From 16ea8faa0db2b9ff2987cadc91fd81ef55acfb42 Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Fri, 21 Mar 2008 02:15:47 +0000
Subject: [PATCH] SEC-727: Ensure SecurityConfig cannot be constructed
 unsafely; also update SecurityConfigTests to JUnit 4.

---
 .../security/SecurityConfig.java              |  3 +
 .../security/SecurityConfigTests.java         | 68 ++++++++-----------
 2 files changed, 33 insertions(+), 38 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/SecurityConfig.java b/core/src/main/java/org/springframework/security/SecurityConfig.java
index 5bcfbfb441..2c4194b92f 100644
--- a/core/src/main/java/org/springframework/security/SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/SecurityConfig.java
@@ -15,6 +15,8 @@
 
 package org.springframework.security;
 
+import org.springframework.util.Assert;
+
 /**
  * Stores a {@link ConfigAttribute} as a <code>String</code>.
  *
@@ -29,6 +31,7 @@ public class SecurityConfig implements ConfigAttribute {
     //~ Constructors ===================================================================================================
 
     public SecurityConfig(String config) {
+    	Assert.hasText(config, "You must provide a configuration attribute");
         this.attrib = config;
     }
 
diff --git a/core/src/test/java/org/springframework/security/SecurityConfigTests.java b/core/src/test/java/org/springframework/security/SecurityConfigTests.java
index 0127a1f028..13cf2b8204 100644
--- a/core/src/test/java/org/springframework/security/SecurityConfigTests.java
+++ b/core/src/test/java/org/springframework/security/SecurityConfigTests.java
@@ -15,7 +15,9 @@
 
 package org.springframework.security;
 
-import junit.framework.TestCase;
+import junit.framework.Assert;
+
+import org.junit.Test;
 
 
 /**
@@ -24,73 +26,63 @@ import junit.framework.TestCase;
  * @author Ben Alex
  * @version $Id$
  */
-public class SecurityConfigTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public SecurityConfigTests() {
-        super();
-    }
-
-    public SecurityConfigTests(String arg0) {
-        super(arg0);
-    }
+public class SecurityConfigTests {
 
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(SecurityConfigTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
+	@Test
     public void testHashCode() {
         SecurityConfig config = new SecurityConfig("TEST");
-        assertEquals("TEST".hashCode(), config.hashCode());
+        Assert.assertEquals("TEST".hashCode(), config.hashCode());
+    }
+    
+    @Test(expected=IllegalArgumentException.class)
+	public void testCannotConstructWithNullAttribute() {
+   		new SecurityConfig(null); // SEC-727
     }
 
-    public void testNoArgConstructorDoesntExist() {
-        Class clazz = SecurityConfig.class;
+    @Test(expected=IllegalArgumentException.class)
+	public void testCannotConstructWithEmptyAttribute() {
+   		new SecurityConfig(""); // SEC-727
+    }
 
-        try {
-            clazz.getDeclaredConstructor((Class[]) null);
-            fail("Should have thrown NoSuchMethodException");
-        } catch (NoSuchMethodException expected) {
-            assertTrue(true);
-        }
+    @Test(expected=NoSuchMethodException.class)
+    public void testNoArgConstructorDoesntExist() throws Exception {
+    	SecurityConfig.class.getDeclaredConstructor((Class[]) null);
     }
 
+	@Test
     public void testObjectEquals() throws Exception {
         SecurityConfig security1 = new SecurityConfig("TEST");
         SecurityConfig security2 = new SecurityConfig("TEST");
-        assertEquals(security1, security2);
+        Assert.assertEquals(security1, security2);
 
         // SEC-311: Must observe symmetry requirement of Object.equals(Object) contract
         String securityString1 = "TEST";
-        assertNotSame(security1, securityString1);
+        Assert.assertNotSame(security1, securityString1);
 
         String securityString2 = "NOT_EQUAL";
-        assertTrue(!security1.equals(securityString2));
+        Assert.assertTrue(!security1.equals(securityString2));
 
         SecurityConfig security3 = new SecurityConfig("NOT_EQUAL");
-        assertTrue(!security1.equals(security3));
+        Assert.assertTrue(!security1.equals(security3));
 
         MockConfigAttribute mock1 = new MockConfigAttribute("TEST");
-        assertEquals(security1, mock1);
+        Assert.assertEquals(security1, mock1);
 
         MockConfigAttribute mock2 = new MockConfigAttribute("NOT_EQUAL");
-        assertTrue(!security1.equals(mock2));
+        Assert.assertTrue(!security1.equals(mock2));
 
         Integer int1 = new Integer(987);
-        assertTrue(!security1.equals(int1));
+        Assert.assertTrue(!security1.equals(int1));
     }
 
+	@Test
     public void testToString() {
         SecurityConfig config = new SecurityConfig("TEST");
-        assertEquals("TEST", config.toString());
-    }
-
+        Assert.assertEquals("TEST", config.toString());
+	}
+	
     //~ Inner Classes ==================================================================================================
 
     private class MockConfigAttribute implements ConfigAttribute {