Replace expected @Test attributes with AssertJ

Replace JUnit expected @Test attributes with AssertJ calls.
This commit is contained in:
Phillip Webb
2020-09-10 21:33:16 -07:00
committed by Josh Cummings
parent 20baa7d409
commit c502312719
243 changed files with 2115 additions and 1591 deletions

View File

@@ -22,6 +22,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Luke Taylor
@@ -52,14 +53,15 @@ public class DefaultRedirectStrategyTests {
assertThat(response.getRedirectedUrl()).isEqualTo("remainder");
}
@Test(expected = IllegalArgumentException.class)
@Test
public void contextRelativeShouldThrowExceptionIfURLDoesNotContainContextPath() throws Exception {
DefaultRedirectStrategy rds = new DefaultRedirectStrategy();
rds.setContextRelative(true);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setContextPath("/context");
MockHttpServletResponse response = new MockHttpServletResponse();
rds.sendRedirect(request, response, "https://redirectme.somewhere.else");
assertThatIllegalArgumentException()
.isThrownBy(() -> rds.sendRedirect(request, response, "https://redirectme.somewhere.else"));
}
}

View File

@@ -44,6 +44,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.BDDMockito.given;
@@ -234,9 +235,9 @@ public class FilterChainProxyTests {
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setRequestRejectedHandlerDoesNotAcceptNull() {
this.fcp.setRequestRejectedHandler(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.fcp.setRequestRejectedHandler(null));
}
@Test

View File

@@ -28,6 +28,8 @@ import org.springframework.security.web.FilterInvocation.DummyRequest;
import org.springframework.security.web.util.UrlUtils;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.mock;
/**
@@ -61,23 +63,25 @@ public class FilterInvocationTests {
assertThat(fi.getFullRequestUrl()).isEqualTo("http://localhost/mycontext/HelloWorld/some/more/segments.html");
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testRejectsNullFilterChain() {
MockHttpServletRequest request = new MockHttpServletRequest(null, null);
MockHttpServletResponse response = new MockHttpServletResponse();
new FilterInvocation(request, response, null);
assertThatIllegalArgumentException().isThrownBy(() -> new FilterInvocation(request, response, null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testRejectsNullServletRequest() {
MockHttpServletResponse response = new MockHttpServletResponse();
new FilterInvocation(null, response, mock(FilterChain.class));
assertThatIllegalArgumentException()
.isThrownBy(() -> new FilterInvocation(null, response, mock(FilterChain.class)));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testRejectsNullServletResponse() {
MockHttpServletRequest request = new MockHttpServletRequest(null, null);
new FilterInvocation(request, null, mock(FilterChain.class));
assertThatIllegalArgumentException()
.isThrownBy(() -> new FilterInvocation(request, null, mock(FilterChain.class)));
}
@Test
@@ -113,9 +117,10 @@ public class FilterInvocationTests {
assertThat(fi.getFullRequestUrl()).isEqualTo("http://localhost/mycontext/HelloWorld");
}
@Test(expected = UnsupportedOperationException.class)
@Test
public void dummyChainRejectsInvocation() throws Exception {
FilterInvocation.DUMMY_CHAIN.doFilter(mock(HttpServletRequest.class), mock(HttpServletResponse.class));
assertThatExceptionOfType(UnsupportedOperationException.class).isThrownBy(() -> FilterInvocation.DUMMY_CHAIN
.doFilter(mock(HttpServletRequest.class), mock(HttpServletResponse.class)));
}
@Test

View File

@@ -48,6 +48,7 @@ import org.springframework.security.web.savedrequest.SavedRequest;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.willThrow;
import static org.mockito.Mockito.mock;
@@ -230,14 +231,15 @@ public class ExceptionTranslationFilterTests {
assertThat(getSavedRequestUrl(request)).isEqualTo("http://localhost:8080/mycontext/secure/page.html");
}
@Test(expected = IllegalArgumentException.class)
@Test
public void startupDetectsMissingAuthenticationEntryPoint() {
new ExceptionTranslationFilter(null);
assertThatIllegalArgumentException().isThrownBy(() -> new ExceptionTranslationFilter(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void startupDetectsMissingRequestCache() {
new ExceptionTranslationFilter(this.mockEntryPoint, null);
assertThatIllegalArgumentException()
.isThrownBy(() -> new ExceptionTranslationFilter(this.mockEntryPoint, null));
}
@Test

View File

@@ -31,6 +31,7 @@ import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.mock;
/**
@@ -40,19 +41,19 @@ import static org.mockito.Mockito.mock;
*/
public class ChannelProcessingFilterTests {
@Test(expected = IllegalArgumentException.class)
@Test
public void testDetectsMissingChannelDecisionManager() {
ChannelProcessingFilter filter = new ChannelProcessingFilter();
MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true, "MOCK");
filter.setSecurityMetadataSource(fids);
filter.afterPropertiesSet();
assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testDetectsMissingFilterInvocationSecurityMetadataSource() {
ChannelProcessingFilter filter = new ChannelProcessingFilter();
filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "MOCK"));
filter.afterPropertiesSet();
assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
}
@Test
@@ -65,14 +66,14 @@ public class ChannelProcessingFilterTests {
filter.afterPropertiesSet();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testDetectsUnsupportedConfigAttribute() {
ChannelProcessingFilter filter = new ChannelProcessingFilter();
filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY"));
MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", true,
"SUPPORTS_MOCK_ONLY", "INVALID_ATTRIBUTE");
filter.setSecurityMetadataSource(fids);
filter.afterPropertiesSet();
assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
}
@Test

View File

@@ -35,6 +35,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
@@ -76,9 +77,9 @@ public class DefaultWebSecurityExpressionHandlerTests {
assertThat(parser.parseExpression("@role.attribute == 'ROLE_A'").getValue(ctx, Boolean.class)).isTrue();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setTrustResolverNull() {
this.handler.setTrustResolver(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setTrustResolver(null));
}
@Test

View File

@@ -28,6 +28,7 @@ import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Luke Taylor
@@ -50,12 +51,13 @@ public class ExpressionBasedFilterInvocationSecurityMetadataSourceTests {
assertThat(attribute.toString()).isEqualTo(expression);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void invalidExpressionIsRejected() {
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
requestMap.put(AnyRequestMatcher.INSTANCE, SecurityConfig.createList("hasRole('X'"));
ExpressionBasedFilterInvocationSecurityMetadataSource mds = new ExpressionBasedFilterInvocationSecurityMetadataSource(
requestMap, new DefaultWebSecurityExpressionHandler());
assertThatIllegalArgumentException()
.isThrownBy(() -> new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap,
new DefaultWebSecurityExpressionHandler()));
}
}

View File

@@ -32,6 +32,7 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.mock;
/**
@@ -87,9 +88,9 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
// sign).isEqualTo(def)
}
@Test(expected = IllegalArgumentException.class)
@Test
public void unknownHttpMethodIsRejected() {
createFids("/someAdminPage.html**", "UNKNOWN");
assertThatIllegalArgumentException().isThrownBy(() -> createFids("/someAdminPage.html**", "UNKNOWN"));
}
@Test

View File

@@ -43,6 +43,7 @@ import org.springframework.security.web.FilterInvocation;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyCollection;
import static org.mockito.ArgumentMatchers.eq;
@@ -95,16 +96,16 @@ public class FilterSecurityInterceptorTests {
SecurityContextHolder.clearContext();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testEnsuresAccessDecisionManagerSupportsFilterInvocationClass() throws Exception {
given(this.adm.supports(FilterInvocation.class)).willReturn(true);
this.interceptor.afterPropertiesSet();
assertThatIllegalArgumentException().isThrownBy(this.interceptor::afterPropertiesSet);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testEnsuresRunAsManagerSupportsFilterInvocationClass() throws Exception {
given(this.adm.supports(FilterInvocation.class)).willReturn(false);
this.interceptor.afterPropertiesSet();
assertThatIllegalArgumentException().isThrownBy(this.interceptor::afterPropertiesSet);
}
/**

View File

@@ -398,10 +398,10 @@ public class AbstractAuthenticationProcessingFilterTests {
/**
* https://github.com/spring-projects/spring-security/pull/3905
*/
@Test(expected = IllegalArgumentException.class)
@Test
public void setRememberMeServicesShouldntAllowNulls() {
AbstractAuthenticationProcessingFilter filter = new MockAuthenticationFilter();
filter.setRememberMeServices(null);
assertThatIllegalArgumentException().isThrownBy(() -> filter.setRememberMeServices(null));
}
private class MockAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

View File

@@ -37,6 +37,7 @@ import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.assertj.core.api.Assertions.fail;
import static org.mockito.Mockito.mock;
@@ -59,14 +60,14 @@ public class AnonymousAuthenticationFilterTests {
SecurityContextHolder.clearContext();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testDetectsMissingKey() {
new AnonymousAuthenticationFilter(null);
assertThatIllegalArgumentException().isThrownBy(() -> new AnonymousAuthenticationFilter(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testDetectsUserAttribute() {
new AnonymousAuthenticationFilter("qwerty", null, null);
assertThatIllegalArgumentException().isThrownBy(() -> new AnonymousAuthenticationFilter("qwerty", null, null));
}
@Test

View File

@@ -23,6 +23,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.Authentication;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.mock;
/**
@@ -35,14 +36,14 @@ import static org.mockito.Mockito.mock;
*/
public class ForwardAuthenticaionSuccessHandlerTests {
@Test(expected = IllegalArgumentException.class)
@Test
public void invalidForwardUrl() {
new ForwardAuthenticationSuccessHandler("aaa");
assertThatIllegalArgumentException().isThrownBy(() -> new ForwardAuthenticationSuccessHandler("aaa"));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void emptyForwardUrl() {
new ForwardAuthenticationSuccessHandler("");
assertThatIllegalArgumentException().isThrownBy(() -> new ForwardAuthenticationSuccessHandler(""));
}
@Test

View File

@@ -24,6 +24,7 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.WebAttributes;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.mock;
/**
@@ -35,14 +36,14 @@ import static org.mockito.Mockito.mock;
*/
public class ForwardAuthenticationFailureHandlerTests {
@Test(expected = IllegalArgumentException.class)
@Test
public void invalidForwardUrl() {
new ForwardAuthenticationFailureHandler("aaa");
assertThatIllegalArgumentException().isThrownBy(() -> new ForwardAuthenticationFailureHandler("aaa"));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void emptyForwardUrl() {
new ForwardAuthenticationFailureHandler("");
assertThatIllegalArgumentException().isThrownBy(() -> new ForwardAuthenticationFailureHandler(""));
}
@Test

View File

@@ -25,6 +25,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.AuthenticationException;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Rob Winch
@@ -50,9 +51,9 @@ public class HttpStatusEntryPointTests {
this.entryPoint = new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullStatus() {
new HttpStatusEntryPoint(null);
assertThatIllegalArgumentException().isThrownBy(() -> new HttpStatusEntryPoint(null));
}
@Test

View File

@@ -27,6 +27,7 @@ import org.springframework.security.MockPortResolver;
import org.springframework.security.web.PortMapperImpl;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* Tests {@link LoginUrlAuthenticationEntryPoint}.
@@ -36,21 +37,21 @@ import static org.assertj.core.api.Assertions.assertThat;
*/
public class LoginUrlAuthenticationEntryPointTests {
@Test(expected = IllegalArgumentException.class)
@Test
public void testDetectsMissingLoginFormUrl() {
new LoginUrlAuthenticationEntryPoint(null);
assertThatIllegalArgumentException().isThrownBy(() -> new LoginUrlAuthenticationEntryPoint(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testDetectsMissingPortMapper() {
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/login");
ep.setPortMapper(null);
assertThatIllegalArgumentException().isThrownBy(() -> ep.setPortMapper(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testDetectsMissingPortResolver() {
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/login");
ep.setPortResolver(null);
assertThatIllegalArgumentException().isThrownBy(() -> ep.setPortResolver(null));
}
@Test
@@ -222,12 +223,12 @@ public class LoginUrlAuthenticationEntryPointTests {
assertThat(response.getRedirectedUrl()).isEqualTo(loginFormUrl);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void absoluteLoginFormUrlCantBeUsedWithForwarding() throws Exception {
final String loginFormUrl = "https://somesite.com/login";
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("https://somesite.com/login");
ep.setUseForward(true);
ep.afterPropertiesSet();
assertThatIllegalArgumentException().isThrownBy(ep::afterPropertiesSet);
}
}

View File

@@ -25,6 +25,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.Authentication;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.mock;
/**
@@ -107,16 +108,12 @@ public class CookieClearingLogoutHandlerTests {
}
}
@Test(expected = IllegalArgumentException.class)
@Test
public void invalidAge() {
MockHttpServletResponse response = new MockHttpServletResponse();
MockHttpServletRequest request = new MockHttpServletRequest();
request.setContextPath("/foo/bar");
Cookie cookie1 = new Cookie("my_cookie", null);
cookie1.setPath("/foo");
cookie1.setMaxAge(100);
CookieClearingLogoutHandler handler = new CookieClearingLogoutHandler(cookie1);
handler.logout(request, response, mock(Authentication.class));
assertThatIllegalArgumentException().isThrownBy(() -> new CookieClearingLogoutHandler(cookie1));
}
}

View File

@@ -42,6 +42,7 @@ import org.springframework.security.web.authentication.ForwardAuthenticationSucc
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
@@ -90,7 +91,7 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
}
/* SEC-881 */
@Test(expected = BadCredentialsException.class)
@Test
public void exceptionIsThrownOnFailedAuthenticationIfContinueFilterChainOnUnsuccessfulAuthenticationSetToFalse()
throws Exception {
AuthenticationManager am = mock(AuthenticationManager.class);
@@ -98,7 +99,8 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
this.filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
this.filter.setAuthenticationManager(am);
this.filter.afterPropertiesSet();
this.filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.filter
.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class)));
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
}

View File

@@ -27,6 +27,8 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author TSARDD
@@ -34,10 +36,10 @@ import static org.assertj.core.api.Assertions.assertThat;
*/
public class PreAuthenticatedAuthenticationProviderTests {
@Test(expected = IllegalArgumentException.class)
@Test
public final void afterPropertiesSet() {
PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
provider.afterPropertiesSet();
assertThatIllegalArgumentException().isThrownBy(provider::afterPropertiesSet);
}
@Test
@@ -79,12 +81,12 @@ public class PreAuthenticatedAuthenticationProviderTests {
// @TODO: Add more asserts?
}
@Test(expected = UsernameNotFoundException.class)
@Test
public final void authenticateUnknownUserThrowsException() throws Exception {
UserDetails ud = new User("dummyUser1", "dummyPwd", true, true, true, true, AuthorityUtils.NO_AUTHORITIES);
PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser2", "dummyPwd");
provider.authenticate(request);
assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> provider.authenticate(request));
}
@Test

View File

@@ -26,6 +26,7 @@ import org.springframework.security.core.authority.GrantedAuthoritiesContainer;
import org.springframework.security.core.userdetails.UserDetails;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author TSARDD
@@ -33,20 +34,20 @@ import static org.assertj.core.api.Assertions.assertThat;
*/
public class PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests {
@Test(expected = IllegalArgumentException.class)
@Test
public void testGetUserDetailsInvalidType() {
PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService();
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("dummy", "dummy");
token.setDetails(new Object());
svc.loadUserDetails(token);
assertThatIllegalArgumentException().isThrownBy(() -> svc.loadUserDetails(token));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testGetUserDetailsNoDetails() {
PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService();
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("dummy", "dummy");
token.setDetails(null);
svc.loadUserDetails(token);
assertThatIllegalArgumentException().isThrownBy(() -> svc.loadUserDetails(token));
}
@Test

View File

@@ -29,6 +29,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
@@ -44,13 +45,14 @@ public class RequestAttributeAuthenticationFilterTests {
SecurityContextHolder.clearContext();
}
@Test(expected = PreAuthenticatedCredentialsNotFoundException.class)
@Test
public void rejectsMissingHeader() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
filter.doFilter(request, response, chain);
assertThatExceptionOfType(PreAuthenticatedCredentialsNotFoundException.class)
.isThrownBy(() -> filter.doFilter(request, response, chain));
}
@Test
@@ -119,14 +121,15 @@ public class RequestAttributeAuthenticationFilterTests {
assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(dog);
}
@Test(expected = PreAuthenticatedCredentialsNotFoundException.class)
@Test
public void missingHeaderCausesException() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
filter.setAuthenticationManager(createAuthenticationManager());
filter.doFilter(request, response, chain);
assertThatExceptionOfType(PreAuthenticatedCredentialsNotFoundException.class)
.isThrownBy(() -> filter.doFilter(request, response, chain));
}
@Test

View File

@@ -31,6 +31,7 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedC
import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
@@ -46,13 +47,14 @@ public class RequestHeaderAuthenticationFilterTests {
SecurityContextHolder.clearContext();
}
@Test(expected = PreAuthenticatedCredentialsNotFoundException.class)
@Test
public void rejectsMissingHeader() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
filter.doFilter(request, response, chain);
assertThatExceptionOfType(PreAuthenticatedCredentialsNotFoundException.class)
.isThrownBy(() -> filter.doFilter(request, response, chain));
}
@Test
@@ -120,14 +122,15 @@ public class RequestHeaderAuthenticationFilterTests {
assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(dog);
}
@Test(expected = PreAuthenticatedCredentialsNotFoundException.class)
@Test
public void missingHeaderCausesException() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
filter.setAuthenticationManager(createAuthenticationManager());
filter.doFilter(request, response, chain);
assertThatExceptionOfType(PreAuthenticatedCredentialsNotFoundException.class)
.isThrownBy(() -> filter.doFilter(request, response, chain));
}
@Test

View File

@@ -23,6 +23,8 @@ import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.SpringSecurityMessageSource;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Luke Taylor
@@ -37,9 +39,10 @@ public class SubjectDnX509PrincipalExtractorTests {
this.extractor.setMessageSource(new SpringSecurityMessageSource());
}
@Test(expected = IllegalArgumentException.class)
@Test
public void invalidRegexFails() {
this.extractor.setSubjectDnRegex("CN=(.*?,"); // missing closing bracket on group
// missing closing bracket on group
assertThatIllegalArgumentException().isThrownBy(() -> this.extractor.setSubjectDnRegex("CN=(.*?,"));
}
@Test
@@ -55,10 +58,11 @@ public class SubjectDnX509PrincipalExtractorTests {
assertThat(principal).isEqualTo("luke@monkeymachine");
}
@Test(expected = BadCredentialsException.class)
@Test
public void matchOnShoeSizeThrowsBadCredentials() throws Exception {
this.extractor.setSubjectDnRegex("shoeSize=(.*?),");
this.extractor.extractPrincipal(X509TestUtils.buildTestCertificate());
assertThatExceptionOfType(BadCredentialsException.class)
.isThrownBy(() -> this.extractor.extractPrincipal(X509TestUtils.buildTestCertificate()));
}
@Test

View File

@@ -43,6 +43,7 @@ import org.springframework.util.ReflectionUtils;
import org.springframework.util.StringUtils;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Luke Taylor
@@ -62,9 +63,10 @@ public class AbstractRememberMeServicesTests {
this.uds = new MockUserDetailsService(joe, false);
}
@Test(expected = InvalidCookieException.class)
@Test
public void nonBase64CookieShouldBeDetected() {
new MockRememberMeServices(this.uds).decodeCookie("nonBase64CookieValue%");
assertThatExceptionOfType(InvalidCookieException.class)
.isThrownBy(() -> new MockRememberMeServices(this.uds).decodeCookie("nonBase64CookieValue%"));
}
@Test
@@ -265,19 +267,21 @@ public class AbstractRememberMeServicesTests {
assertThat(returnedCookie.getSecure()).isEqualTo(true);
}
@Test(expected = CookieTheftException.class)
@Test
public void cookieTheftExceptionShouldBeRethrown() {
MockRememberMeServices services = new MockRememberMeServices(this.uds) {
@Override
protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request,
HttpServletResponse response) {
throw new CookieTheftException("Pretending cookie was stolen");
}
};
MockHttpServletRequest request = new MockHttpServletRequest();
request.setCookies(createLoginCookie("cookie:1:2"));
MockHttpServletResponse response = new MockHttpServletResponse();
services.autoLogin(request, response);
assertThatExceptionOfType(CookieTheftException.class).isThrownBy(() -> services.autoLogin(request, response));
}
@Test

View File

@@ -30,6 +30,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Luke Taylor
@@ -51,33 +52,37 @@ public class PersistentTokenBasedRememberMeServicesTests {
this.services.afterPropertiesSet();
}
@Test(expected = InvalidCookieException.class)
@Test
public void loginIsRejectedWithWrongNumberOfCookieTokens() {
this.services.processAutoLoginCookie(new String[] { "series", "token", "extra" }, new MockHttpServletRequest(),
new MockHttpServletResponse());
assertThatExceptionOfType(InvalidCookieException.class)
.isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token", "extra" },
new MockHttpServletRequest(), new MockHttpServletResponse()));
}
@Test(expected = RememberMeAuthenticationException.class)
@Test
public void loginIsRejectedWhenNoTokenMatchingSeriesIsFound() {
this.services = create(null);
this.services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
new MockHttpServletResponse());
assertThatExceptionOfType(RememberMeAuthenticationException.class)
.isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token" },
new MockHttpServletRequest(), new MockHttpServletResponse()));
}
@Test(expected = RememberMeAuthenticationException.class)
@Test
public void loginIsRejectedWhenTokenIsExpired() {
this.services = create(new PersistentRememberMeToken("joe", "series", "token",
new Date(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(1) - 100)));
this.services.setTokenValiditySeconds(1);
this.services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
new MockHttpServletResponse());
assertThatExceptionOfType(RememberMeAuthenticationException.class)
.isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token" },
new MockHttpServletRequest(), new MockHttpServletResponse()));
}
@Test(expected = CookieTheftException.class)
@Test
public void cookieTheftIsDetectedWhenSeriesAndTokenDontMatch() {
this.services = create(new PersistentRememberMeToken("joe", "series", "wrongtoken", new Date()));
this.services.processAutoLoginCookie(new String[] { "series", "token" }, new MockHttpServletRequest(),
new MockHttpServletResponse());
assertThatExceptionOfType(CookieTheftException.class)
.isThrownBy(() -> this.services.processAutoLoginCookie(new String[] { "series", "token" },
new MockHttpServletRequest(), new MockHttpServletResponse()));
}
@Test

View File

@@ -38,6 +38,7 @@ import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
@@ -63,14 +64,16 @@ public class RememberMeAuthenticationFilterTests {
SecurityContextHolder.clearContext();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testDetectsAuthenticationManagerProperty() {
new RememberMeAuthenticationFilter(null, new NullRememberMeServices());
assertThatIllegalArgumentException()
.isThrownBy(() -> new RememberMeAuthenticationFilter(null, new NullRememberMeServices()));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testDetectsRememberMeServicesProperty() {
new RememberMeAuthenticationFilter(mock(AuthenticationManager.class), null);
assertThatIllegalArgumentException()
.isThrownBy(() -> new RememberMeAuthenticationFilter(mock(AuthenticationManager.class), null));
}
@Test

View File

@@ -37,6 +37,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.StringUtils;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
@@ -200,7 +201,7 @@ public class TokenBasedRememberMeServicesTests {
assertThat(returnedCookie.getMaxAge()).isZero();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void autoLoginClearsCookieIfUserServiceMisconfigured() {
udsWillReturnNull();
Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
@@ -209,7 +210,7 @@ public class TokenBasedRememberMeServicesTests {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setCookies(cookie);
MockHttpServletResponse response = new MockHttpServletResponse();
this.services.autoLogin(request, response);
assertThatIllegalArgumentException().isThrownBy(() -> this.services.autoLogin(request, response));
}
@Test

View File

@@ -30,6 +30,7 @@ import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.security.core.Authentication;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.BDDMockito.willThrow;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
@@ -56,19 +57,21 @@ public class CompositeSessionAuthenticationStrategyTests {
@Mock
private HttpServletResponse response;
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullDelegates() {
new CompositeSessionAuthenticationStrategy(null);
assertThatIllegalArgumentException().isThrownBy(() -> new CompositeSessionAuthenticationStrategy(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorEmptyDelegates() {
new CompositeSessionAuthenticationStrategy(Collections.<SessionAuthenticationStrategy>emptyList());
assertThatIllegalArgumentException().isThrownBy(() -> new CompositeSessionAuthenticationStrategy(
Collections.<SessionAuthenticationStrategy>emptyList()));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorDelegatesContainNull() {
new CompositeSessionAuthenticationStrategy(Collections.<SessionAuthenticationStrategy>singletonList(null));
assertThatIllegalArgumentException().isThrownBy(() -> new CompositeSessionAuthenticationStrategy(
Collections.<SessionAuthenticationStrategy>singletonList(null)));
}
@Test

View File

@@ -36,6 +36,8 @@ import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.session.SessionRegistry;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyBoolean;
import static org.mockito.BDDMockito.given;
@@ -70,9 +72,9 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
this.strategy = new ConcurrentSessionControlAuthenticationStrategy(this.sessionRegistry);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullRegistry() {
new ConcurrentSessionControlAuthenticationStrategy(null);
assertThatIllegalArgumentException().isThrownBy(() -> new ConcurrentSessionControlAuthenticationStrategy(null));
}
@Test
@@ -97,13 +99,14 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
// no exception
}
@Test(expected = SessionAuthenticationException.class)
@Test
public void maxSessionsWithException() {
given(this.sessionRegistry.getAllSessions(any(), anyBoolean()))
.willReturn(Collections.<SessionInformation>singletonList(this.sessionInformation));
this.strategy.setMaximumSessions(1);
this.strategy.setExceptionIfMaximumExceeded(true);
this.strategy.onAuthentication(this.authentication, this.request, this.response);
assertThatExceptionOfType(SessionAuthenticationException.class)
.isThrownBy(() -> this.strategy.onAuthentication(this.authentication, this.request, this.response));
}
@Test
@@ -141,9 +144,9 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
assertThat(this.sessionInformation.isExpired()).isFalse();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setMessageSourceNull() {
this.strategy.setMessageSource(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.strategy.setMessageSource(null));
}
}

View File

@@ -28,6 +28,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.session.SessionRegistry;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.verify;
/**
@@ -56,9 +57,9 @@ public class RegisterSessionAuthenticationStrategyTests {
this.response = new MockHttpServletResponse();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullRegistry() {
new RegisterSessionAuthenticationStrategy(null);
assertThatIllegalArgumentException().isThrownBy(() -> new RegisterSessionAuthenticationStrategy(null));
}
@Test

View File

@@ -47,6 +47,7 @@ import org.springframework.security.web.authentication.SimpleUrlAuthenticationSu
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
@@ -181,33 +182,33 @@ public class SwitchUserFilterTests {
assertThat(filter.requiresSwitchUser(request)).isTrue();
}
@Test(expected = UsernameNotFoundException.class)
@Test
public void attemptSwitchToUnknownUserFails() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "user-that-doesnt-exist");
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(new MockUserDetailsService());
filter.attemptSwitchUser(request);
assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> filter.attemptSwitchUser(request));
}
@Test(expected = DisabledException.class)
@Test
public void attemptSwitchToUserThatIsDisabledFails() {
switchToUser("mcgarrett");
assertThatExceptionOfType(DisabledException.class).isThrownBy(() -> switchToUser("mcgarrett"));
}
@Test(expected = AccountExpiredException.class)
@Test
public void attemptSwitchToUserWithAccountExpiredFails() {
switchToUser("wofat");
assertThatExceptionOfType(AccountExpiredException.class).isThrownBy(() -> switchToUser("wofat"));
}
@Test(expected = CredentialsExpiredException.class)
@Test
public void attemptSwitchToUserWithExpiredCredentialsFails() {
switchToUser("steve");
assertThatExceptionOfType(CredentialsExpiredException.class).isThrownBy(() -> switchToUser("steve"));
}
@Test(expected = UsernameNotFoundException.class)
@Test
public void switchUserWithNullUsernameThrowsException() {
switchToUser(null);
assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> switchToUser(null));
}
@Test
@@ -246,22 +247,22 @@ public class SwitchUserFilterTests {
assertThat(FieldUtils.getFieldValue(filter, "switchFailureUrl")).isEqualTo("/switchfailed");
}
@Test(expected = IllegalArgumentException.class)
@Test
public void configMissingUserDetailsServiceFails() {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setSwitchUserUrl("/login/impersonate");
filter.setExitUserUrl("/logout/impersonate");
filter.setTargetUrl("/main.jsp");
filter.afterPropertiesSet();
assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testBadConfigMissingTargetUrl() {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(new MockUserDetailsService());
filter.setSwitchUserUrl("/login/impersonate");
filter.setExitUserUrl("/logout/impersonate");
filter.afterPropertiesSet();
assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
}
@Test
@@ -304,7 +305,7 @@ public class SwitchUserFilterTests {
assertThat(targetAuth.getPrincipal()).isEqualTo("dano");
}
@Test(expected = AuthenticationException.class)
@Test
public void exitUserWithNoCurrentUserFails() throws Exception {
// no current user in secure context
SecurityContextHolder.clearContext();
@@ -317,7 +318,8 @@ public class SwitchUserFilterTests {
// run 'exit', expect fail due to no current user
FilterChain chain = mock(FilterChain.class);
MockHttpServletResponse response = new MockHttpServletResponse();
filter.doFilter(request, response, chain);
assertThatExceptionOfType(AuthenticationException.class)
.isThrownBy(() -> filter.doFilter(request, response, chain));
verify(chain, never()).doFilter(request, response);
}
@@ -459,16 +461,16 @@ public class SwitchUserFilterTests {
assertThat(switchAuthorityRole).isEqualTo(switchedFrom.getAuthority());
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setSwitchFailureUrlWhenNullThenThrowException() {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setSwitchFailureUrl(null);
assertThatIllegalArgumentException().isThrownBy(() -> filter.setSwitchFailureUrl(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setSwitchFailureUrlWhenEmptyThenThrowException() {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setSwitchFailureUrl("");
assertThatIllegalArgumentException().isThrownBy(() -> filter.setSwitchFailureUrl(""));
}
@Test

View File

@@ -31,6 +31,7 @@ import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyZeroInteractions;
@@ -83,19 +84,19 @@ public class BasicAuthenticationConverterTests {
assertThat(authentication).isNull();
}
@Test(expected = BadCredentialsException.class)
@Test
public void testWhenInvalidBasicAuthorizationTokenThenError() {
String token = "NOT_A_VALID_TOKEN_AS_MISSING_COLON";
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
this.converter.convert(request);
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.converter.convert(request));
}
@Test(expected = BadCredentialsException.class)
@Test
public void testWhenInvalidBase64ThenError() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization", "Basic NOT_VALID_BASE64");
this.converter.convert(request);
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.converter.convert(request));
}
@Test
@@ -110,11 +111,11 @@ public class BasicAuthenticationConverterTests {
assertThat(authentication.getCredentials()).isEqualTo("");
}
@Test(expected = BadCredentialsException.class)
@Test
public void requestWhenEmptyBasicAuthorizationHeaderTokenThenError() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization", "Basic ");
this.converter.convert(request);
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.converter.convert(request));
}
}

View File

@@ -41,6 +41,7 @@ import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.web.util.WebUtils;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.AdditionalMatchers.not;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
@@ -182,14 +183,14 @@ public class BasicAuthenticationFilterTests {
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testStartupDetectsMissingAuthenticationEntryPoint() {
new BasicAuthenticationFilter(this.manager, null);
assertThatIllegalArgumentException().isThrownBy(() -> new BasicAuthenticationFilter(this.manager, null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void testStartupDetectsMissingAuthenticationManager() {
BasicAuthenticationFilter filter = new BasicAuthenticationFilter(null);
assertThatIllegalArgumentException().isThrownBy(() -> new BasicAuthenticationFilter(null));
}
@Test

View File

@@ -43,6 +43,7 @@ import org.springframework.security.core.userdetails.cache.NullUserCache;
import org.springframework.util.StringUtils;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
@@ -290,18 +291,18 @@ public class DigestAuthenticationFilterTests {
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void startupDetectsMissingAuthenticationEntryPoint() {
DigestAuthenticationFilter filter = new DigestAuthenticationFilter();
filter.setUserDetailsService(mock(UserDetailsService.class));
filter.afterPropertiesSet();
assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void startupDetectsMissingUserDetailsService() {
DigestAuthenticationFilter filter = new DigestAuthenticationFilter();
filter.setAuthenticationEntryPoint(new DigestAuthenticationEntryPoint());
filter.afterPropertiesSet();
assertThatIllegalArgumentException().isThrownBy(filter::afterPropertiesSet);
}
@Test

View File

@@ -36,6 +36,7 @@ import org.springframework.security.web.bind.annotation.AuthenticationPrincipal;
import org.springframework.util.ReflectionUtils;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Rob Winch
@@ -125,16 +126,18 @@ public class AuthenticationPrincipalArgumentResolverTests {
assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
}
@Test(expected = ClassCastException.class)
@Test
public void resolveArgumentErrorOnInvalidType() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null);
assertThatExceptionOfType(ClassCastException.class).isThrownBy(
() -> this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null));
}
@Test(expected = ClassCastException.class)
@Test
public void resolveArgumentCustomserErrorOnInvalidType() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
this.resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null);
assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> this.resolver
.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null));
}
@Test

View File

@@ -41,6 +41,7 @@ import org.springframework.security.web.session.SessionInformationExpiredStrateg
import org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
@@ -63,26 +64,28 @@ public class ConcurrentSessionFilterTests {
SecurityContextHolder.clearContext();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorSessionRegistryWhenSessionRegistryNullThenExceptionThrown() {
new ConcurrentSessionFilter(null);
assertThatIllegalArgumentException().isThrownBy(() -> new ConcurrentSessionFilter(null));
}
@Test
@SuppressWarnings("deprecation")
@Test(expected = IllegalArgumentException.class)
public void constructorSessionRegistryExpiresUrlWhenInvalidUrlThenExceptionThrown() {
new ConcurrentSessionFilter(new SessionRegistryImpl(), "oops");
assertThatIllegalArgumentException()
.isThrownBy(() -> new ConcurrentSessionFilter(new SessionRegistryImpl(), "oops"));
}
@Test
@SuppressWarnings("deprecation")
@Test(expected = IllegalArgumentException.class)
public void constructorSessionRegistryExpiresUrlWhenSessionRegistryNullThenExceptionThrown() {
new ConcurrentSessionFilter(null, "/expired");
assertThatIllegalArgumentException().isThrownBy(() -> new ConcurrentSessionFilter(null, "/expired"));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorSessionRegistrySessionInformationExpiredStrategyWhenStrategyIsNullThenThrowsException() {
new ConcurrentSessionFilter(new SessionRegistryImpl(), (SessionInformationExpiredStrategy) null);
assertThatIllegalArgumentException().isThrownBy(
() -> new ConcurrentSessionFilter(new SessionRegistryImpl(), (SessionInformationExpiredStrategy) null));
}
@Test
@@ -127,9 +130,9 @@ public class ConcurrentSessionFilterTests {
+ "attempted as the same user).");
}
@Test(expected = IllegalArgumentException.class)
@Test
public void detectsMissingSessionRegistry() {
new ConcurrentSessionFilter(null);
assertThatIllegalArgumentException().isThrownBy(() -> new ConcurrentSessionFilter(null));
}
@Test
@@ -264,16 +267,16 @@ public class ConcurrentSessionFilterTests {
verify(handler).logout(eq(request), eq(response), any());
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setLogoutHandlersWhenNullThenThrowsException() {
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(new SessionRegistryImpl());
filter.setLogoutHandlers((List<LogoutHandler>) null);
assertThatIllegalArgumentException().isThrownBy(() -> filter.setLogoutHandlers((List<LogoutHandler>) null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setLogoutHandlersWhenEmptyThenThrowsException() {
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(new SessionRegistryImpl());
filter.setLogoutHandlers(new LogoutHandler[0]);
assertThatIllegalArgumentException().isThrownBy(() -> filter.setLogoutHandlers(new LogoutHandler[0]));
}
}

View File

@@ -44,6 +44,8 @@ import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
import static org.mockito.ArgumentMatchers.anyBoolean;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
@@ -499,10 +501,10 @@ public class HttpSessionSecurityContextRepositoryTests {
verify(trustResolver).isAnonymous(contextToSave.getAuthentication());
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setTrustResolverNull() {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
repo.setTrustResolver(null);
assertThatIllegalArgumentException().isThrownBy(() -> repo.setTrustResolver(null));
}
// SEC-2578
@@ -523,14 +525,14 @@ public class HttpSessionSecurityContextRepositoryTests {
.isEqualTo(context);
}
@Test(expected = IllegalStateException.class)
@Test
public void failsWithStandardResponse() {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
SecurityContext context = SecurityContextHolder.createEmptyContext();
context.setAuthentication(this.testToken);
repo.saveContext(context, request, response);
assertThatIllegalStateException().isThrownBy(() -> repo.saveContext(context, request, response));
}
@Test

View File

@@ -29,6 +29,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.request.NativeWebRequest;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Rob Winch
@@ -51,9 +52,9 @@ public class SecurityContextCallableProcessingInterceptorTests {
SecurityContextHolder.clearContext();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNull() {
new SecurityContextCallableProcessingInterceptor(null);
assertThatIllegalArgumentException().isThrownBy(() -> new SecurityContextCallableProcessingInterceptor(null));
}
@Test

View File

@@ -25,6 +25,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Rob Winch
@@ -235,19 +236,19 @@ public class CookieCsrfTokenRepositoryTests {
assertThat(loadToken.getToken()).isEqualTo(value);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setCookieNameNullIllegalArgumentException() {
this.repository.setCookieName(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setCookieName(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setParameterNameNullIllegalArgumentException() {
this.repository.setParameterName(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setParameterName(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setHeaderNameNullIllegalArgumentException() {
this.repository.setHeaderName(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setHeaderName(null));
}
}

View File

@@ -30,6 +30,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.TestingAuthenticationToken;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.BDDMockito.given;
@@ -66,9 +67,9 @@ public class CsrfAuthenticationStrategyTests {
this.generatedToken = new DefaultCsrfToken("_csrf", "_csrf", "2");
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullCsrfTokenRepository() {
new CsrfAuthenticationStrategy(null);
assertThatIllegalArgumentException().isThrownBy(() -> new CsrfAuthenticationStrategy(null));
}
@Test

View File

@@ -39,6 +39,7 @@ import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.util.matcher.RequestMatcher;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.BDDMockito.given;
@@ -95,9 +96,9 @@ public class CsrfFilterTests {
this.response = new MockHttpServletResponse();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullRepository() {
new CsrfFilter(null);
assertThatIllegalArgumentException().isThrownBy(() -> new CsrfFilter(null));
}
// SEC-2276
@@ -319,14 +320,14 @@ public class CsrfFilterTests {
verifyZeroInteractions(repository);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setRequireCsrfProtectionMatcherNull() {
this.filter.setRequireCsrfProtectionMatcher(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setRequireCsrfProtectionMatcher(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setAccessDeniedHandlerNull() {
this.filter.setAccessDeniedHandler(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setAccessDeniedHandler(null));
}
private static CsrfTokenAssert assertToken(Object token) {

View File

@@ -26,6 +26,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.TestingAuthenticationToken;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.verify;
/**
@@ -51,9 +52,9 @@ public class CsrfLogoutHandlerTests {
this.handler = new CsrfLogoutHandler(this.csrfTokenRepository);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullCsrfTokenRepository() {
new CsrfLogoutHandler(null);
assertThatIllegalArgumentException().isThrownBy(() -> new CsrfLogoutHandler(null));
}
@Test

View File

@@ -18,6 +18,8 @@ package org.springframework.security.web.csrf;
import org.junit.Test;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Rob Winch
*
@@ -30,34 +32,40 @@ public class DefaultCsrfTokenTests {
private final String tokenValue = "tokenValue";
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullHeaderName() {
new DefaultCsrfToken(null, this.parameterName, this.tokenValue);
assertThatIllegalArgumentException()
.isThrownBy(() -> new DefaultCsrfToken(null, this.parameterName, this.tokenValue));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorEmptyHeaderName() {
new DefaultCsrfToken("", this.parameterName, this.tokenValue);
assertThatIllegalArgumentException()
.isThrownBy(() -> new DefaultCsrfToken("", this.parameterName, this.tokenValue));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullParameterName() {
new DefaultCsrfToken(this.headerName, null, this.tokenValue);
assertThatIllegalArgumentException()
.isThrownBy(() -> new DefaultCsrfToken(this.headerName, null, this.tokenValue));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorEmptyParameterName() {
new DefaultCsrfToken(this.headerName, "", this.tokenValue);
assertThatIllegalArgumentException()
.isThrownBy(() -> new DefaultCsrfToken(this.headerName, "", this.tokenValue));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullTokenValue() {
new DefaultCsrfToken(this.headerName, this.parameterName, null);
assertThatIllegalArgumentException()
.isThrownBy(() -> new DefaultCsrfToken(this.headerName, this.parameterName, null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorEmptyTokenValue() {
new DefaultCsrfToken(this.headerName, this.parameterName, "");
assertThatIllegalArgumentException()
.isThrownBy(() -> new DefaultCsrfToken(this.headerName, this.parameterName, ""));
}
}

View File

@@ -23,6 +23,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Rob Winch
@@ -116,24 +117,24 @@ public class HttpSessionCsrfTokenRepositoryTests {
assertThat(this.request.getSession(false)).isNull();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setSessionAttributeNameEmpty() {
this.repo.setSessionAttributeName("");
assertThatIllegalArgumentException().isThrownBy(() -> this.repo.setSessionAttributeName(""));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setSessionAttributeNameNull() {
this.repo.setSessionAttributeName(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.repo.setSessionAttributeName(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setParameterNameEmpty() {
this.repo.setParameterName("");
assertThatIllegalArgumentException().isThrownBy(() -> this.repo.setParameterName(""));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setParameterNameNull() {
this.repo.setParameterName(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.repo.setParameterName(null));
}
}

View File

@@ -27,6 +27,7 @@ import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
@@ -59,14 +60,15 @@ public class LazyCsrfTokenRepositoryTests {
given(this.request.getAttribute(HttpServletResponse.class.getName())).willReturn(this.response);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructNullDelegateThrowsIllegalArgumentException() {
new LazyCsrfTokenRepository(null);
assertThatIllegalArgumentException().isThrownBy(() -> new LazyCsrfTokenRepository(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void generateTokenNullResponseAttribute() {
this.repository.generateToken(mock(HttpServletRequest.class));
assertThatIllegalArgumentException()
.isThrownBy(() -> this.repository.generateToken(mock(HttpServletRequest.class)));
}
@Test

View File

@@ -49,7 +49,7 @@ public class DefaultHttpFirewallTests {
* because the pathInfo is /a/b;/1/c which ends up being /a/b/1/c while Spring MVC
* will strip the ; content from requestURI before the path is URL decoded.
*/
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenLowercaseEncodedPathThenException() {
DefaultHttpFirewall fw = new DefaultHttpFirewall();
MockHttpServletRequest request = new MockHttpServletRequest();
@@ -57,10 +57,10 @@ public class DefaultHttpFirewallTests {
request.setContextPath("/context-root");
request.setServletPath("");
request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
fw.getFirewalledRequest(request);
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> fw.getFirewalledRequest(request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenUppercaseEncodedPathThenException() {
DefaultHttpFirewall fw = new DefaultHttpFirewall();
MockHttpServletRequest request = new MockHttpServletRequest();
@@ -68,7 +68,7 @@ public class DefaultHttpFirewallTests {
request.setContextPath("/context-root");
request.setServletPath("");
request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
fw.getFirewalledRequest(request);
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> fw.getFirewalledRequest(request));
}
@Test

View File

@@ -128,76 +128,88 @@ public class StrictHttpFirewallTests {
}
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenSemicolonInContextPathThenThrowsRequestRejectedException() {
this.request.setContextPath(";/context");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenSemicolonInServletPathThenThrowsRequestRejectedException() {
this.request.setServletPath("/spring;/");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenSemicolonInPathInfoThenThrowsRequestRejectedException() {
this.request.setPathInfo("/path;/");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenSemicolonInRequestUriThenThrowsRequestRejectedException() {
this.request.setRequestURI("/path;/");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenEncodedSemicolonInContextPathThenThrowsRequestRejectedException() {
this.request.setContextPath("%3B/context");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenEncodedSemicolonInServletPathThenThrowsRequestRejectedException() {
this.request.setServletPath("/spring%3B/");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenEncodedSemicolonInPathInfoThenThrowsRequestRejectedException() {
this.request.setPathInfo("/path%3B/");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenEncodedSemicolonInRequestUriThenThrowsRequestRejectedException() {
this.request.setRequestURI("/path%3B/");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenLowercaseEncodedSemicolonInContextPathThenThrowsRequestRejectedException() {
this.request.setContextPath("%3b/context");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenLowercaseEncodedSemicolonInServletPathThenThrowsRequestRejectedException() {
this.request.setServletPath("/spring%3b/");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenLowercaseEncodedSemicolonInPathInfoThenThrowsRequestRejectedException() {
this.request.setPathInfo("/path%3b/");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenLowercaseEncodedSemicolonInRequestUriThenThrowsRequestRejectedException() {
this.request.setRequestURI("/path%3b/");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test
@@ -290,16 +302,18 @@ public class StrictHttpFirewallTests {
this.firewall.getFirewalledRequest(this.request);
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenEncodedPeriodInThenThrowsRequestRejectedException() {
this.request.setRequestURI("/%2E/");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenLowercaseEncodedPeriodInThenThrowsRequestRejectedException() {
this.request.setRequestURI("/%2e/");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test
@@ -309,10 +323,11 @@ public class StrictHttpFirewallTests {
this.firewall.getFirewalledRequest(this.request);
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenExceedsLowerboundAsciiThenException() {
this.request.setRequestURI("/\u0019");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test
@@ -327,22 +342,25 @@ public class StrictHttpFirewallTests {
this.firewall.getFirewalledRequest(this.request);
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenExceedsUpperboundAsciiThenException() {
this.request.setRequestURI("/\u007f");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenContainsNullThenException() {
this.request.setRequestURI("/\0");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenContainsEncodedNullThenException() {
this.request.setRequestURI("/something%00/");
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
/**
@@ -350,22 +368,24 @@ public class StrictHttpFirewallTests {
* because the pathInfo is /a/b;/1/c which ends up being /a/b/1/c while Spring MVC
* will strip the ; content from requestURI before the path is URL decoded.
*/
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenLowercaseEncodedPathThenException() {
this.request.setRequestURI("/context-root/a/b;%2f1/c");
this.request.setContextPath("/context-root");
this.request.setServletPath("");
this.request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenUppercaseEncodedPathThenException() {
this.request.setRequestURI("/context-root/a/b;%2F1/c");
this.request.setContextPath("/context-root");
this.request.setServletPath("");
this.request.setPathInfo("/a/b;/1/c"); // URL decoded requestURI
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test
@@ -536,133 +556,138 @@ public class StrictHttpFirewallTests {
this.firewall.getFirewalledRequest(this.request);
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestWhenUntrustedDomainThenException() {
this.request.addHeader("Host", "example.org");
this.firewall.setAllowedHostnames((hostname) -> hostname.equals("myexample.org"));
this.firewall.getFirewalledRequest(this.request);
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> this.firewall.getFirewalledRequest(this.request));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetHeaderWhenNotAllowedHeaderNameThenException() {
this.firewall.setAllowedHeaderNames((name) -> !name.equals("bad name"));
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getHeader("bad name");
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeader("bad name"));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetHeaderWhenNotAllowedHeaderValueThenException() {
this.request.addHeader("good name", "bad value");
this.firewall.setAllowedHeaderValues((value) -> !value.equals("bad value"));
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getHeader("good name");
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeader("good name"));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetDateHeaderWhenControlCharacterInHeaderNameThenException() {
this.request.addHeader("Bad\0Name", "some value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getDateHeader("Bad\0Name");
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getDateHeader("Bad\0Name"));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetIntHeaderWhenControlCharacterInHeaderNameThenException() {
this.request.addHeader("Bad\0Name", "some value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getIntHeader("Bad\0Name");
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getIntHeader("Bad\0Name"));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetHeaderWhenControlCharacterInHeaderNameThenException() {
this.request.addHeader("Bad\0Name", "some value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getHeader("Bad\0Name");
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeader("Bad\0Name"));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetHeaderWhenUndefinedCharacterInHeaderNameThenException() {
this.request.addHeader("Bad\uFFFEName", "some value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getHeader("Bad\uFFFEName");
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeader("Bad\uFFFEName"));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetHeadersWhenControlCharacterInHeaderNameThenException() {
this.request.addHeader("Bad\0Name", "some value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getHeaders("Bad\0Name");
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeaders("Bad\0Name"));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetHeaderNamesWhenControlCharacterInHeaderNameThenException() {
this.request.addHeader("Bad\0Name", "some value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getHeaderNames().nextElement();
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> request.getHeaderNames().nextElement());
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetHeaderWhenControlCharacterInHeaderValueThenException() {
this.request.addHeader("Something", "bad\0value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getHeader("Something");
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeader("Something"));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetHeaderWhenUndefinedCharacterInHeaderValueThenException() {
this.request.addHeader("Something", "bad\uFFFEvalue");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getHeader("Something");
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getHeader("Something"));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetHeadersWhenControlCharacterInHeaderValueThenException() {
this.request.addHeader("Something", "bad\0value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getHeaders("Something").nextElement();
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> request.getHeaders("Something").nextElement());
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetParameterWhenControlCharacterInParameterNameThenException() {
this.request.addParameter("Bad\0Name", "some value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getParameter("Bad\0Name");
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(() -> request.getParameter("Bad\0Name"));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetParameterMapWhenControlCharacterInParameterNameThenException() {
this.request.addParameter("Bad\0Name", "some value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getParameterMap();
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(request::getParameterMap);
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetParameterNamesWhenControlCharacterInParameterNameThenException() {
this.request.addParameter("Bad\0Name", "some value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getParameterNames().nextElement();
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(request.getParameterNames()::nextElement);
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetParameterNamesWhenUndefinedCharacterInParameterNameThenException() {
this.request.addParameter("Bad\uFFFEName", "some value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getParameterNames().nextElement();
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(request.getParameterNames()::nextElement);
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetParameterValuesWhenNotAllowedInParameterValueThenException() {
this.firewall.setAllowedParameterValues((value) -> !value.equals("bad value"));
this.request.addParameter("Something", "bad value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getParameterValues("Something");
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> request.getParameterValues("Something"));
}
@Test(expected = RequestRejectedException.class)
@Test
public void getFirewalledRequestGetParameterValuesWhenNotAllowedInParameterNameThenException() {
this.firewall.setAllowedParameterNames((value) -> !value.equals("bad name"));
this.request.addParameter("bad name", "good value");
HttpServletRequest request = this.firewall.getFirewalledRequest(this.request);
request.getParameterValues("bad name");
assertThatExceptionOfType(RequestRejectedException.class)
.isThrownBy(() -> request.getParameterValues("bad name"));
}
}

View File

@@ -34,6 +34,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
@@ -55,15 +56,14 @@ public class HeaderWriterFilterTests {
@Mock
private HeaderWriter writer2;
@Test(expected = IllegalArgumentException.class)
@Test
public void noHeadersConfigured() {
List<HeaderWriter> headerWriters = new ArrayList<>();
new HeaderWriterFilter(headerWriters);
assertThatIllegalArgumentException().isThrownBy(() -> new HeaderWriterFilter(new ArrayList<>()));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullWriters() {
new HeaderWriterFilter(null);
assertThatIllegalArgumentException().isThrownBy(() -> new HeaderWriterFilter(null));
}
@Test

View File

@@ -23,6 +23,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Joe Grandja
@@ -102,10 +103,10 @@ public class ContentSecurityPolicyHeaderWriterTests {
assertThat(this.response.getHeader("Content-Security-Policy-Report-Only")).isEqualTo(policyDirectives);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void writeHeadersContentSecurityPolicyInvalid() {
this.writer = new ContentSecurityPolicyHeaderWriter("");
this.writer = new ContentSecurityPolicyHeaderWriter(null);
assertThatIllegalArgumentException().isThrownBy(() -> new ContentSecurityPolicyHeaderWriter(""));
assertThatIllegalArgumentException().isThrownBy(() -> new ContentSecurityPolicyHeaderWriter(null));
}
@Test

View File

@@ -27,6 +27,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.web.header.HeaderWriter;
import org.springframework.security.web.util.matcher.RequestMatcher;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
@@ -57,14 +58,16 @@ public class DelegatingRequestMatcherHeaderWriterTests {
this.headerWriter = new DelegatingRequestMatcherHeaderWriter(this.matcher, this.delegate);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullRequestMatcher() {
new DelegatingRequestMatcherHeaderWriter(null, this.delegate);
assertThatIllegalArgumentException()
.isThrownBy(() -> new DelegatingRequestMatcherHeaderWriter(null, this.delegate));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullDelegate() {
new DelegatingRequestMatcherHeaderWriter(this.matcher, null);
assertThatIllegalArgumentException()
.isThrownBy(() -> new DelegatingRequestMatcherHeaderWriter(this.matcher, null));
}
@Test

View File

@@ -29,6 +29,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Tim Ysewyn
@@ -166,19 +167,20 @@ public class HpkpHeaderWriterTests {
assertThat(this.response.getHeaderNames()).isEmpty();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setMaxAgeInSecondsToNegative() {
this.writer.setMaxAgeInSeconds(-1);
assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setMaxAgeInSeconds(-1));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void addSha256PinsWithNullPin() {
this.writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", null);
assertThatIllegalArgumentException()
.isThrownBy(() -> this.writer.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setIncorrectReportUri() {
this.writer.setReportUri("some url here...");
assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setReportUri("some url here..."));
}
@Test

View File

@@ -24,6 +24,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Rob Winch
@@ -124,14 +125,14 @@ public class HstsHeaderWriterTests {
.isEqualTo("max-age=31536000 ; includeSubDomains");
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setMaxAgeInSecondsToNegative() {
this.writer.setMaxAgeInSeconds(-1);
assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setMaxAgeInSeconds(-1));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setRequestMatcherToNull() {
this.writer.setRequestMatcher(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setRequestMatcher(null));
}
@Test

View File

@@ -24,6 +24,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Eddú Meléndez
@@ -64,9 +65,9 @@ public class ReferrerPolicyHeaderWriterTests {
assertThat(this.response.getHeader("Referrer-Policy")).isEqualTo("same-origin");
}
@Test(expected = IllegalArgumentException.class)
@Test
public void writeHeaderReferrerPolicyInvalid() {
this.writer = new ReferrerPolicyHeaderWriter(null);
assertThatIllegalArgumentException().isThrownBy(() -> new ReferrerPolicyHeaderWriter(null));
}
@Test

View File

@@ -27,6 +27,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.web.header.Header;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* Test for the {@code StaticHeadersWriter}
@@ -48,29 +49,29 @@ public class StaticHeaderWriterTests {
this.response = new MockHttpServletResponse();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullHeaders() {
new StaticHeadersWriter(null);
assertThatIllegalArgumentException().isThrownBy(() -> new StaticHeadersWriter(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorEmptyHeaders() {
new StaticHeadersWriter(Collections.<Header>emptyList());
assertThatIllegalArgumentException().isThrownBy(() -> new StaticHeadersWriter(Collections.<Header>emptyList()));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullHeaderName() {
new StaticHeadersWriter(null, "value1");
assertThatIllegalArgumentException().isThrownBy(() -> new StaticHeadersWriter(null, "value1"));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullHeaderValues() {
new StaticHeadersWriter("name", (String[]) null);
assertThatIllegalArgumentException().isThrownBy(() -> new StaticHeadersWriter("name", (String[]) null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorContainsNullHeaderValue() {
new StaticHeadersWriter("name", "value1", null);
assertThatIllegalArgumentException().isThrownBy(() -> new StaticHeadersWriter("name", "value1", null));
}
@Test

View File

@@ -23,6 +23,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Rob Winch
@@ -78,11 +79,11 @@ public class XXssProtectionHeaderWriterTests {
assertThat(this.response.getHeaderValues("X-XSS-Protection")).containsOnly("0");
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setBlockTrueWithEnabledFalse() {
this.writer.setBlock(false);
this.writer.setEnabled(false);
this.writer.setBlock(true);
assertThatIllegalArgumentException().isThrownBy(() -> this.writer.setBlock(true));
}
@Test

View File

@@ -27,6 +27,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.BDDMockito.given;
/**
@@ -51,19 +52,20 @@ public class FrameOptionsHeaderWriterTests {
this.response = new MockHttpServletResponse();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullMode() {
new XFrameOptionsHeaderWriter((XFrameOptionsMode) null);
assertThatIllegalArgumentException().isThrownBy(() -> new XFrameOptionsHeaderWriter((XFrameOptionsMode) null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorAllowFromNoAllowFromStrategy() {
new XFrameOptionsHeaderWriter(XFrameOptionsMode.ALLOW_FROM);
assertThatIllegalArgumentException()
.isThrownBy(() -> new XFrameOptionsHeaderWriter(XFrameOptionsMode.ALLOW_FROM));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullAllowFromStrategy() {
new XFrameOptionsHeaderWriter((AllowFromStrategy) null);
assertThatIllegalArgumentException().isThrownBy(() -> new XFrameOptionsHeaderWriter((AllowFromStrategy) null));
}
@Test

View File

@@ -23,20 +23,22 @@ import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Marten Deinum
*/
public class RegExpAllowFromStrategyTests {
@Test(expected = PatternSyntaxException.class)
@Test
public void invalidRegularExpressionShouldLeadToException() {
new RegExpAllowFromStrategy("[a-z");
assertThatExceptionOfType(PatternSyntaxException.class).isThrownBy(() -> new RegExpAllowFromStrategy("[a-z"));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void nullRegularExpressionShouldLeadToException() {
new RegExpAllowFromStrategy(null);
assertThatIllegalArgumentException().isThrownBy(() -> new RegExpAllowFromStrategy(null));
}
@Test

View File

@@ -24,6 +24,7 @@ import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* Test for the {@code WhiteListedAllowFromStrategy}.
@@ -33,14 +34,14 @@ import static org.assertj.core.api.Assertions.assertThat;
*/
public class WhiteListedAllowFromStrategyTests {
@Test(expected = IllegalArgumentException.class)
@Test
public void emptyListShouldThrowException() {
new WhiteListedAllowFromStrategy(new ArrayList<>());
assertThatIllegalArgumentException().isThrownBy(() -> new WhiteListedAllowFromStrategy(new ArrayList<>()));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void nullListShouldThrowException() {
new WhiteListedAllowFromStrategy(null);
assertThatIllegalArgumentException().isThrownBy(() -> new WhiteListedAllowFromStrategy(null));
}
@Test

View File

@@ -27,6 +27,7 @@ import org.skyscreamer.jsonassert.JSONAssert;
import org.springframework.security.web.csrf.DefaultCsrfToken;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Jitendra Singh
@@ -58,16 +59,18 @@ public class DefaultCsrfTokenMixinTests extends AbstractMixinTests {
assertThat(token.getToken()).isEqualTo("1");
}
@Test(expected = JsonMappingException.class)
@Test
public void defaultCsrfTokenDeserializeWithoutClassTest() throws IOException {
String tokenJson = "{\"headerName\": \"csrf-header\", \"parameterName\": \"_csrf\", \"token\": \"1\"}";
this.mapper.readValue(tokenJson, DefaultCsrfToken.class);
assertThatExceptionOfType(JsonMappingException.class)
.isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class));
}
@Test(expected = JsonMappingException.class)
@Test
public void defaultCsrfTokenDeserializeNullValuesTest() throws IOException {
String tokenJson = "{\"@class\": \"org.springframework.security.web.csrf.DefaultCsrfToken\", \"headerName\": \"\", \"parameterName\": null, \"token\": \"1\"}";
this.mapper.readValue(tokenJson, DefaultCsrfToken.class);
assertThatExceptionOfType(JsonMappingException.class)
.isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class));
}
}

View File

@@ -36,6 +36,7 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.ReflectionUtils;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Rob Winch
@@ -141,16 +142,18 @@ public class AuthenticationPrincipalArgumentResolverTests {
assertThat(this.resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
}
@Test(expected = ClassCastException.class)
@Test
public void resolveArgumentErrorOnInvalidType() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null);
assertThatExceptionOfType(ClassCastException.class).isThrownBy(
() -> this.resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null));
}
@Test(expected = ClassCastException.class)
@Test
public void resolveArgumentCustomserErrorOnInvalidType() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
this.resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null);
assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> this.resolver
.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null));
}
@Test

View File

@@ -29,6 +29,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.web.PortResolverImpl;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
public class SavedRequestAwareWrapperTests {
@@ -144,12 +145,12 @@ public class SavedRequestAwareWrapperTests {
assertThat(wrapper.getDateHeader("nonexistent")).isEqualTo(-1L);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void invalidDateHeaderIsRejected() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("header", "notadate");
SavedRequestAwareWrapper wrapper = createWrapper(request, new MockHttpServletRequest());
wrapper.getDateHeader("header");
assertThatIllegalArgumentException().isThrownBy(() -> wrapper.getDateHeader("header"));
}
@Test

View File

@@ -29,6 +29,7 @@ import org.springframework.mock.web.server.MockServerWebExchange;
import org.springframework.web.server.ServerWebExchange;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.verifyZeroInteractions;
/**
@@ -45,14 +46,14 @@ public class DefaultServerRedirectStrategyTests {
private DefaultServerRedirectStrategy strategy = new DefaultServerRedirectStrategy();
@Test(expected = IllegalArgumentException.class)
@Test
public void sendRedirectWhenLocationNullThenException() {
this.strategy.sendRedirect(this.exchange, null);
assertThatIllegalArgumentException().isThrownBy(() -> this.strategy.sendRedirect(this.exchange, null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void sendRedirectWhenExchangeNullThenException() {
this.strategy.sendRedirect(null, this.location);
assertThatIllegalArgumentException().isThrownBy(() -> this.strategy.sendRedirect(null, this.location));
}
@Test
@@ -106,9 +107,9 @@ public class DefaultServerRedirectStrategyTests {
assertThat(this.exchange.getResponse().getHeaders().getLocation()).hasPath(this.location.getPath());
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setHttpStatusWhenNullThenException() {
this.strategy.setHttpStatus(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.strategy.setHttpStatus(null));
}
private static MockServerWebExchange exchange(MockServerHttpRequest.BaseBuilder<?> request) {

View File

@@ -25,6 +25,7 @@ import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilterChain;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Rob Winch
@@ -39,16 +40,14 @@ public class WebFilterExchangeTests {
@Mock
private WebFilterChain chain;
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorServerWebExchangeWebFilterChainWhenExchangeNullThenException() {
this.exchange = null;
new WebFilterExchange(this.exchange, this.chain);
assertThatIllegalArgumentException().isThrownBy(() -> new WebFilterExchange(null, this.chain));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorServerWebExchangeWebFilterChainWhenChainNullThenException() {
this.chain = null;
new WebFilterExchange(this.exchange, this.chain);
assertThatIllegalArgumentException().isThrownBy(() -> new WebFilterExchange(this.exchange, null));
}
@Test

View File

@@ -30,6 +30,7 @@ import org.springframework.security.core.Authentication;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.assertj.core.api.Assertions.assertThatNullPointerException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
@@ -57,9 +58,10 @@ public class AuthenticationConverterServerWebExchangeMatcherTests {
this.matcher = new AuthenticationConverterServerWebExchangeMatcher(this.converter);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorConverterWhenConverterNullThenThrowsException() {
new AuthenticationConverterServerWebExchangeMatcher(null);
assertThatIllegalArgumentException()
.isThrownBy(() -> new AuthenticationConverterServerWebExchangeMatcher(null));
}
@Test

View File

@@ -36,6 +36,7 @@ import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.web.server.ServerWebExchange;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.BDDMockito.given;
@@ -235,9 +236,9 @@ public class AuthenticationWebFilterTests {
verifyZeroInteractions(this.successHandler, this.failureHandler);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setRequiresAuthenticationMatcherWhenNullThenException() {
this.filter.setRequiresAuthenticationMatcher(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setRequiresAuthenticationMatcher(null));
}
}

View File

@@ -29,6 +29,7 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.web.server.ServerWebExchange;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.verifyZeroInteractions;
/**
@@ -70,9 +71,9 @@ public class HttpBasicServerAuthenticationEntryPointTests {
.containsOnly("Basic realm=\"Custom\"");
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setRealmWhenNullThenException() {
this.entryPoint.setRealm(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.entryPoint.setRealm(null));
}
private static MockServerWebExchange exchange(MockServerHttpRequest.BaseBuilder<?> request) {

View File

@@ -32,6 +32,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
@@ -68,35 +69,40 @@ public class ReactivePreAuthenticatedAuthenticationManagerTests {
assertThat(authentication.isAuthenticated()).isEqualTo(true);
}
@Test(expected = UsernameNotFoundException.class)
@Test
public void returnsNullForNonExistingAccount() {
given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.empty());
this.manager.authenticate(tokenForUser(this.nonExistingAccount.getUsername())).block();
assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(
() -> this.manager.authenticate(tokenForUser(this.nonExistingAccount.getUsername())).block());
}
@Test(expected = LockedException.class)
@Test
public void throwsExceptionForLockedAccount() {
given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.lockedAccount));
this.manager.authenticate(tokenForUser(this.lockedAccount.getUsername())).block();
assertThatExceptionOfType(LockedException.class)
.isThrownBy(() -> this.manager.authenticate(tokenForUser(this.lockedAccount.getUsername())).block());
}
@Test(expected = DisabledException.class)
@Test
public void throwsExceptionForDisabledAccount() {
given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.disabledAccount));
this.manager.authenticate(tokenForUser(this.disabledAccount.getUsername())).block();
assertThatExceptionOfType(DisabledException.class)
.isThrownBy(() -> this.manager.authenticate(tokenForUser(this.disabledAccount.getUsername())).block());
}
@Test(expected = AccountExpiredException.class)
@Test
public void throwsExceptionForExpiredAccount() {
given(this.mockUserDetailsService.findByUsername(anyString())).willReturn(Mono.just(this.expiredAccount));
this.manager.authenticate(tokenForUser(this.expiredAccount.getUsername())).block();
assertThatExceptionOfType(AccountExpiredException.class)
.isThrownBy(() -> this.manager.authenticate(tokenForUser(this.expiredAccount.getUsername())).block());
}
@Test(expected = CredentialsExpiredException.class)
@Test
public void throwsExceptionForAccountWithExpiredCredentials() {
given(this.mockUserDetailsService.findByUsername(anyString()))
.willReturn(Mono.just(this.accountWithExpiredCredentials));
this.manager.authenticate(tokenForUser(this.accountWithExpiredCredentials.getUsername())).block();
assertThatExceptionOfType(CredentialsExpiredException.class).isThrownBy(() -> this.manager
.authenticate(tokenForUser(this.accountWithExpiredCredentials.getUsername())).block());
}
private Authentication tokenForUser(String username) {

View File

@@ -31,6 +31,7 @@ import org.springframework.security.web.server.ServerRedirectStrategy;
import org.springframework.web.server.ServerWebExchange;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
@@ -55,9 +56,9 @@ public class RedirectServerAuthenticationEntryPointTests {
private AuthenticationException exception = new AuthenticationCredentialsNotFoundException(
"Authentication Required");
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorStringWhenNullLocationThenException() {
new RedirectServerAuthenticationEntryPoint(null);
assertThatIllegalArgumentException().isThrownBy(() -> new RedirectServerAuthenticationEntryPoint(null));
}
@Test
@@ -86,9 +87,9 @@ public class RedirectServerAuthenticationEntryPointTests {
redirectResult.assertWasSubscribed();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setRedirectStrategyWhenNullThenException() {
this.entryPoint.setRedirectStrategy(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.entryPoint.setRedirectStrategy(null));
}
}

View File

@@ -33,6 +33,7 @@ import org.springframework.security.web.server.WebFilterExchange;
import org.springframework.web.server.handler.DefaultWebFilterChain;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
@@ -56,9 +57,9 @@ public class RedirectServerAuthenticationFailureHandlerTests {
private AuthenticationException exception = new AuthenticationCredentialsNotFoundException(
"Authentication Required");
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorStringWhenNullLocationThenException() {
new RedirectServerAuthenticationEntryPoint(null);
assertThatIllegalArgumentException().isThrownBy(() -> new RedirectServerAuthenticationEntryPoint(null));
}
@Test
@@ -87,9 +88,9 @@ public class RedirectServerAuthenticationFailureHandlerTests {
redirectResult.assertWasSubscribed();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setRedirectStrategyWhenNullThenException() {
this.handler.setRedirectStrategy(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setRedirectStrategy(null));
}
private WebFilterExchange createExchange() {

View File

@@ -34,6 +34,7 @@ import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilterChain;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.BDDMockito.given;
@@ -62,9 +63,9 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
private RedirectServerAuthenticationSuccessHandler handler = new RedirectServerAuthenticationSuccessHandler();
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorStringWhenNullLocationThenException() {
new RedirectServerAuthenticationEntryPoint(null);
assertThatIllegalArgumentException().isThrownBy(() -> new RedirectServerAuthenticationEntryPoint(null));
}
@Test
@@ -96,14 +97,14 @@ public class RedirectServerAuthenticationSuccessHandlerTests {
verify(this.redirectStrategy).sendRedirect(any(), eq(this.location));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setRedirectStrategyWhenNullThenException() {
this.handler.setRedirectStrategy(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setRedirectStrategy(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setLocationWhenNullThenException() {
this.handler.setLocation(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setLocation(null));
}
}

View File

@@ -30,6 +30,7 @@ import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilterChain;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.BDDMockito.given;
/**
@@ -54,10 +55,9 @@ public class ServerAuthenticationEntryPointFailureHandlerTests {
@InjectMocks
private ServerAuthenticationEntryPointFailureHandler handler;
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorWhenNullEntryPointThenException() {
this.authenticationEntryPoint = null;
new ServerAuthenticationEntryPointFailureHandler(this.authenticationEntryPoint);
assertThatIllegalArgumentException().isThrownBy(() -> new ServerAuthenticationEntryPointFailureHandler(null));
}
@Test

View File

@@ -29,6 +29,7 @@ import org.springframework.util.MultiValueMap;
import org.springframework.web.server.ServerWebExchange;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.BDDMockito.given;
/**
@@ -86,14 +87,14 @@ public class ServerFormLoginAuthenticationConverterTests {
assertThat(authentication.getAuthorities()).isEmpty();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setUsernameParameterWhenNullThenIllegalArgumentException() {
this.converter.setUsernameParameter(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setUsernameParameter(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setPasswordParameterWhenNullThenIllegalArgumentException() {
this.converter.setPasswordParameter(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.converter.setPasswordParameter(null));
}
}

View File

@@ -26,6 +26,7 @@ import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import reactor.core.publisher.Mono;
import reactor.util.context.Context;
import org.springframework.http.HttpMethod;
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
@@ -179,12 +180,11 @@ public class SwitchUserWebFilterTests {
.from(MockServerHttpRequest.post("/login/impersonate"));
final WebFilterChain chain = mock(WebFilterChain.class);
final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class));
assertThatIllegalArgumentException()
.isThrownBy(() -> this.switchUserWebFilter.filter(exchange, chain)
.subscriberContext(
ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
.block())
.withMessage("The userName can not be null.");
assertThatIllegalArgumentException().isThrownBy(() -> {
Context securityContextHolder = ReactiveSecurityContextHolder
.withSecurityContext(Mono.just(securityContext));
this.switchUserWebFilter.filter(exchange, chain).subscriberContext(securityContextHolder).block();
}).withMessage("The userName can not be null.");
verifyNoInteractions(chain);
}
@@ -216,12 +216,11 @@ public class SwitchUserWebFilterTests {
final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class));
final UserDetails switchUserDetails = switchUserDetails(targetUsername, false);
given(this.userDetailsService.findByUsername(any(String.class))).willReturn(Mono.just(switchUserDetails));
assertThatExceptionOfType(DisabledException.class)
.isThrownBy(
() -> this.switchUserWebFilter.filter(exchange, chain)
.subscriberContext(
ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
.block());
assertThatExceptionOfType(DisabledException.class).isThrownBy(() -> {
Context securityContextHolder = ReactiveSecurityContextHolder
.withSecurityContext(Mono.just(securityContext));
this.switchUserWebFilter.filter(exchange, chain).subscriberContext(securityContextHolder).block();
});
verifyNoInteractions(chain);
}
@@ -264,12 +263,11 @@ public class SwitchUserWebFilterTests {
"origCredentials");
final WebFilterChain chain = mock(WebFilterChain.class);
final SecurityContextImpl securityContext = new SecurityContextImpl(originalAuthentication);
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
.isThrownBy(() -> this.switchUserWebFilter.filter(exchange, chain)
.subscriberContext(
ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
.block())
.withMessage("Could not find original Authentication object");
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class).isThrownBy(() -> {
Context securityContextHolder = ReactiveSecurityContextHolder
.withSecurityContext(Mono.just(securityContext));
this.switchUserWebFilter.filter(exchange, chain).subscriberContext(securityContextHolder).block();
}).withMessage("Could not find original Authentication object");
verifyNoInteractions(chain);
}

View File

@@ -35,6 +35,7 @@ import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilterChain;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
@@ -128,14 +129,14 @@ public class ExceptionTranslationWebFilterTests {
this.entryPointPublisher.assertWasNotSubscribed();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setAccessDeniedHandlerWhenNullThenException() {
this.filter.setAccessDeniedHandler(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setAccessDeniedHandler(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setAuthenticationEntryPointWhenNullThenException() {
this.filter.setAuthenticationEntryPoint(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setAuthenticationEntryPoint(null));
}
}

View File

@@ -28,6 +28,7 @@ import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.server.ServerWebExchange;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.verifyZeroInteractions;
/**
@@ -46,9 +47,9 @@ public class HttpStatusServerAccessDeniedHandlerTests {
private AccessDeniedException exception = new AccessDeniedException("Forbidden");
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorHttpStatusWhenNullThenException() {
new HttpStatusServerAccessDeniedHandler(null);
assertThatIllegalArgumentException().isThrownBy(() -> new HttpStatusServerAccessDeniedHandler(null));
}
@Test

View File

@@ -38,6 +38,7 @@ import org.springframework.web.server.WebFilterChain;
import org.springframework.web.server.handler.DefaultWebFilterChain;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
@@ -69,10 +70,9 @@ public class ReactorContextWebFilterTests {
given(this.repository.load(any())).willReturn(this.securityContext.mono());
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullSecurityContextRepository() {
ServerSecurityContextRepository repository = null;
new ReactorContextWebFilter(repository);
assertThatIllegalArgumentException().isThrownBy(() -> new ReactorContextWebFilter(null));
}
@Test

View File

@@ -28,6 +28,7 @@ import org.springframework.security.web.jackson2.AbstractMixinTests;
import org.springframework.security.web.server.csrf.DefaultCsrfToken;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Boris Finkelshteyn
@@ -59,16 +60,18 @@ public class DefaultCsrfServerTokenMixinTests extends AbstractMixinTests {
assertThat(token.getToken()).isEqualTo("1");
}
@Test(expected = JsonMappingException.class)
@Test
public void defaultCsrfTokenDeserializeWithoutClassTest() throws IOException {
String tokenJson = "{\"headerName\": \"csrf-header\", \"parameterName\": \"_csrf\", \"token\": \"1\"}";
this.mapper.readValue(tokenJson, DefaultCsrfToken.class);
assertThatExceptionOfType(JsonMappingException.class)
.isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class));
}
@Test(expected = JsonMappingException.class)
@Test
public void defaultCsrfTokenDeserializeNullValuesTest() throws IOException {
String tokenJson = "{\"@class\": \"org.springframework.security.web.server.csrf.DefaultCsrfToken\", \"headerName\": \"\", \"parameterName\": null, \"token\": \"1\"}";
this.mapper.readValue(tokenJson, DefaultCsrfToken.class);
assertThatExceptionOfType(JsonMappingException.class)
.isThrownBy(() -> this.mapper.readValue(tokenJson, DefaultCsrfToken.class));
}
}

View File

@@ -27,6 +27,7 @@ import org.springframework.mock.web.server.MockServerWebExchange;
import org.springframework.web.server.ServerWebExchange;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Rob Winch
@@ -36,28 +37,28 @@ public class MediaTypeServerWebExchangeMatcherTests {
private MediaTypeServerWebExchangeMatcher matcher;
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorMediaTypeArrayWhenNullThenThrowsIllegalArgumentException() {
MediaType[] types = null;
new MediaTypeServerWebExchangeMatcher(types);
assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeServerWebExchangeMatcher(types));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorMediaTypeArrayWhenContainsNullThenThrowsIllegalArgumentException() {
MediaType[] types = { null };
new MediaTypeServerWebExchangeMatcher(types);
assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeServerWebExchangeMatcher(types));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorMediaTypeListWhenNullThenThrowsIllegalArgumentException() {
List<MediaType> types = null;
new MediaTypeServerWebExchangeMatcher(types);
assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeServerWebExchangeMatcher(types));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorMediaTypeListWhenContainsNullThenThrowsIllegalArgumentException() {
List<MediaType> types = Collections.singletonList(null);
new MediaTypeServerWebExchangeMatcher(types);
assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeServerWebExchangeMatcher(types));
}
@Test

View File

@@ -32,6 +32,7 @@ import org.springframework.web.server.session.DefaultWebSessionManager;
import org.springframework.web.util.pattern.PathPattern;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.verifyZeroInteractions;
@@ -65,14 +66,16 @@ public class PathMatcherServerWebExchangeMatcherTests {
this.matcher = new PathPatternParserServerWebExchangeMatcher(this.pattern);
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorPatternWhenPatternNullThenThrowsException() {
new PathPatternParserServerWebExchangeMatcher((PathPattern) null);
assertThatIllegalArgumentException()
.isThrownBy(() -> new PathPatternParserServerWebExchangeMatcher((PathPattern) null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorPatternAndMethodWhenPatternNullThenThrowsException() {
new PathPatternParserServerWebExchangeMatcher((PathPattern) null, HttpMethod.GET);
assertThatIllegalArgumentException()
.isThrownBy(() -> new PathPatternParserServerWebExchangeMatcher((PathPattern) null, HttpMethod.GET));
}
@Test

View File

@@ -26,6 +26,7 @@ import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.StaticWebApplicationContext;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
/**
* The HttpSessionEventPublisher tests
@@ -94,32 +95,31 @@ public class HttpSessionEventPublisherTests {
}
// SEC-2599
@Test(expected = IllegalStateException.class)
@Test
public void sessionCreatedNullApplicationContext() {
HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
MockServletContext servletContext = new MockServletContext();
MockHttpSession session = new MockHttpSession(servletContext);
HttpSessionEvent event = new HttpSessionEvent(session);
publisher.sessionCreated(event);
assertThatIllegalStateException().isThrownBy(() -> publisher.sessionCreated(event));
}
// SEC-2599
@Test(expected = IllegalStateException.class)
@Test // SEC-2599
public void sessionDestroyedNullApplicationContext() {
HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
MockServletContext servletContext = new MockServletContext();
MockHttpSession session = new MockHttpSession(servletContext);
HttpSessionEvent event = new HttpSessionEvent(session);
publisher.sessionDestroyed(event);
assertThatIllegalStateException().isThrownBy(() -> publisher.sessionDestroyed(event));
}
@Test(expected = IllegalStateException.class)
@Test
public void sessionIdChangeNullApplicationContext() {
HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
MockServletContext servletContext = new MockServletContext();
MockHttpSession session = new MockHttpSession(servletContext);
HttpSessionEvent event = new HttpSessionEvent(session);
publisher.sessionIdChanged(event, "oldSessionId");
assertThatIllegalStateException().isThrownBy(() -> publisher.sessionIdChanged(event, "oldSessionId"));
}
}

View File

@@ -24,27 +24,30 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.session.SessionInformation;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Rob Winch
* @since 4.2
*/
public class SessionInformationExpiredEventTests {
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorWhenSessionInformationNullThenThrowsException() {
new SessionInformationExpiredEvent(null, new MockHttpServletRequest(), new MockHttpServletResponse());
assertThatIllegalArgumentException().isThrownBy(() -> new SessionInformationExpiredEvent(null,
new MockHttpServletRequest(), new MockHttpServletResponse()));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorWhenRequestNullThenThrowsException() {
new SessionInformationExpiredEvent(new SessionInformation("fake", "sessionId", new Date()), null,
new MockHttpServletResponse());
assertThatIllegalArgumentException().isThrownBy(() -> new SessionInformationExpiredEvent(
new SessionInformation("fake", "sessionId", new Date()), null, new MockHttpServletResponse()));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorWhenResponseNullThenThrowsException() {
new SessionInformationExpiredEvent(new SessionInformation("fake", "sessionId", new Date()),
new MockHttpServletRequest(), null);
assertThatIllegalArgumentException().isThrownBy(() -> new SessionInformationExpiredEvent(
new SessionInformation("fake", "sessionId", new Date()), new MockHttpServletRequest(), null));
}
}

View File

@@ -36,6 +36,7 @@ import org.springframework.security.web.authentication.session.SessionAuthentica
import org.springframework.security.web.context.SecurityContextRepository;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
import static org.mockito.BDDMockito.willThrow;
@@ -161,11 +162,11 @@ public class SessionManagementFilterTests {
verify(trustResolver).isAnonymous(any(Authentication.class));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void setTrustResolverNull() {
SecurityContextRepository repo = mock(SecurityContextRepository.class);
SessionManagementFilter filter = new SessionManagementFilter(repo);
filter.setTrustResolver(null);
assertThatIllegalArgumentException().isThrownBy(() -> filter.setTrustResolver(null));
}
private void authenticateUser() {

View File

@@ -19,6 +19,7 @@ package org.springframework.security.web.util;
import org.junit.Test;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
public class TextEscapeUtilsTests {
@@ -36,19 +37,19 @@ public class TextEscapeUtilsTests {
assertThat(TextEscapeUtils.escapeEntities(null)).isNull();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void invalidLowSurrogateIsDetected() {
TextEscapeUtils.escapeEntities("abc\uDCCCdef");
assertThatIllegalArgumentException().isThrownBy(() -> TextEscapeUtils.escapeEntities("abc\uDCCCdef"));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void missingLowSurrogateIsDetected() {
TextEscapeUtils.escapeEntities("abc\uD888a");
assertThatIllegalArgumentException().isThrownBy(() -> TextEscapeUtils.escapeEntities("abc\uD888a"));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void highSurrogateAtEndOfStringIsRejected() {
TextEscapeUtils.escapeEntities("abc\uD888");
assertThatIllegalArgumentException().isThrownBy(() -> TextEscapeUtils.escapeEntities("abc\uD888"));
}
/**

View File

@@ -28,6 +28,8 @@ import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.assertj.core.api.Assertions.assertThatNullPointerException;
import static org.mockito.BDDMockito.given;
/**
@@ -48,34 +50,36 @@ public class AndRequestMatcherTests {
private RequestMatcher matcher;
@Test(expected = NullPointerException.class)
@Test
public void constructorNullArray() {
new AndRequestMatcher((RequestMatcher[]) null);
assertThatNullPointerException().isThrownBy(() -> new AndRequestMatcher((RequestMatcher[]) null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorArrayContainsNull() {
new AndRequestMatcher((RequestMatcher) null);
assertThatIllegalArgumentException().isThrownBy(() -> new AndRequestMatcher((RequestMatcher) null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorEmptyArray() {
new AndRequestMatcher(new RequestMatcher[0]);
assertThatIllegalArgumentException().isThrownBy(() -> new AndRequestMatcher(new RequestMatcher[0]));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullList() {
new AndRequestMatcher((List<RequestMatcher>) null);
assertThatIllegalArgumentException().isThrownBy(() -> new AndRequestMatcher((List<RequestMatcher>) null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorListContainsNull() {
new AndRequestMatcher(Arrays.asList((RequestMatcher) null));
assertThatIllegalArgumentException()
.isThrownBy(() -> new AndRequestMatcher(Arrays.asList((RequestMatcher) null)));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorEmptyList() {
new AndRequestMatcher(Collections.<RequestMatcher>emptyList());
assertThatIllegalArgumentException()
.isThrownBy(() -> new AndRequestMatcher(Collections.<RequestMatcher>emptyList()));
}
@Test

View File

@@ -33,6 +33,7 @@ import org.springframework.web.accept.ContentNegotiationStrategy;
import org.springframework.web.context.request.NativeWebRequest;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
@@ -55,41 +56,45 @@ public class MediaTypeRequestMatcherTests {
this.request = new MockHttpServletRequest();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorWhenNullCNSThenIAE() {
ContentNegotiationStrategy c = null;
new MediaTypeRequestMatcher(c, MediaType.ALL);
assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeRequestMatcher(c, MediaType.ALL));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullCNSSet() {
new MediaTypeRequestMatcher(null, Collections.singleton(MediaType.ALL));
assertThatIllegalArgumentException()
.isThrownBy(() -> new MediaTypeRequestMatcher(null, Collections.singleton(MediaType.ALL)));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNoVarargs() {
new MediaTypeRequestMatcher(this.negotiationStrategy);
assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeRequestMatcher(this.negotiationStrategy));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullMediaTypes() {
Collection<MediaType> mediaTypes = null;
new MediaTypeRequestMatcher(this.negotiationStrategy, mediaTypes);
assertThatIllegalArgumentException()
.isThrownBy(() -> new MediaTypeRequestMatcher(this.negotiationStrategy, mediaTypes));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorEmtpyMediaTypes() {
new MediaTypeRequestMatcher(this.negotiationStrategy, Collections.<MediaType>emptyList());
assertThatIllegalArgumentException().isThrownBy(
() -> new MediaTypeRequestMatcher(this.negotiationStrategy, Collections.<MediaType>emptyList()));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorWhenEmptyMediaTypeThenIAE() {
new MediaTypeRequestMatcher();
assertThatIllegalArgumentException().isThrownBy(() -> new MediaTypeRequestMatcher());
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorWhenEmptyMediaTypeCollectionThenIAE() {
new MediaTypeRequestMatcher(Collections.<MediaType>emptyList());
assertThatIllegalArgumentException()
.isThrownBy(() -> new MediaTypeRequestMatcher(Collections.<MediaType>emptyList()));
}
@Test

View File

@@ -24,6 +24,7 @@ import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.BDDMockito.given;
/**
@@ -41,9 +42,9 @@ public class NegatedRequestMatcherTests {
private RequestMatcher matcher;
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNull() {
new NegatedRequestMatcher(null);
assertThatIllegalArgumentException().isThrownBy(() -> new NegatedRequestMatcher(null));
}
@Test

View File

@@ -28,6 +28,8 @@ import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.assertj.core.api.Assertions.assertThatNullPointerException;
import static org.mockito.BDDMockito.given;
/**
@@ -48,34 +50,36 @@ public class OrRequestMatcherTests {
private RequestMatcher matcher;
@Test(expected = NullPointerException.class)
@Test
public void constructorNullArray() {
new OrRequestMatcher((RequestMatcher[]) null);
assertThatNullPointerException().isThrownBy(() -> new OrRequestMatcher((RequestMatcher[]) null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorArrayContainsNull() {
new OrRequestMatcher((RequestMatcher) null);
assertThatIllegalArgumentException().isThrownBy(() -> new OrRequestMatcher((RequestMatcher) null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorEmptyArray() {
new OrRequestMatcher(new RequestMatcher[0]);
assertThatIllegalArgumentException().isThrownBy(() -> new OrRequestMatcher(new RequestMatcher[0]));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullList() {
new OrRequestMatcher((List<RequestMatcher>) null);
assertThatIllegalArgumentException().isThrownBy(() -> new OrRequestMatcher((List<RequestMatcher>) null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorListContainsNull() {
new OrRequestMatcher(Arrays.asList((RequestMatcher) null));
assertThatIllegalArgumentException()
.isThrownBy(() -> new OrRequestMatcher(Arrays.asList((RequestMatcher) null)));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorEmptyList() {
new OrRequestMatcher(Collections.<RequestMatcher>emptyList());
assertThatIllegalArgumentException()
.isThrownBy(() -> new OrRequestMatcher(Collections.<RequestMatcher>emptyList()));
}
@Test

View File

@@ -22,6 +22,7 @@ import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Rob Winch
@@ -40,14 +41,14 @@ public class RequestHeaderRequestMatcherTests {
this.request = new MockHttpServletRequest();
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullHeaderName() {
new RequestHeaderRequestMatcher(null);
assertThatIllegalArgumentException().isThrownBy(() -> new RequestHeaderRequestMatcher(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorNullHeaderNameNonNullHeaderValue() {
new RequestHeaderRequestMatcher(null, "v");
assertThatIllegalArgumentException().isThrownBy(() -> new RequestHeaderRequestMatcher(null, "v"));
}
@Test