SecurityContextHolder.getContext().getAuthentication()); @@ -177,16 +165,11 @@ public class BasicProcessingFilterTests { assertNull(SecurityContextHolder.getContext().getAuthentication()); } - @Test + @Test(expected=IllegalArgumentException.class) public void testStartupDetectsMissingAuthenticationEntryPoint() throws Exception { - try { - BasicProcessingFilter filter = new BasicProcessingFilter(); - filter.setAuthenticationManager(new MockAuthenticationManager()); - filter.afterPropertiesSet(); - fail("Should have thrown IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertEquals("An AuthenticationEntryPoint is required", expected.getMessage()); - } + BasicProcessingFilter filter = new BasicProcessingFilter(); + filter.setAuthenticationManager(manager); + filter.afterPropertiesSet(); } @Test(expected=IllegalArgumentException.class) @@ -203,7 +186,6 @@ public class BasicProcessingFilterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); - request.setSession(new MockHttpSession()); // Test executeFilterInContainerSimulator(filter, request, true); @@ -217,7 +199,6 @@ public class BasicProcessingFilterTests { request = new MockHttpServletRequest(); request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes()))); request.setServletPath("/some_file.html"); - request.setSession(new MockHttpSession()); // Test - the filter chain will not be invoked, as we get a 403 forbidden response MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false); diff --git a/web/src/test/java/org/springframework/security/web/intercept/FilterSecurityInterceptorTests.java b/web/src/test/java/org/springframework/security/web/intercept/FilterSecurityInterceptorTests.java index e5fb7f5b9d..2951e347df 100644 --- a/web/src/test/java/org/springframework/security/web/intercept/FilterSecurityInterceptorTests.java +++ b/web/src/test/java/org/springframework/security/web/intercept/FilterSecurityInterceptorTests.java @@ -25,20 +25,19 @@ import org.jmock.integration.junit4.JUnit4Mockery; import org.junit.After; import org.junit.Before; import org.junit.Test; +import org.springframework.context.ApplicationEventPublisher; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.MockApplicationEventPublisher; import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityConfig; +import org.springframework.security.access.event.AuthorizedEvent; import org.springframework.security.access.intercept.RunAsManager; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.FilterInvocation; -import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource; -import org.springframework.security.web.intercept.FilterSecurityInterceptor; /** @@ -54,6 +53,7 @@ public class FilterSecurityInterceptorTests { private FilterInvocationSecurityMetadataSource ods; private RunAsManager ram; private FilterSecurityInterceptor interceptor; + private ApplicationEventPublisher publisher; //~ Methods ======================================================================================================== @@ -65,11 +65,12 @@ public class FilterSecurityInterceptorTests { ods = jmock.mock(FilterInvocationSecurityMetadataSource.class); adm = jmock.mock(AccessDecisionManager.class); ram = jmock.mock(RunAsManager.class); + publisher = jmock.mock(ApplicationEventPublisher.class); interceptor.setAuthenticationManager(am); interceptor.setSecurityMetadataSource(ods); interceptor.setAccessDecisionManager(adm); interceptor.setRunAsManager(ram); - interceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true)); + interceptor.setApplicationEventPublisher(publisher); SecurityContextHolder.clearContext(); } @@ -121,6 +122,7 @@ public class FilterSecurityInterceptorTests { oneOf(adm).decide(token, fi, attributes); // Setup our expectation that the filter chain will be invoked, as access is granted oneOf(chain).doFilter(request, response); + oneOf(publisher).publishEvent(with(aNonNull(AuthorizedEvent.class))); }}); interceptor.invoke(fi); diff --git a/web/src/test/java/org/springframework/security/web/intercept/WebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/intercept/WebInvocationPrivilegeEvaluatorTests.java index 0d5b9a0a6b..ba7dd98a11 100644 --- a/web/src/test/java/org/springframework/security/web/intercept/WebInvocationPrivilegeEvaluatorTests.java +++ b/web/src/test/java/org/springframework/security/web/intercept/WebInvocationPrivilegeEvaluatorTests.java @@ -24,7 +24,7 @@ import javax.servlet.http.HttpServletResponse; import org.junit.Before; import org.junit.Test; -import org.springframework.security.MockApplicationEventPublisher; +import org.springframework.context.ApplicationEventPublisher; import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.intercept.RunAsManager; @@ -58,7 +58,7 @@ public class WebInvocationPrivilegeEvaluatorTests { interceptor.setSecurityMetadataSource(ods); interceptor.setAccessDecisionManager(adm); interceptor.setRunAsManager(ram); - interceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true)); + interceptor.setApplicationEventPublisher(mock(ApplicationEventPublisher.class)); SecurityContextHolder.clearContext(); } diff --git a/core/src/test/resources/webxml/NoRoles.web.xml b/web/src/test/resources/webxml/NoRoles.web.xml similarity index 100% rename from core/src/test/resources/webxml/NoRoles.web.xml rename to web/src/test/resources/webxml/NoRoles.web.xml diff --git a/core/src/test/resources/webxml/Role1-4.web.xml b/web/src/test/resources/webxml/Role1-4.web.xml similarity index 100% rename from core/src/test/resources/webxml/Role1-4.web.xml rename to web/src/test/resources/webxml/Role1-4.web.xml