Improve Readablility of JSON test strings

This improves the readability of the JSON strings used for
testing JSON serialize / deserialize of Spring Security

Issue gh-3736

cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java

@@ -45,42 +45,62 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class CasAuthenticationTokenMixinTests {
 
-	private final String KEY = "casKey";
-	private final String PASSWORD = "pass";
-	Date startDate = new Date();
-	Date endDate = new Date();
-	String expectedJson = "{\"@class\": \"org.springframework.security.cas.authentication.CasAuthenticationToken\", \"keyHash\": " + KEY.hashCode() + "," +
-			"\"principal\": {\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"username\", \"password\": %s, \"accountNonExpired\": true, \"enabled\": true," +
-			"\"accountNonLocked\": true, \"credentialsNonExpired\": true, \"authorities\": [\"java.util.Collections$UnmodifiableSet\"," +
-			"[{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"USER\"}]]}, \"credentials\": \"" + PASSWORD + "\", \"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]," +
-			"\"userDetails\": {\"@class\": \"org.springframework.security.core.userdetails.User\",\"username\": \"user\", \"password\": \"" + PASSWORD + "\", \"enabled\": true, \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true, \"authorities\": [\"java.util.Collections$UnmodifiableSet\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}," +
-			"\"authenticated\": true, \"details\": null," +
-			"\"assertion\": {" +
-			"\"@class\": \"org.jasig.cas.client.validation.AssertionImpl\", \"principal\": {\"@class\": \"org.jasig.cas.client.authentication.AttributePrincipalImpl\", \"name\": \"assertName\", \"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}, \"proxyGrantingTicket\": null, \"proxyRetriever\": null}, " +
-			"\"validFromDate\": [\"java.util.Date\", " + startDate.getTime() + "], \"validUntilDate\": [\"java.util.Date\", " + endDate.getTime() + "]," +
-			"\"authenticationDate\": [\"java.util.Date\", " + startDate.getTime() + "], \"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}" +
-			"}}";
+	private static final String KEY = "casKey";
+	private static final String PASSWORD = "\"1234\"";
+	private static final Date START_DATE = new Date();
+	private static final Date END_DATE = new Date();
 
-	private CasAuthenticationToken createCasAuthenticationToken() {
-		User principal = new User("username", PASSWORD, Collections.singletonList(new SimpleGrantedAuthority("USER")));
-		Collection<? extends GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"));
-		Assertion assertion = new AssertionImpl(new AttributePrincipalImpl("assertName"), startDate, endDate, startDate, Collections.<String, Object>emptyMap());
-		return new CasAuthenticationToken(KEY, principal, principal.getPassword(), authorities,
-				new User("user", PASSWORD, authorities), assertion);
-	}
+	public static final String AUTHORITY_JSON = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}";
 
-	ObjectMapper buildObjectMapper() {
-		ClassLoader loader = getClass().getClassLoader();
-		ObjectMapper mapper = new ObjectMapper();
-		mapper.registerModules(SecurityJacksonModules.getModules(loader));
-		return mapper;
-	}
+	public static final String AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", [" + AUTHORITY_JSON + "]]";
+	
+	public static final String AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.ArrayList\", [" + AUTHORITY_JSON + "]]";
+
+	// @formatter:off
+	public static final String USER_JSON = "{"
+		+ "\"@class\": \"org.springframework.security.core.userdetails.User\", "
+		+ "\"username\": \"admin\","
+		+ " \"password\": " + PASSWORD + ", "
+		+ "\"accountNonExpired\": true, "
+		+ "\"accountNonLocked\": true, "
+		+ "\"credentialsNonExpired\": true, " 
+		+ "\"enabled\": true, "
+		+ "\"authorities\": " + AUTHORITIES_SET_JSON 
+	+ "}";
+	// @formatter:on
+		
+	private static final String CAS_TOKEN_JSON = "{"
+		+ "\"@class\": \"org.springframework.security.cas.authentication.CasAuthenticationToken\", "
+		+ "\"keyHash\": " + KEY.hashCode() + "," 
+		+ "\"principal\": " + USER_JSON + ", "
+		+ "\"credentials\": " + PASSWORD + ", "
+		+ "\"authorities\": " + AUTHORITIES_ARRAYLIST_JSON + ","
+		+ "\"userDetails\": " + USER_JSON +","
+		+ "\"authenticated\": true, "
+		+ "\"details\": null,"
+		+ "\"assertion\": {"
+			+ "\"@class\": \"org.jasig.cas.client.validation.AssertionImpl\", "
+			+ "\"principal\": {"
+				+ "\"@class\": \"org.jasig.cas.client.authentication.AttributePrincipalImpl\", "
+				+ "\"name\": \"assertName\", "
+				+ "\"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}, "
+				+ "\"proxyGrantingTicket\": null, "
+				+ "\"proxyRetriever\": null"
+			+ "}, " 
+			+ "\"validFromDate\": [\"java.util.Date\", " + START_DATE.getTime() + "], "
+			+ "\"validUntilDate\": [\"java.util.Date\", " + END_DATE.getTime() + "],"
+			+ "\"authenticationDate\": [\"java.util.Date\", " + START_DATE.getTime() + "], "
+			+ "\"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}" +
+		"}"
+	+ "}";
+
+	private static final String CAS_TOKEN_CLEARED_JSON = CAS_TOKEN_JSON.replaceFirst(PASSWORD, "null");
 
 	@Test
 	public void serializeCasAuthenticationTest() throws JsonProcessingException, JSONException {
 		CasAuthenticationToken token = createCasAuthenticationToken();
 		String actualJson = buildObjectMapper().writeValueAsString(token);
-		JSONAssert.assertEquals(String.format(expectedJson, "\"" + PASSWORD + "\""), actualJson, true);
+		JSONAssert.assertEquals(CAS_TOKEN_JSON, actualJson, true);
 	}
 
 	@Test
@@ -88,30 +108,45 @@ public class CasAuthenticationTokenMixinTests {
 		CasAuthenticationToken token = createCasAuthenticationToken();
 		token.eraseCredentials();
 		String actualJson = buildObjectMapper().writeValueAsString(token);
-		JSONAssert.assertEquals(String.format(expectedJson, "null"), actualJson, true);
+		JSONAssert.assertEquals(CAS_TOKEN_CLEARED_JSON, actualJson, true);
 	}
 
 	@Test
 	public void deserializeCasAuthenticationTestAfterEraseCredentialInvoked() throws Exception {
-		CasAuthenticationToken token = buildObjectMapper().readValue(String.format(expectedJson, "null"), CasAuthenticationToken.class);
+		CasAuthenticationToken token = buildObjectMapper().readValue(CAS_TOKEN_CLEARED_JSON, CasAuthenticationToken.class);
 		assertThat(((UserDetails)token.getPrincipal()).getPassword()).isNull();
 	}
 
 	@Test
 	public void deserializeCasAuthenticationTest() throws IOException, JSONException {
-		CasAuthenticationToken token = buildObjectMapper().readValue(String.format(expectedJson, "\"" + PASSWORD + "\""), CasAuthenticationToken.class);
+		CasAuthenticationToken token = buildObjectMapper().readValue(CAS_TOKEN_JSON, CasAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class);
-		assertThat(((User) token.getPrincipal()).getUsername()).isEqualTo("username");
-		assertThat(((User) token.getPrincipal()).getPassword()).isEqualTo(PASSWORD);
+		assertThat(((User) token.getPrincipal()).getUsername()).isEqualTo("admin");
+		assertThat(((User) token.getPrincipal()).getPassword()).isEqualTo("1234");
 		assertThat(token.getUserDetails()).isNotNull().isInstanceOf(User.class);
 		assertThat(token.getAssertion()).isNotNull().isInstanceOf(AssertionImpl.class);
 		assertThat(token.getKeyHash()).isEqualTo(KEY.hashCode());
 		assertThat(token.getUserDetails().getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
-		assertThat(token.getAssertion().getAuthenticationDate()).isEqualTo(startDate);
-		assertThat(token.getAssertion().getValidFromDate()).isEqualTo(startDate);
-		assertThat(token.getAssertion().getValidUntilDate()).isEqualTo(endDate);
+		assertThat(token.getAssertion().getAuthenticationDate()).isEqualTo(START_DATE);
+		assertThat(token.getAssertion().getValidFromDate()).isEqualTo(START_DATE);
+		assertThat(token.getAssertion().getValidUntilDate()).isEqualTo(END_DATE);
 		assertThat(token.getAssertion().getPrincipal().getName()).isEqualTo("assertName");
 		assertThat(token.getAssertion().getAttributes()).hasSize(0);
 	}
+
+	private CasAuthenticationToken createCasAuthenticationToken() {
+		User principal = new User("admin", "1234", Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")));
+		Collection<? extends GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"));
+		Assertion assertion = new AssertionImpl(new AttributePrincipalImpl("assertName"), START_DATE, END_DATE, START_DATE, Collections.<String, Object>emptyMap());
+		return new CasAuthenticationToken(KEY, principal, principal.getPassword(), authorities,
+				new User("admin", "1234", authorities), assertion);
+	}
+
+	ObjectMapper buildObjectMapper() {
+		ClassLoader loader = getClass().getClassLoader();
+		ObjectMapper mapper = new ObjectMapper();
+		mapper.registerModules(SecurityJacksonModules.getModules(loader));
+		return mapper;
+	}
 }

core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java

@@ -17,12 +17,11 @@
 package org.springframework.security.jackson2;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
+import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.util.ObjectUtils;
 
-import java.util.Collections;
-
 /**
  * @author Jitenra Singh
  * @since 4.2
@@ -41,10 +40,10 @@ public abstract class AbstractMixinTests {
 	}
 
 	User createDefaultUser() {
-		return createUser("dummy", "password", "ROLE_USER");
+		return createUser("admin", "1234", "ROLE_USER");
 	}
 
 	User createUser(String username, String password, String authority) {
-		return new User(username, password, Collections.singletonList(new SimpleGrantedAuthority(authority)));
+		return new User(username, password, AuthorityUtils.createAuthorityList(authority));
 	}
 }

core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java

@@ -36,38 +36,43 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class AnonymousAuthenticationTokenMixinTests extends AbstractMixinTests {
 
-	String hashKey = "key";
-	String anonymousAuthTokenJson = "{\"@class\": \"org.springframework.security.authentication.AnonymousAuthenticationToken\", \"details\": null," +
-			"\"principal\": {\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"dummy\", \"password\": %s," +
-			" \"accountNonExpired\": true, \"enabled\": true, " +
-			"\"accountNonLocked\": true, \"credentialsNonExpired\": true, \"authorities\": [\"java.util.Collections$UnmodifiableSet\"," +
-			"[{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}, \"authenticated\": true, \"keyHash\": " + hashKey.hashCode() + "," +
-			"\"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}";
+	private static final String HASH_KEY = "key";
+	
+	// @formatter:off
+	private static final String ANONYMOUS_JSON = "{"
+		+ "\"@class\": \"org.springframework.security.authentication.AnonymousAuthenticationToken\", "
+		+ "\"details\": null,"
+		+ "\"principal\": " + UserDeserializerTests.USER_JSON + ","
+		+ "\"authenticated\": true, "
+		+ "\"keyHash\": " + HASH_KEY.hashCode() + ","
+		+ "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON
+	+ "}";
+	// @formatter:on
 
 
 	@Test
 	public void serializeAnonymousAuthenticationTokenTest() throws JsonProcessingException, JSONException {
 		User user = createDefaultUser();
 		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(
-				hashKey, user, user.getAuthorities()
+				HASH_KEY, user, user.getAuthorities()
 		);
 		String actualJson = buildObjectMapper().writeValueAsString(token);
-		JSONAssert.assertEquals(String.format(anonymousAuthTokenJson, "\"password\""), actualJson, true);
+		JSONAssert.assertEquals(ANONYMOUS_JSON, actualJson, true);
 	}
 
 	@Test
 	public void deserializeAnonymousAuthenticationTokenTest() throws IOException {
 		AnonymousAuthenticationToken token = buildObjectMapper()
-				.readValue(String.format(anonymousAuthTokenJson,"\"password\""), AnonymousAuthenticationToken.class);
+				.readValue(ANONYMOUS_JSON, AnonymousAuthenticationToken.class);
 		assertThat(token).isNotNull();
-		assertThat(token.getKeyHash()).isEqualTo(hashKey.hashCode());
+		assertThat(token.getKeyHash()).isEqualTo(HASH_KEY.hashCode());
 		assertThat(token.getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
 	}
 
 	@Test(expected = JsonMappingException.class)
 	public void deserializeAnonymousAuthenticationTokenWithoutAuthoritiesTest() throws IOException {
 		String jsonString = "{\"@class\": \"org.springframework.security.authentication.AnonymousAuthenticationToken\", \"details\": null," +
-				"\"principal\": \"user\", \"authenticated\": true, \"keyHash\": " + hashKey.hashCode() + "," +
+				"\"principal\": \"user\", \"authenticated\": true, \"keyHash\": " + HASH_KEY.hashCode() + "," +
 				"\"authorities\": [\"java.util.ArrayList\", []]}";
 		buildObjectMapper().readValue(jsonString, AnonymousAuthenticationToken.class);
 	}
@@ -76,10 +81,10 @@ public class AnonymousAuthenticationTokenMixinTests extends AbstractMixinTests {
 	public void serializeAnonymousAuthenticationTokenMixinAfterEraseCredentialTest() throws JsonProcessingException, JSONException {
 		User user = createDefaultUser();
 		AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(
-				hashKey, user, user.getAuthorities()
+				HASH_KEY, user, user.getAuthorities()
 		);
 		token.eraseCredentials();
 		String actualJson = buildObjectMapper().writeValueAsString(token);
-		JSONAssert.assertEquals(String.format(anonymousAuthTokenJson, "null"), actualJson, true);
+		JSONAssert.assertEquals(ANONYMOUS_JSON.replace(UserDeserializerTests.USER_PASSWORD, "null"), actualJson, true);
 	}
 }

core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java

@@ -36,17 +36,28 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests {
 
-	String rememberMeKey = "rememberMe";
-	String rememberMeAuthTokenJson = "{\"@class\": \"org.springframework.security.authentication.RememberMeAuthenticationToken\"," +
-			"\"keyHash\": " + rememberMeKey.hashCode() + ", \"authenticated\": true, \"details\": null," +
-			"\"principal\": {\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"dummy\", \"password\": %s," +
-			" \"enabled\": true, \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true, " +
-			"\"authorities\": [\"java.util.Collections$UnmodifiableSet\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}," +
-			"\"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}";
+	private static final String REMEMBERME_KEY = "rememberMe";
 
-	String rememberMeAuthTokenWithoutUserJson = "{\"@class\": \"org.springframework.security.authentication.RememberMeAuthenticationToken\"," +
-			"\"keyHash\": " + rememberMeKey.hashCode() + ", \"authenticated\": true, \"details\": null," +
-			"\"principal\": \"dummy\", \"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}";
+	// @formatter:off
+	private static final String REMEMBERME_AUTH_JSON = "{"
+		+ "\"@class\": \"org.springframework.security.authentication.RememberMeAuthenticationToken\", "
+		+ "\"keyHash\": " + REMEMBERME_KEY.hashCode() + ", "
+		+ "\"authenticated\": true, \"details\": null" + ", "
+		+ "\"principal\": " + UserDeserializerTests.USER_JSON + ", "
+		+ "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON
+	+ "}";
+	// @formatter:on
+
+	// @formatter:off
+	private static final String REMEMBERME_AUTH_STRINGPRINCIPAL_JSON = "{"
+		+ "\"@class\": \"org.springframework.security.authentication.RememberMeAuthenticationToken\","
+		+ "\"keyHash\": " + REMEMBERME_KEY.hashCode() + ", "
+		+ "\"authenticated\": true, "
+		+ "\"details\": null,"
+		+ "\"principal\": \"admin\", "
+		+ "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON
+	+ "}";
+	// @formatter:on
 
 	@Test(expected = IllegalArgumentException.class)
 	public void testWithNullPrincipal() throws JsonProcessingException, JSONException {
@@ -60,44 +71,44 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests
 
 	@Test
 	public void serializeRememberMeAuthenticationToken() throws JsonProcessingException, JSONException {
-		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(rememberMeKey, "dummy", Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")));
+		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, "admin", Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")));
 		String actualJson = buildObjectMapper().writeValueAsString(token);
-		JSONAssert.assertEquals(rememberMeAuthTokenWithoutUserJson, actualJson, true);
+		JSONAssert.assertEquals(REMEMBERME_AUTH_STRINGPRINCIPAL_JSON, actualJson, true);
 	}
 
 	@Test
 	public void serializeRememberMeAuthenticationWithUserToken() throws JsonProcessingException, JSONException {
 		User user = createDefaultUser();
-		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(rememberMeKey, user, user.getAuthorities());
+		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, user, user.getAuthorities());
 		String actualJson = buildObjectMapper().writeValueAsString(token);
-		JSONAssert.assertEquals(String.format(rememberMeAuthTokenJson, "\"password\""), actualJson, true);
+		JSONAssert.assertEquals(String.format(REMEMBERME_AUTH_JSON, "\"password\""), actualJson, true);
 	}
 
 	@Test
 	public void serializeRememberMeAuthenticationWithUserTokenAfterEraseCredential() throws JsonProcessingException, JSONException {
 		User user = createDefaultUser();
-		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(rememberMeKey, user, user.getAuthorities());
+		RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, user, user.getAuthorities());
 		token.eraseCredentials();
 		String actualJson = buildObjectMapper().writeValueAsString(token);
-		JSONAssert.assertEquals(String.format(rememberMeAuthTokenJson, "null"), actualJson, true);
+		JSONAssert.assertEquals(REMEMBERME_AUTH_JSON.replace(UserDeserializerTests.USER_PASSWORD, "null"), actualJson, true);
 	}
 
 	@Test
 	public void deserializeRememberMeAuthenticationToken() throws IOException {
-		RememberMeAuthenticationToken token = buildObjectMapper().readValue(rememberMeAuthTokenWithoutUserJson, RememberMeAuthenticationToken.class);
+		RememberMeAuthenticationToken token = buildObjectMapper().readValue(REMEMBERME_AUTH_STRINGPRINCIPAL_JSON, RememberMeAuthenticationToken.class);
 		assertThat(token).isNotNull();
-		assertThat(token.getPrincipal()).isNotNull().isEqualTo("dummy").isEqualTo(token.getName());
+		assertThat(token.getPrincipal()).isNotNull().isEqualTo("admin").isEqualTo(token.getName());
 		assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
 	}
 
 	@Test
 	public void deserializeRememberMeAuthenticationTokenWithUserTest() throws IOException {
 		RememberMeAuthenticationToken token = buildObjectMapper()
-				.readValue(String.format(rememberMeAuthTokenJson, "\"password\""), RememberMeAuthenticationToken.class);
+				.readValue(String.format(REMEMBERME_AUTH_JSON, "\"password\""), RememberMeAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class);
-		assertThat(((User)token.getPrincipal()).getUsername()).isEqualTo("dummy");
-		assertThat(((User)token.getPrincipal()).getPassword()).isEqualTo("password");
+		assertThat(((User)token.getPrincipal()).getUsername()).isEqualTo("admin");
+		assertThat(((User)token.getPrincipal()).getPassword()).isEqualTo("1234");
 		assertThat(((User) token.getPrincipal()).getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
 		assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
 		assertThat(((User) token.getPrincipal()).isEnabled()).isEqualTo(true);

core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java

@@ -36,29 +36,29 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class SecurityContextMixinTests extends AbstractMixinTests {
 
-	String securityContextJson = "{\"@class\": \"org.springframework.security.core.context.SecurityContextImpl\", \"authentication\": " +
-				"{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," +
-					"\"principal\": \"dummy\", \"credentials\": \"password\", \"authenticated\": true, \"details\": null," +
-					"\"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]" +
-				"}" +
-			"}";
+	// @formatter:off
+	public static final String SECURITY_CONTEXT_JSON = "{"
+		+ "\"@class\": \"org.springframework.security.core.context.SecurityContextImpl\", "
+		+ "\"authentication\": " + UsernamePasswordAuthenticationTokenMixinTests.AUTHENTICATED_STRINGPRINCIPAL_JSON
+	+ "}";
+	// @formatter:on
 
 	@Test
 	public void securityContextSerializeTest() throws JsonProcessingException, JSONException {
 		SecurityContext context = new SecurityContextImpl();
-		context.setAuthentication(new UsernamePasswordAuthenticationToken("dummy", "password", Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"))));
+		context.setAuthentication(new UsernamePasswordAuthenticationToken("admin", "1234", Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"))));
 		String actualJson = buildObjectMapper().writeValueAsString(context);
-		JSONAssert.assertEquals(securityContextJson, actualJson, true);
+		JSONAssert.assertEquals(SECURITY_CONTEXT_JSON, actualJson, true);
 	}
 
 	@Test
 	public void securityContextDeserializeTest() throws IOException {
-		SecurityContext context = buildObjectMapper().readValue(securityContextJson, SecurityContextImpl.class);
+		SecurityContext context = buildObjectMapper().readValue(SECURITY_CONTEXT_JSON, SecurityContextImpl.class);
 		assertThat(context).isNotNull();
 		assertThat(context.getAuthentication()).isNotNull().isInstanceOf(UsernamePasswordAuthenticationToken.class);
-		assertThat(context.getAuthentication().getPrincipal()).isEqualTo("dummy");
-		assertThat(context.getAuthentication().getCredentials()).isEqualTo("password");
-		assertThat(context.getAuthentication().isAuthenticated()).isEqualTo(true);
+		assertThat(context.getAuthentication().getPrincipal()).isEqualTo("admin");
+		assertThat(context.getAuthentication().getCredentials()).isEqualTo("1234");
+		assertThat(context.getAuthentication().isAuthenticated()).isTrue();
 		assertThat(context.getAuthentication().getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
 	}
 }

core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java

@@ -33,18 +33,28 @@ import static org.assertj.core.api.Assertions.*;
  */
 public class SimpleGrantedAuthorityMixinTests extends AbstractMixinTests {
 
-	String simpleGrantedAuthorityJson = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}";
+	// @formatter:off
+	public static final String AUTHORITY_JSON = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}";
+
+	public static final String AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.ArrayList\", [" + AUTHORITY_JSON + "]]";
+
+	public static final String AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", [" + AUTHORITY_JSON + "]]";
+
+	public static final String NO_AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.ArrayList\", []]";
+
+	public static final String NO_AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", []]";
+	// @formatter:on
 
 	@Test
 	public void serializeSimpleGrantedAuthorityTest() throws JsonProcessingException, JSONException {
 		SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
 		String serializeJson = buildObjectMapper().writeValueAsString(authority);
-		JSONAssert.assertEquals(simpleGrantedAuthorityJson, serializeJson, true);
+		JSONAssert.assertEquals(AUTHORITY_JSON, serializeJson, true);
 	}
 
 	@Test
 	public void deserializeGrantedAuthorityTest() throws IOException {
-		SimpleGrantedAuthority authority = buildObjectMapper().readValue(simpleGrantedAuthorityJson, SimpleGrantedAuthority.class);
+		SimpleGrantedAuthority authority = buildObjectMapper().readValue(AUTHORITY_JSON, SimpleGrantedAuthority.class);
 		assertThat(authority).isNotNull();
 		assertThat(authority.getAuthority()).isNotNull().isEqualTo("ROLE_USER");
 	}

core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java

@@ -16,18 +16,21 @@
 
 package org.springframework.security.jackson2;
 
+import java.io.IOException;
+import java.util.Collections;
+import java.util.regex.Pattern;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ObjectNode;
 import org.json.JSONException;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
+
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 
-import java.io.IOException;
-import java.util.Collections;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
@@ -35,21 +38,27 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 4.2
  */
 public class UserDeserializerTests extends AbstractMixinTests {
+	public static final String USER_PASSWORD = "\"1234\"";
 
-	String userWithAuthoritiesJson = "{\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"admin\"," +
-			" \"password\": %s, \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true, " +
-			"\"enabled\": true, \"authorities\": [\"java.util.Collections$UnmodifiableSet\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}";
-
-	String userWithoutAuthoritiesJson = "{\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"admin\"," +
-			" \"password\": \"1234\", \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true," +
-			" \"enabled\": true, \"authorities\": [\"java.util.Collections$UnmodifiableSet\", []]}";
+	// @formatter:off
+	public static final String USER_JSON = "{"
+		+ "\"@class\": \"org.springframework.security.core.userdetails.User\", "
+		+ "\"username\": \"admin\","
+		+ " \"password\": "+ USER_PASSWORD +", "
+		+ "\"accountNonExpired\": true, "
+		+ "\"accountNonLocked\": true, "
+		+ "\"credentialsNonExpired\": true, " 
+		+ "\"enabled\": true, "
+		+ "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON 
+	+ "}";
+	// @formatter:on
 
 	@Test
 	public void serializeUserTest() throws JsonProcessingException, JSONException {
 		ObjectMapper mapper = buildObjectMapper();
-		User user = new User("admin", "1234", Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")));
+		User user = createDefaultUser();
 		String userJson = mapper.writeValueAsString(user);
-		JSONAssert.assertEquals(String.format(userWithAuthoritiesJson, "\"1234\""), userJson, true);
+		JSONAssert.assertEquals(userWithPasswordJson(user.getPassword()), userJson, true);
 	}
 
 	@Test
@@ -57,26 +66,23 @@ public class UserDeserializerTests extends AbstractMixinTests {
 		ObjectMapper mapper = buildObjectMapper();
 		User user = new User("admin", "1234", Collections.<GrantedAuthority>emptyList());
 		String userJson = mapper.writeValueAsString(user);
-		JSONAssert.assertEquals(userWithoutAuthoritiesJson, userJson, true);
+		JSONAssert.assertEquals(userWithNoAuthoritiesJson(), userJson, true);
 	}
 
 	@Test(expected = IllegalArgumentException.class)
 	public void deserializeUserWithNullPasswordEmptyAuthorityTest() throws IOException {
-		String userJsonWithoutPasswordString = "{\"@class\": \"org.springframework.security.core.userdetails.User\", " +
-				"\"username\": \"user\", \"accountNonExpired\": true, " +
-				"\"accountNonLocked\": true, \"credentialsNonExpired\": true, \"enabled\": true, " +
-				"\"authorities\": []}";
+		String userJsonWithoutPasswordString = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON, "[]");
+
 		ObjectMapper mapper = buildObjectMapper();
 		mapper.readValue(userJsonWithoutPasswordString, User.class);
 	}
 
 	@Test
-	public void deserializeUserWithNullPasswordNoAuthorityTest() throws IOException {
-		String userJsonWithoutPasswordString = "{\"@class\": \"org.springframework.security.core.userdetails.User\", " +
-				"\"username\": \"admin\", \"accountNonExpired\": true, " +
-				"\"accountNonLocked\": true, \"credentialsNonExpired\": true, \"enabled\": true, " +
-				"\"authorities\": [\"java.util.HashSet\", []]}";
+	public void deserializeUserWithNullPasswordNoAuthorityTest() throws Exception {
 		ObjectMapper mapper = buildObjectMapper();
+		
+		String userJsonWithoutPasswordString = removeNode(userWithNoAuthoritiesJson(), mapper, "password");
+		
 		User user = mapper.readValue(userJsonWithoutPasswordString, User.class);
 		assertThat(user).isNotNull();
 		assertThat(user.getUsername()).isEqualTo("admin");
@@ -86,20 +92,39 @@ public class UserDeserializerTests extends AbstractMixinTests {
 	}
 
 	@Test(expected = IllegalArgumentException.class)
-	public void deserializeUserWithNoClassIdInAuthoritiesTest() throws IOException {
-		String userJson = "{\"@class\": \"org.springframework.security.core.userdetails.User\", " +
-				"\"username\": \"user\", \"password\": \"pass\", \"accountNonExpired\": false, " +
-				"\"accountNonLocked\": false, \"credentialsNonExpired\": false, \"enabled\": false, " +
-				"\"authorities\": [{\"authority\": \"ROLE_USER\"}]}";
-		buildObjectMapper().readValue(userJson, User.class);
+	public void deserializeUserWithNoClassIdInAuthoritiesTest() throws Exception {
+		ObjectMapper mapper = buildObjectMapper();
+		String userJson = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON,  "[{\"authority\": \"ROLE_USER\"}]");
+		mapper.readValue(userJson, User.class);
 	}
 
 	@Test
 	public void deserializeUserWithClassIdInAuthoritiesTest() throws IOException {
-		User user = buildObjectMapper().readValue(String.format(userWithAuthoritiesJson, "\"1234\""), User.class);
+		User user = buildObjectMapper().readValue(userJson(), User.class);
 		assertThat(user).isNotNull();
 		assertThat(user.getUsername()).isEqualTo("admin");
 		assertThat(user.getPassword()).isEqualTo("1234");
 		assertThat(user.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
 	}
+
+	private String removeNode(String json, ObjectMapper mapper, String toRemove) throws Exception {
+		ObjectNode node = mapper.getFactory().createParser(json).readValueAsTree();
+		node.remove(toRemove);
+
+		String result = mapper.writeValueAsString(node);
+		JSONAssert.assertNotEquals(json, result, false);
+		return result;
+	}
+
+	public static String userJson() {
+		return USER_JSON;
+	}
+	
+	public static String userWithPasswordJson(String password) {
+		return userJson().replaceAll(Pattern.quote(USER_PASSWORD), "\""+ password +"\"");
+	}
+
+	public static String userWithNoAuthoritiesJson() {
+		return userJson().replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON, SimpleGrantedAuthorityMixinTests.NO_AUTHORITIES_SET_JSON);
+	}
 }

core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java

@@ -16,19 +16,18 @@
 
 package org.springframework.security.jackson2;
 
+import java.io.IOException;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.json.JSONException;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
+
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 
-import java.io.IOException;
-import java.util.Collections;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
@@ -36,40 +35,46 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 4.2
  */
 public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixinTests {
+	// @formatter:off
+	private static final String AUTHENTICATED_JSON = "{"
+		+ "\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," 
+		+ "\"principal\": "+ UserDeserializerTests.USER_JSON + ", "
+		+ "\"credentials\": \"1234\", "
+		+ "\"authenticated\": true, "
+		+ "\"details\": null, "
+		+ "\"authorities\": "+ SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON 
+	+ "}";
+	// @formatter:on
 
-	String unauthenticatedTokenWithoutUserPrincipal = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," +
-			" \"principal\": \"user1\", \"credentials\": \"password\", \"authenticated\": false, \"details\": null, " +
-			"\"authorities\": [\"java.util.ArrayList\", []]}";
+	// @formatter:off
+	public static final String AUTHENTICATED_STRINGPRINCIPAL_JSON = AUTHENTICATED_JSON.replace( UserDeserializerTests.USER_JSON, "\"admin\"");
+	// @formatter:on
 
-	String authenticatedTokenWithoutUserPrincipal = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," +
-			" \"principal\": \"user1\", \"credentials\": \"password\", \"authenticated\": true, \"details\": null, " +
-			"\"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}";
-
-	String authenticatedTokenWithUserPrincipal = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," +
-			"\"principal\": {\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"user\", \"password\": %s, \"accountNonExpired\": true, \"enabled\": true, " +
-			"\"accountNonLocked\": true, \"credentialsNonExpired\": true, \"authorities\": [\"java.util.Collections$UnmodifiableSet\"," +
-			"[{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}, \"credentials\": %s," +
-			"\"details\": null, \"authenticated\": true," +
-			"\"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}";
+	// @formatter:off
+	private static final String UNAUTHENTICATED_STRINGPRINCIPAL_JSON = AUTHENTICATED_STRINGPRINCIPAL_JSON
+		.replace("\"authenticated\": true, ", "\"authenticated\": false, ")
+		.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON, SimpleGrantedAuthorityMixinTests.NO_AUTHORITIES_ARRAYLIST_JSON);
+	// @formatter:on
 
 	@Test
 	public void serializeUnauthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws JsonProcessingException, JSONException {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user1", "password");
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("admin", "1234");
 		String serializedJson = buildObjectMapper().writeValueAsString(token);
-		JSONAssert.assertEquals(unauthenticatedTokenWithoutUserPrincipal, serializedJson, true);
+		JSONAssert.assertEquals(UNAUTHENTICATED_STRINGPRINCIPAL_JSON, serializedJson, true);
 	}
 
 	@Test
 	public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws JsonProcessingException, JSONException {
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user1", "password", Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")));
+		User user = createDefaultUser();
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), user.getAuthorities());
 		String serializedJson = buildObjectMapper().writeValueAsString(token);
-		JSONAssert.assertEquals(authenticatedTokenWithoutUserPrincipal, serializedJson, true);
+		JSONAssert.assertEquals(AUTHENTICATED_STRINGPRINCIPAL_JSON, serializedJson, true);
 	}
 
 	@Test
 	public void deserializeUnauthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws IOException, JSONException {
 		UsernamePasswordAuthenticationToken token = buildObjectMapper()
-				.readValue(unauthenticatedTokenWithoutUserPrincipal, UsernamePasswordAuthenticationToken.class);
+				.readValue(UNAUTHENTICATED_STRINGPRINCIPAL_JSON, UsernamePasswordAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.isAuthenticated()).isEqualTo(false);
 		assertThat(token.getAuthorities()).isNotNull().hasSize(0);
@@ -77,27 +82,26 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 
 	@Test
 	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws IOException {
+		UsernamePasswordAuthenticationToken expectedToken = createToken();
 		UsernamePasswordAuthenticationToken token = buildObjectMapper()
-				.readValue(authenticatedTokenWithoutUserPrincipal, UsernamePasswordAuthenticationToken.class);
+				.readValue(AUTHENTICATED_STRINGPRINCIPAL_JSON, UsernamePasswordAuthenticationToken.class);
 		assertThat(token).isNotNull();
-		assertThat(token.isAuthenticated()).isEqualTo(true);
-		assertThat(token.getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
+		assertThat(token.isAuthenticated()).isTrue();
+		assertThat(token.getAuthorities()).isEqualTo(expectedToken.getAuthorities());
 	}
 
 	@Test
 	public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinWithUserTest() throws JsonProcessingException, JSONException {
-		GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
-		User user = new User("user", "password", Collections.singleton(authority));
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, "password", Collections.singleton(authority));
+		UsernamePasswordAuthenticationToken token = createToken();
 		String actualJson = buildObjectMapper().writeValueAsString(token);
-		JSONAssert.assertEquals(String.format(authenticatedTokenWithUserPrincipal, "password", "password"), actualJson, true);
+		JSONAssert.assertEquals(AUTHENTICATED_JSON, actualJson, true);
 	}
 
 	@Test
 	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithUserTest() throws IOException {
 		ObjectMapper mapper = buildObjectMapper();
 		UsernamePasswordAuthenticationToken token = mapper
-				.readValue(String.format(authenticatedTokenWithUserPrincipal, "\"password\"", "\"password\""), UsernamePasswordAuthenticationToken.class);
+				.readValue(AUTHENTICATED_JSON, UsernamePasswordAuthenticationToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class);
 		assertThat(((User)token.getPrincipal()).getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
@@ -107,11 +111,15 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 
 	@Test
 	public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinAfterEraseCredentialInvoked() throws JsonProcessingException, JSONException {
-		GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
-		User user = new User("user", "password", Collections.singleton(authority));
-		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, "password", Collections.singleton(authority));
+		UsernamePasswordAuthenticationToken token = createToken();
 		token.eraseCredentials();
 		String actualJson = buildObjectMapper().writeValueAsString(token);
-		JSONAssert.assertEquals(String.format(authenticatedTokenWithUserPrincipal, "null", "null"), actualJson, true);
+		JSONAssert.assertEquals(AUTHENTICATED_JSON.replaceAll(UserDeserializerTests.USER_PASSWORD, "null"), actualJson, true);
+	}
+
+	private UsernamePasswordAuthenticationToken createToken() {
+		User user = createDefaultUser();
+		UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());
+		return token;
 	}
-}
+}

web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java

@@ -34,8 +34,20 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class CookieMixinTests {
 
-	String cookieJson = "{\"@class\": \"javax.servlet.http.Cookie\", \"name\": \"demo\", \"value\": \"cookie1\"," +
-			"\"comment\": null, \"maxAge\": -1, \"path\": null, \"secure\": false, \"version\": 0, \"isHttpOnly\": false, \"domain\": null}";
+	// @formatter:off
+	private static final String COOKIE_JSON = "{"
+		+ "\"@class\": \"javax.servlet.http.Cookie\", "
+		+ "\"name\": \"demo\", "
+		+ "\"value\": \"cookie1\","
+		+ "\"comment\": null, "
+		+ "\"maxAge\": -1, "
+		+ "\"path\": null, "
+		+ "\"secure\": false, "
+		+ "\"version\": 0, "
+		+ "\"isHttpOnly\": false, "
+		+ "\"domain\": null"
+	+ "}";
+	// @formatter:on
 
 	ObjectMapper buildObjectMapper() {
 		ObjectMapper mapper = new ObjectMapper();
@@ -48,12 +60,12 @@ public class CookieMixinTests {
 	public void serializeCookie() throws JsonProcessingException, JSONException {
 		Cookie cookie = new Cookie("demo", "cookie1");
 		String actualString = buildObjectMapper().writeValueAsString(cookie);
-		JSONAssert.assertEquals(cookieJson, actualString, true);
+		JSONAssert.assertEquals(COOKIE_JSON, actualString, true);
 	}
 
 	@Test
 	public void deserializeCookie() throws IOException {
-		Cookie cookie = buildObjectMapper().readValue(cookieJson, Cookie.class);
+		Cookie cookie = buildObjectMapper().readValue(COOKIE_JSON, Cookie.class);
 		assertThat(cookie).isNotNull();
 		assertThat(cookie.getName()).isEqualTo("demo");
 		assertThat(cookie.getDomain()).isEqualTo("");

web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java

@@ -38,27 +38,34 @@ import static org.assertj.core.api.Assertions.assertThat;
 public class DefaultCsrfTokenMixinTests {
 
 	ObjectMapper objectMapper;
-	String defaultCsrfTokenJson;
+	
+	
+	// @formatter:off
+	public static final String CSRF_JSON = "{"
+		+ "\"@class\": \"org.springframework.security.web.csrf.DefaultCsrfToken\", "
+		+ "\"headerName\": \"csrf-header\", "
+		+ "\"parameterName\": \"_csrf\", "
+		+ "\"token\": \"1\""
+	+ "}";
+	// @formatter:on
 
 	@Before
 	public void setup() {
 		objectMapper = new ObjectMapper();
 		ClassLoader loader = getClass().getClassLoader();
 		objectMapper.registerModules(SecurityJacksonModules.getModules(loader));
-		defaultCsrfTokenJson = "{\"@class\": \"org.springframework.security.web.csrf.DefaultCsrfToken\", " +
-				"\"headerName\": \"csrf-header\", \"parameterName\": \"_csrf\", \"token\": \"1\"}";
 	}
 
 	@Test
 	public void defaultCsrfTokenSerializedTest() throws JsonProcessingException, JSONException {
 		DefaultCsrfToken token = new DefaultCsrfToken("csrf-header", "_csrf", "1");
 		String serializedJson = objectMapper.writeValueAsString(token);
-		JSONAssert.assertEquals(defaultCsrfTokenJson, serializedJson, true);
+		JSONAssert.assertEquals(CSRF_JSON, serializedJson, true);
 	}
 
 	@Test
 	public void defaultCsrfTokenDeserializeTest() throws IOException {
-		DefaultCsrfToken token = objectMapper.readValue(defaultCsrfTokenJson, DefaultCsrfToken.class);
+		DefaultCsrfToken token = objectMapper.readValue(CSRF_JSON, DefaultCsrfToken.class);
 		assertThat(token).isNotNull();
 		assertThat(token.getHeaderName()).isEqualTo("csrf-header");
 		assertThat(token.getParameterName()).isEqualTo("_csrf");

web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java

@@ -16,6 +16,12 @@
 
 package org.springframework.security.web.jackson2;
 
+import java.io.IOException;
+import java.util.Collections;
+import java.util.Locale;
+
+import javax.servlet.http.Cookie;
+
 import org.json.JSONException;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
@@ -25,11 +31,6 @@ import org.springframework.security.web.PortResolverImpl;
 import org.springframework.security.web.savedrequest.DefaultSavedRequest;
 import org.springframework.security.web.savedrequest.SavedCookie;
 
-import javax.servlet.http.Cookie;
-import java.io.IOException;
-import java.util.Collections;
-import java.util.Locale;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
@@ -38,12 +39,40 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 
-	String defaultSavedRequestJson = "{" +
-			"\"@class\": \"org.springframework.security.web.savedrequest.DefaultSavedRequest\", \"cookies\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.web.savedrequest.SavedCookie\", \"name\": \"SESSION\", \"value\": \"123456789\", \"comment\": null, \"maxAge\": -1, \"path\": null, \"secure\":false, \"version\": 0, \"domain\": null}]]," +
-			"\"locales\": [\"java.util.ArrayList\", [\"en\"]], \"headers\": {\"@class\": \"java.util.TreeMap\", \"x-auth-token\": [\"java.util.ArrayList\", [\"12\"]]}, \"parameters\": {\"@class\": \"java.util.TreeMap\"}," +
-			"\"contextPath\": \"\", \"method\": \"\", \"pathInfo\": null, \"queryString\": null, \"requestURI\": \"\", \"requestURL\": \"http://localhost\", \"scheme\": \"http\", " +
-			"\"serverName\": \"localhost\", \"servletPath\": \"\", \"serverPort\": 80"+
-			"}";
+	
+	// @formatter:off
+	private static final String COOKIES_JSON = "[\"java.util.ArrayList\", [{"
+		+ "\"@class\": \"org.springframework.security.web.savedrequest.SavedCookie\", "
+		+ "\"name\": \"SESSION\", "
+		+ "\"value\": \"123456789\", "
+		+ "\"comment\": null, "
+		+ "\"maxAge\": -1, "
+		+ "\"path\": null, "
+		+ "\"secure\":false, "
+		+ "\"version\": 0, "
+		+ "\"domain\": null"
+	+ "}]]";
+	// @formatter:on
+
+	// @formatter:off
+	private static final String REQUEST_JSON = "{" +
+		"\"@class\": \"org.springframework.security.web.savedrequest.DefaultSavedRequest\", "
+		+ "\"cookies\": "+ COOKIES_JSON +","
+		+ "\"locales\": [\"java.util.ArrayList\", [\"en\"]], "
+		+ "\"headers\": {\"@class\": \"java.util.TreeMap\", \"x-auth-token\": [\"java.util.ArrayList\", [\"12\"]]}, "
+		+ "\"parameters\": {\"@class\": \"java.util.TreeMap\"},"
+		+ "\"contextPath\": \"\", "
+		+ "\"method\": \"\", "
+		+ "\"pathInfo\": null, "
+		+ "\"queryString\": null, "
+		+ "\"requestURI\": \"\", "
+		+ "\"requestURL\": \"http://localhost\", "
+		+ "\"scheme\": \"http\", "
+		+ "\"serverName\": \"localhost\", "
+		+ "\"servletPath\": \"\", "
+		+ "\"serverPort\": 80"
+	+ "}";
+	// @formatter:on
 
 	@Test
 	public void matchRequestBuildWithConstructorAndBuilder() {
@@ -66,7 +95,7 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 		request.setCookies(new Cookie("SESSION", "123456789"));
 		request.addHeader("x-auth-token", "12");
 		String actualString = buildObjectMapper().writerWithDefaultPrettyPrinter().writeValueAsString(new DefaultSavedRequest(request, new PortResolverImpl()));
-		JSONAssert.assertEquals(defaultSavedRequestJson, actualString, true);
+		JSONAssert.assertEquals(REQUEST_JSON, actualString, true);
 	}
 
 	@Test
@@ -78,12 +107,12 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests {
 				.setLocales(Collections.singletonList(new Locale("en"))).setContextPath("").setMethod("")
 				.setServletPath("").build();
 		String actualString = buildObjectMapper().writerWithDefaultPrettyPrinter().writeValueAsString(request);
-		JSONAssert.assertEquals(defaultSavedRequestJson, actualString, true);
+		JSONAssert.assertEquals(REQUEST_JSON, actualString, true);
 	}
 
 	@Test
 	public void deserializeDefaultSavedRequest() throws IOException {
-		DefaultSavedRequest request = (DefaultSavedRequest) buildObjectMapper().readValue(defaultSavedRequestJson, Object.class);
+		DefaultSavedRequest request = (DefaultSavedRequest) buildObjectMapper().readValue(REQUEST_JSON, Object.class);
 		assertThat(request).isNotNull();
 		assertThat(request.getCookies()).hasSize(1);
 		assertThat(request.getLocales()).hasSize(1).contains(new Locale("en"));

web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java

@@ -16,20 +16,21 @@
 
 package org.springframework.security.web.jackson2;
 
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.Cookie;
+
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.PropertyAccessor;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.json.JSONException;
-import org.junit.Before;
 import org.junit.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
-import org.springframework.security.web.savedrequest.SavedCookie;
 
-import javax.servlet.http.Cookie;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
+import org.springframework.security.web.savedrequest.SavedCookie;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -37,59 +38,66 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Jitendra Singh.
  */
 public class SavedCookieMixinTests extends AbstractMixinTests {
+	// @formatter:off
+	private static final String COOKIE_JSON = "{"
+		+ "\"@class\": \"org.springframework.security.web.savedrequest.SavedCookie\", "
+		+ "\"name\": \"SESSION\", "
+		+ "\"value\": \"123456789\", "
+		+ "\"comment\": null, "
+		+ "\"maxAge\": -1, "
+		+ "\"path\": null, "
+		+ "\"secure\":false, "
+		+ "\"version\": 0, "
+		+ "\"domain\": null"
+	+ "}";
+	// @formatter:on
 
-	private String expectedSavedCookieJson;
-
-	@Before
-	public void setup() {
-		expectedSavedCookieJson = "{\"@class\": \"org.springframework.security.web.savedrequest.SavedCookie\", " +
-				"\"name\": \"session\", \"value\": \"123456\", \"comment\": null, \"domain\": null, \"maxAge\": -1, " +
-				"\"path\": null, \"secure\": false, \"version\": 0}";
-	}
-
+	// @formatter:off
+	private static final String COOKIES_JSON = "[\"java.util.ArrayList\", [" 
+		+ COOKIE_JSON 
+	+ "]]";
+	// @formatter:on
 
 	@Test
 	public void serializeWithDefaultConfigurationTest() throws JsonProcessingException, JSONException {
-		SavedCookie savedCookie = new SavedCookie(new Cookie("session", "123456"));
+		SavedCookie savedCookie = new SavedCookie(new Cookie("SESSION", "123456789"));
 		String actualJson = buildObjectMapper().writeValueAsString(savedCookie);
-		JSONAssert.assertEquals(expectedSavedCookieJson, actualJson, true);
+		JSONAssert.assertEquals(COOKIE_JSON, actualJson, true);
 	}
 
 	@Test
 	public void serializeWithOverrideConfigurationTest() throws JsonProcessingException, JSONException {
-		SavedCookie savedCookie = new SavedCookie(new Cookie("session", "123456"));
+		SavedCookie savedCookie = new SavedCookie(new Cookie("SESSION", "123456789"));
 		ObjectMapper mapper = buildObjectMapper();
 		mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.PUBLIC_ONLY)
 				.setVisibility(PropertyAccessor.GETTER, JsonAutoDetect.Visibility.ANY);
 		String actualJson = mapper.writeValueAsString(savedCookie);
-		JSONAssert.assertEquals(expectedSavedCookieJson, actualJson, true);
+		JSONAssert.assertEquals(COOKIE_JSON, actualJson, true);
 	}
 
 	@Test
 	public void serializeSavedCookieWithList() throws JsonProcessingException, JSONException {
 		List<SavedCookie> savedCookies = new ArrayList<SavedCookie>();
-		savedCookies.add(new SavedCookie(new Cookie("session", "123456")));
-		String expectedJson = String.format("[\"java.util.ArrayList\", [%s]]", expectedSavedCookieJson);
+		savedCookies.add(new SavedCookie(new Cookie("SESSION", "123456789")));
 		String actualJson = buildObjectMapper().writeValueAsString(savedCookies);
-		JSONAssert.assertEquals(expectedJson, actualJson, true);
+		JSONAssert.assertEquals(COOKIES_JSON, actualJson, true);
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void deserializeSavedCookieWithList() throws IOException, JSONException {
-		String expectedJson = String.format("[\"java.util.ArrayList\", [%s]]", expectedSavedCookieJson);
-		List<SavedCookie> savedCookies = (List<SavedCookie>)buildObjectMapper().readValue(expectedJson, Object.class);
+		List<SavedCookie> savedCookies = (List<SavedCookie>)buildObjectMapper().readValue(COOKIES_JSON, Object.class);
 		assertThat(savedCookies).isNotNull().hasSize(1);
-		assertThat(savedCookies.get(0).getName()).isEqualTo("session");
-		assertThat(savedCookies.get(0).getValue()).isEqualTo("123456");
+		assertThat(savedCookies.get(0).getName()).isEqualTo("SESSION");
+		assertThat(savedCookies.get(0).getValue()).isEqualTo("123456789");
 	}
 
 	@Test
 	public void deserializeSavedCookieJsonTest() throws IOException {
-		SavedCookie savedCookie = (SavedCookie) buildObjectMapper().readValue(expectedSavedCookieJson, Object.class);
+		SavedCookie savedCookie = (SavedCookie) buildObjectMapper().readValue(COOKIE_JSON, Object.class);
 		assertThat(savedCookie).isNotNull();
-		assertThat(savedCookie.getName()).isEqualTo("session");
-		assertThat(savedCookie.getValue()).isEqualTo("123456");
+		assertThat(savedCookie.getName()).isEqualTo("SESSION");
+		assertThat(savedCookie.getValue()).isEqualTo("123456789");
 		assertThat(savedCookie.isSecure()).isEqualTo(false);
 		assertThat(savedCookie.getVersion()).isEqualTo(0);
 		assertThat(savedCookie.getComment()).isNull();

web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java

@@ -39,8 +39,15 @@ import static org.assertj.core.api.Assertions.assertThat;
 public class WebAuthenticationDetailsMixinTests {
 
 	ObjectMapper mapper;
-	String webAuthenticationDetailsJson = "{\"@class\": \"org.springframework.security.web.authentication.WebAuthenticationDetails\","
-			+ "\"sessionId\": \"1\", \"remoteAddress\": \"/localhost\"}";
+	
+	// @formatter:off
+	private static final String AUTHENTICATION_DETAILS_JSON = "{"
+		+ "\"@class\": \"org.springframework.security.web.authentication.WebAuthenticationDetails\","
+		+ "\"sessionId\": \"1\", "
+		+ "\"remoteAddress\": "
+		+ "\"/localhost\""
+	+ "}";
+	// @formatter:on
 
 	@Before
 	public void setup() {
@@ -58,7 +65,7 @@ public class WebAuthenticationDetailsMixinTests {
 
 		WebAuthenticationDetails details = new WebAuthenticationDetails(request);
 
-		WebAuthenticationDetails authenticationDetails = this.mapper.readValue(webAuthenticationDetailsJson,
+		WebAuthenticationDetails authenticationDetails = this.mapper.readValue(AUTHENTICATION_DETAILS_JSON,
 				WebAuthenticationDetails.class);
 		assertThat(details.equals(authenticationDetails));
 	}
@@ -71,13 +78,13 @@ public class WebAuthenticationDetailsMixinTests {
 		request.setSession(new MockHttpSession(null, "1"));
 		WebAuthenticationDetails details = new WebAuthenticationDetails(request);
 		String actualJson = this.mapper.writeValueAsString(details);
-		JSONAssert.assertEquals(webAuthenticationDetailsJson, actualJson, true);
+		JSONAssert.assertEquals(AUTHENTICATION_DETAILS_JSON, actualJson, true);
 	}
 
 	@Test
 	public void webAuthenticationDetailsDeserializeTest()
 			throws IOException, JSONException {
-		WebAuthenticationDetails details = this.mapper.readValue(webAuthenticationDetailsJson,
+		WebAuthenticationDetails details = this.mapper.readValue(AUTHENTICATION_DETAILS_JSON,
 				WebAuthenticationDetails.class);
 		assertThat(details).isNotNull();
 		assertThat(details.getRemoteAddress()).isEqualTo("/localhost");