Use HttpSecurity Lambda DSL in Test

Issue gh-13067

test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java

@@ -37,6 +37,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
@@ -132,11 +133,10 @@ public class Sec2935Tests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/admin/**").hasRole("ADMIN")
-					.anyRequest().authenticated()
+					.anyRequest().authenticated())
-					.and()
+				.httpBasic(withDefaults());
-				.httpBasic();
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java

@@ -82,8 +82,8 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement()
+				.sessionManagement((management) -> management
-					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+					.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java

@@ -63,7 +63,7 @@ public class SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests {
 
 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			http.csrf().csrfTokenRepository(cookieCsrfTokenRepository);
+			http.csrf((csrf) -> csrf.csrfTokenRepository(cookieCsrfTokenRepository));
 			return http.build();
 		}
 

test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java

@@ -60,6 +60,7 @@ import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Client;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -183,7 +184,7 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
 				.authorizeRequests((authz) -> authz
 						.anyRequest().permitAll()
 				)
-				.oauth2Client();
+				.oauth2Client(withDefaults());
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java

@@ -55,6 +55,7 @@ import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 import static org.mockito.Mockito.mock;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -160,7 +161,7 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
 				.authorizeRequests((authorize) -> authorize
 						.requestMatchers("/admin/**").hasAuthority("SCOPE_admin")
 						.anyRequest().hasAuthority("SCOPE_read")
-				).oauth2Login();
+				).oauth2Login(withDefaults());
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java

@@ -56,6 +56,7 @@ import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 import static org.mockito.Mockito.mock;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oidcLogin;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -155,11 +156,10 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/admin/**").hasAuthority("SCOPE_admin")
-					.anyRequest().hasAuthority("SCOPE_read")
+					.anyRequest().hasAuthority("SCOPE_read"))
-					.and()
+				.oauth2Login(withDefaults());
-				.oauth2Login();
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java

@@ -130,13 +130,12 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/admin/**").hasAuthority("SCOPE_admin")
-					.anyRequest().hasAuthority("SCOPE_read")
+					.anyRequest().hasAuthority("SCOPE_read"))
-					.and()
+				.oauth2ResourceServer((server) -> server
-				.oauth2ResourceServer()
+					.opaqueToken((opaqueToken) -> opaqueToken
-					.opaqueToken()
+						.introspector(mock(OpaqueTokenIntrospector.class))));
-						.introspector(mock(OpaqueTokenIntrospector.class));
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java

@@ -80,8 +80,8 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTes
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement()
+				.sessionManagement((management) -> management
-					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+					.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/response/Gh3409Tests.java

@@ -35,6 +35,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.securityContext;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
@@ -98,12 +99,11 @@ public class Gh3409Tests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/public/**").permitAll()
-					.anyRequest().authenticated()
+					.anyRequest().authenticated())
-					.and()
+				.formLogin(withDefaults())
-				.formLogin().and()
+				.httpBasic(withDefaults());
-				.httpBasic();
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java

@@ -84,8 +84,8 @@ public class CustomCsrfShowcaseTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf()
+				.csrf((csrf) -> csrf
-					.csrfTokenRepository(repo());
+					.csrfTokenRepository(repo()));
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java

@@ -99,16 +99,14 @@ public class CustomConfigAuthenticationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
-					.anyRequest().authenticated()
+					.anyRequest().authenticated())
-					.and()
+				.securityContext((context) -> context
-				.securityContext()
+					.securityContextRepository(securityContextRepository()))
-					.securityContextRepository(securityContextRepository())
+				.formLogin((login) -> login
-					.and()
-				.formLogin()
 					.usernameParameter("user")
 					.passwordParameter("pass")
-					.loginPage("/authenticate");
+					.loginPage("/authenticate"));
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java

@@ -90,13 +90,12 @@ public class CustomLoginRequestBuilderAuthenticationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
-					.anyRequest().authenticated()
+					.anyRequest().authenticated())
-					.and()
+				.formLogin((login) -> login
-				.formLogin()
 					.usernameParameter("user")
 					.passwordParameter("pass")
-					.loginPage("/authenticate");
+					.loginPage("/authenticate"));
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java

@@ -35,6 +35,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.anonymous;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
@@ -97,11 +98,10 @@ public class DefaultfSecurityRequestsTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/admin/**").hasRole("ADMIN")
-					.anyRequest().authenticated()
+					.anyRequest().authenticated())
-					.and()
+				.httpBasic(withDefaults());
-				.httpBasic();
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java

@@ -40,6 +40,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
@@ -112,11 +113,10 @@ public class SecurityRequestsTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/admin/**").hasRole("ADMIN")
-					.anyRequest().authenticated()
+					.anyRequest().authenticated())
-					.and()
+				.formLogin(withDefaults());
-				.formLogin();
 			// @formatter:on
 			return http.build();
 		}

test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java

@@ -37,6 +37,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -97,11 +98,10 @@ public class WithUserAuthenticationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/admin/**").hasRole("ADMIN")
-					.anyRequest().authenticated()
+					.anyRequest().authenticated())
-					.and()
+				.formLogin(withDefaults());
-				.formLogin();
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java

@@ -37,6 +37,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
@@ -96,11 +97,10 @@ public class WithUserClassLevelAuthenticationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/admin/**").hasRole("ADMIN")
-					.anyRequest().authenticated()
+					.anyRequest().authenticated())
-					.and()
+				.httpBasic(withDefaults());
-				.httpBasic();
 			return http.build();
 			// @formatter:on
 		}

test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java

@@ -38,6 +38,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -87,11 +88,10 @@ public class WithUserDetailsAuthenticationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/admin/**").hasRole("ADMIN")
-					.anyRequest().authenticated()
+					.anyRequest().authenticated())
-					.and()
+				.formLogin(withDefaults());
-				.formLogin();
 			// @formatter:on
 			return http.build();
 		}

test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java

@@ -38,6 +38,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -86,11 +87,10 @@ public class WithUserDetailsClassLevelAuthenticationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/admin/**").hasRole("ADMIN")
-					.anyRequest().authenticated()
+					.anyRequest().authenticated())
-					.and()
+				.formLogin(withDefaults());
-				.formLogin();
 			// @formatter:on
 			return http.build();
 		}

test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java

@@ -191,7 +191,7 @@ public class WebTestUtilsTests {
 
 		@Bean
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			http.csrf().disable();
+			http.csrf((csrf) -> csrf.disable());
 			return http.build();
 		}
 
@@ -208,11 +208,10 @@ public class WebTestUtilsTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf()
+				.csrf((csrf) -> csrf
-					.csrfTokenRepository(CSRF_REPO)
+					.csrfTokenRepository(CSRF_REPO))
-					.and()
+				.securityContext((context) -> context
-				.securityContext()
+					.securityContextRepository(CONTEXT_REPO));
-					.securityContextRepository(CONTEXT_REPO);
 			return http.build();
 			// @formatter:on
 		}