diff --git a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java index e3ae9564ff..4aac36dafe 100644 --- a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java +++ b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java @@ -45,42 +45,62 @@ import static org.assertj.core.api.Assertions.assertThat; */ public class CasAuthenticationTokenMixinTests { - private final String KEY = "casKey"; - private final String PASSWORD = "pass"; - Date startDate = new Date(); - Date endDate = new Date(); - String expectedJson = "{\"@class\": \"org.springframework.security.cas.authentication.CasAuthenticationToken\", \"keyHash\": " + KEY.hashCode() + "," + - "\"principal\": {\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"username\", \"password\": %s, \"accountNonExpired\": true, \"enabled\": true," + - "\"accountNonLocked\": true, \"credentialsNonExpired\": true, \"authorities\": [\"java.util.Collections$UnmodifiableSet\"," + - "[{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"USER\"}]]}, \"credentials\": \"" + PASSWORD + "\", \"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]," + - "\"userDetails\": {\"@class\": \"org.springframework.security.core.userdetails.User\",\"username\": \"user\", \"password\": \"" + PASSWORD + "\", \"enabled\": true, \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true, \"authorities\": [\"java.util.Collections$UnmodifiableSet\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}," + - "\"authenticated\": true, \"details\": null," + - "\"assertion\": {" + - "\"@class\": \"org.jasig.cas.client.validation.AssertionImpl\", \"principal\": {\"@class\": \"org.jasig.cas.client.authentication.AttributePrincipalImpl\", \"name\": \"assertName\", \"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}, \"proxyGrantingTicket\": null, \"proxyRetriever\": null}, " + - "\"validFromDate\": [\"java.util.Date\", " + startDate.getTime() + "], \"validUntilDate\": [\"java.util.Date\", " + endDate.getTime() + "]," + - "\"authenticationDate\": [\"java.util.Date\", " + startDate.getTime() + "], \"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}" + - "}}"; + private static final String KEY = "casKey"; + private static final String PASSWORD = "\"1234\""; + private static final Date START_DATE = new Date(); + private static final Date END_DATE = new Date(); - private CasAuthenticationToken createCasAuthenticationToken() { - User principal = new User("username", PASSWORD, Collections.singletonList(new SimpleGrantedAuthority("USER"))); - Collection authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")); - Assertion assertion = new AssertionImpl(new AttributePrincipalImpl("assertName"), startDate, endDate, startDate, Collections.emptyMap()); - return new CasAuthenticationToken(KEY, principal, principal.getPassword(), authorities, - new User("user", PASSWORD, authorities), assertion); - } + public static final String AUTHORITY_JSON = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}"; - ObjectMapper buildObjectMapper() { - ClassLoader loader = getClass().getClassLoader(); - ObjectMapper mapper = new ObjectMapper(); - mapper.registerModules(SecurityJacksonModules.getModules(loader)); - return mapper; - } + public static final String AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", [" + AUTHORITY_JSON + "]]"; + + public static final String AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.ArrayList\", [" + AUTHORITY_JSON + "]]"; + + // @formatter:off + public static final String USER_JSON = "{" + + "\"@class\": \"org.springframework.security.core.userdetails.User\", " + + "\"username\": \"admin\"," + + " \"password\": " + PASSWORD + ", " + + "\"accountNonExpired\": true, " + + "\"accountNonLocked\": true, " + + "\"credentialsNonExpired\": true, " + + "\"enabled\": true, " + + "\"authorities\": " + AUTHORITIES_SET_JSON + + "}"; + // @formatter:on + + private static final String CAS_TOKEN_JSON = "{" + + "\"@class\": \"org.springframework.security.cas.authentication.CasAuthenticationToken\", " + + "\"keyHash\": " + KEY.hashCode() + "," + + "\"principal\": " + USER_JSON + ", " + + "\"credentials\": " + PASSWORD + ", " + + "\"authorities\": " + AUTHORITIES_ARRAYLIST_JSON + "," + + "\"userDetails\": " + USER_JSON +"," + + "\"authenticated\": true, " + + "\"details\": null," + + "\"assertion\": {" + + "\"@class\": \"org.jasig.cas.client.validation.AssertionImpl\", " + + "\"principal\": {" + + "\"@class\": \"org.jasig.cas.client.authentication.AttributePrincipalImpl\", " + + "\"name\": \"assertName\", " + + "\"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}, " + + "\"proxyGrantingTicket\": null, " + + "\"proxyRetriever\": null" + + "}, " + + "\"validFromDate\": [\"java.util.Date\", " + START_DATE.getTime() + "], " + + "\"validUntilDate\": [\"java.util.Date\", " + END_DATE.getTime() + "]," + + "\"authenticationDate\": [\"java.util.Date\", " + START_DATE.getTime() + "], " + + "\"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}" + + "}" + + "}"; + + private static final String CAS_TOKEN_CLEARED_JSON = CAS_TOKEN_JSON.replaceFirst(PASSWORD, "null"); @Test public void serializeCasAuthenticationTest() throws JsonProcessingException, JSONException { CasAuthenticationToken token = createCasAuthenticationToken(); String actualJson = buildObjectMapper().writeValueAsString(token); - JSONAssert.assertEquals(String.format(expectedJson, "\"" + PASSWORD + "\""), actualJson, true); + JSONAssert.assertEquals(CAS_TOKEN_JSON, actualJson, true); } @Test @@ -88,30 +108,45 @@ public class CasAuthenticationTokenMixinTests { CasAuthenticationToken token = createCasAuthenticationToken(); token.eraseCredentials(); String actualJson = buildObjectMapper().writeValueAsString(token); - JSONAssert.assertEquals(String.format(expectedJson, "null"), actualJson, true); + JSONAssert.assertEquals(CAS_TOKEN_CLEARED_JSON, actualJson, true); } @Test public void deserializeCasAuthenticationTestAfterEraseCredentialInvoked() throws Exception { - CasAuthenticationToken token = buildObjectMapper().readValue(String.format(expectedJson, "null"), CasAuthenticationToken.class); + CasAuthenticationToken token = buildObjectMapper().readValue(CAS_TOKEN_CLEARED_JSON, CasAuthenticationToken.class); assertThat(((UserDetails)token.getPrincipal()).getPassword()).isNull(); } @Test public void deserializeCasAuthenticationTest() throws IOException, JSONException { - CasAuthenticationToken token = buildObjectMapper().readValue(String.format(expectedJson, "\"" + PASSWORD + "\""), CasAuthenticationToken.class); + CasAuthenticationToken token = buildObjectMapper().readValue(CAS_TOKEN_JSON, CasAuthenticationToken.class); assertThat(token).isNotNull(); assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class); - assertThat(((User) token.getPrincipal()).getUsername()).isEqualTo("username"); - assertThat(((User) token.getPrincipal()).getPassword()).isEqualTo(PASSWORD); + assertThat(((User) token.getPrincipal()).getUsername()).isEqualTo("admin"); + assertThat(((User) token.getPrincipal()).getPassword()).isEqualTo("1234"); assertThat(token.getUserDetails()).isNotNull().isInstanceOf(User.class); assertThat(token.getAssertion()).isNotNull().isInstanceOf(AssertionImpl.class); assertThat(token.getKeyHash()).isEqualTo(KEY.hashCode()); assertThat(token.getUserDetails().getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); - assertThat(token.getAssertion().getAuthenticationDate()).isEqualTo(startDate); - assertThat(token.getAssertion().getValidFromDate()).isEqualTo(startDate); - assertThat(token.getAssertion().getValidUntilDate()).isEqualTo(endDate); + assertThat(token.getAssertion().getAuthenticationDate()).isEqualTo(START_DATE); + assertThat(token.getAssertion().getValidFromDate()).isEqualTo(START_DATE); + assertThat(token.getAssertion().getValidUntilDate()).isEqualTo(END_DATE); assertThat(token.getAssertion().getPrincipal().getName()).isEqualTo("assertName"); assertThat(token.getAssertion().getAttributes()).hasSize(0); } + + private CasAuthenticationToken createCasAuthenticationToken() { + User principal = new User("admin", "1234", Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"))); + Collection authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")); + Assertion assertion = new AssertionImpl(new AttributePrincipalImpl("assertName"), START_DATE, END_DATE, START_DATE, Collections.emptyMap()); + return new CasAuthenticationToken(KEY, principal, principal.getPassword(), authorities, + new User("admin", "1234", authorities), assertion); + } + + ObjectMapper buildObjectMapper() { + ClassLoader loader = getClass().getClassLoader(); + ObjectMapper mapper = new ObjectMapper(); + mapper.registerModules(SecurityJacksonModules.getModules(loader)); + return mapper; + } } diff --git a/core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java index 93f612dd44..9ff47d52ac 100644 --- a/core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java @@ -17,12 +17,11 @@ package org.springframework.security.jackson2; import com.fasterxml.jackson.databind.ObjectMapper; -import org.springframework.security.core.authority.SimpleGrantedAuthority; + +import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.User; import org.springframework.util.ObjectUtils; -import java.util.Collections; - /** * @author Jitenra Singh * @since 4.2 @@ -41,10 +40,10 @@ public abstract class AbstractMixinTests { } User createDefaultUser() { - return createUser("dummy", "password", "ROLE_USER"); + return createUser("admin", "1234", "ROLE_USER"); } User createUser(String username, String password, String authority) { - return new User(username, password, Collections.singletonList(new SimpleGrantedAuthority(authority))); + return new User(username, password, AuthorityUtils.createAuthorityList(authority)); } } diff --git a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java index 4403f95b67..a19deb4833 100644 --- a/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixinTests.java @@ -36,38 +36,43 @@ import static org.assertj.core.api.Assertions.assertThat; */ public class AnonymousAuthenticationTokenMixinTests extends AbstractMixinTests { - String hashKey = "key"; - String anonymousAuthTokenJson = "{\"@class\": \"org.springframework.security.authentication.AnonymousAuthenticationToken\", \"details\": null," + - "\"principal\": {\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"dummy\", \"password\": %s," + - " \"accountNonExpired\": true, \"enabled\": true, " + - "\"accountNonLocked\": true, \"credentialsNonExpired\": true, \"authorities\": [\"java.util.Collections$UnmodifiableSet\"," + - "[{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}, \"authenticated\": true, \"keyHash\": " + hashKey.hashCode() + "," + - "\"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}"; + private static final String HASH_KEY = "key"; + + // @formatter:off + private static final String ANONYMOUS_JSON = "{" + + "\"@class\": \"org.springframework.security.authentication.AnonymousAuthenticationToken\", " + + "\"details\": null," + + "\"principal\": " + UserDeserializerTests.USER_JSON + "," + + "\"authenticated\": true, " + + "\"keyHash\": " + HASH_KEY.hashCode() + "," + + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + + "}"; + // @formatter:on @Test public void serializeAnonymousAuthenticationTokenTest() throws JsonProcessingException, JSONException { User user = createDefaultUser(); AnonymousAuthenticationToken token = new AnonymousAuthenticationToken( - hashKey, user, user.getAuthorities() + HASH_KEY, user, user.getAuthorities() ); String actualJson = buildObjectMapper().writeValueAsString(token); - JSONAssert.assertEquals(String.format(anonymousAuthTokenJson, "\"password\""), actualJson, true); + JSONAssert.assertEquals(ANONYMOUS_JSON, actualJson, true); } @Test public void deserializeAnonymousAuthenticationTokenTest() throws IOException { AnonymousAuthenticationToken token = buildObjectMapper() - .readValue(String.format(anonymousAuthTokenJson,"\"password\""), AnonymousAuthenticationToken.class); + .readValue(ANONYMOUS_JSON, AnonymousAuthenticationToken.class); assertThat(token).isNotNull(); - assertThat(token.getKeyHash()).isEqualTo(hashKey.hashCode()); + assertThat(token.getKeyHash()).isEqualTo(HASH_KEY.hashCode()); assertThat(token.getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); } @Test(expected = JsonMappingException.class) public void deserializeAnonymousAuthenticationTokenWithoutAuthoritiesTest() throws IOException { String jsonString = "{\"@class\": \"org.springframework.security.authentication.AnonymousAuthenticationToken\", \"details\": null," + - "\"principal\": \"user\", \"authenticated\": true, \"keyHash\": " + hashKey.hashCode() + "," + + "\"principal\": \"user\", \"authenticated\": true, \"keyHash\": " + HASH_KEY.hashCode() + "," + "\"authorities\": [\"java.util.ArrayList\", []]}"; buildObjectMapper().readValue(jsonString, AnonymousAuthenticationToken.class); } @@ -76,10 +81,10 @@ public class AnonymousAuthenticationTokenMixinTests extends AbstractMixinTests { public void serializeAnonymousAuthenticationTokenMixinAfterEraseCredentialTest() throws JsonProcessingException, JSONException { User user = createDefaultUser(); AnonymousAuthenticationToken token = new AnonymousAuthenticationToken( - hashKey, user, user.getAuthorities() + HASH_KEY, user, user.getAuthorities() ); token.eraseCredentials(); String actualJson = buildObjectMapper().writeValueAsString(token); - JSONAssert.assertEquals(String.format(anonymousAuthTokenJson, "null"), actualJson, true); + JSONAssert.assertEquals(ANONYMOUS_JSON.replace(UserDeserializerTests.USER_PASSWORD, "null"), actualJson, true); } } diff --git a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java index 68b5f79f7e..ebfb0a100a 100644 --- a/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixinTests.java @@ -36,17 +36,28 @@ import static org.assertj.core.api.Assertions.assertThat; */ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests { - String rememberMeKey = "rememberMe"; - String rememberMeAuthTokenJson = "{\"@class\": \"org.springframework.security.authentication.RememberMeAuthenticationToken\"," + - "\"keyHash\": " + rememberMeKey.hashCode() + ", \"authenticated\": true, \"details\": null," + - "\"principal\": {\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"dummy\", \"password\": %s," + - " \"enabled\": true, \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true, " + - "\"authorities\": [\"java.util.Collections$UnmodifiableSet\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}," + - "\"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}"; + private static final String REMEMBERME_KEY = "rememberMe"; - String rememberMeAuthTokenWithoutUserJson = "{\"@class\": \"org.springframework.security.authentication.RememberMeAuthenticationToken\"," + - "\"keyHash\": " + rememberMeKey.hashCode() + ", \"authenticated\": true, \"details\": null," + - "\"principal\": \"dummy\", \"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}"; + // @formatter:off + private static final String REMEMBERME_AUTH_JSON = "{" + + "\"@class\": \"org.springframework.security.authentication.RememberMeAuthenticationToken\", " + + "\"keyHash\": " + REMEMBERME_KEY.hashCode() + ", " + + "\"authenticated\": true, \"details\": null" + ", " + + "\"principal\": " + UserDeserializerTests.USER_JSON + ", " + + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + + "}"; + // @formatter:on + + // @formatter:off + private static final String REMEMBERME_AUTH_STRINGPRINCIPAL_JSON = "{" + + "\"@class\": \"org.springframework.security.authentication.RememberMeAuthenticationToken\"," + + "\"keyHash\": " + REMEMBERME_KEY.hashCode() + ", " + + "\"authenticated\": true, " + + "\"details\": null," + + "\"principal\": \"admin\", " + + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + + "}"; + // @formatter:on @Test(expected = IllegalArgumentException.class) public void testWithNullPrincipal() throws JsonProcessingException, JSONException { @@ -60,44 +71,44 @@ public class RememberMeAuthenticationTokenMixinTests extends AbstractMixinTests @Test public void serializeRememberMeAuthenticationToken() throws JsonProcessingException, JSONException { - RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(rememberMeKey, "dummy", Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"))); + RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, "admin", Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"))); String actualJson = buildObjectMapper().writeValueAsString(token); - JSONAssert.assertEquals(rememberMeAuthTokenWithoutUserJson, actualJson, true); + JSONAssert.assertEquals(REMEMBERME_AUTH_STRINGPRINCIPAL_JSON, actualJson, true); } @Test public void serializeRememberMeAuthenticationWithUserToken() throws JsonProcessingException, JSONException { User user = createDefaultUser(); - RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(rememberMeKey, user, user.getAuthorities()); + RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, user, user.getAuthorities()); String actualJson = buildObjectMapper().writeValueAsString(token); - JSONAssert.assertEquals(String.format(rememberMeAuthTokenJson, "\"password\""), actualJson, true); + JSONAssert.assertEquals(String.format(REMEMBERME_AUTH_JSON, "\"password\""), actualJson, true); } @Test public void serializeRememberMeAuthenticationWithUserTokenAfterEraseCredential() throws JsonProcessingException, JSONException { User user = createDefaultUser(); - RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(rememberMeKey, user, user.getAuthorities()); + RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, user, user.getAuthorities()); token.eraseCredentials(); String actualJson = buildObjectMapper().writeValueAsString(token); - JSONAssert.assertEquals(String.format(rememberMeAuthTokenJson, "null"), actualJson, true); + JSONAssert.assertEquals(REMEMBERME_AUTH_JSON.replace(UserDeserializerTests.USER_PASSWORD, "null"), actualJson, true); } @Test public void deserializeRememberMeAuthenticationToken() throws IOException { - RememberMeAuthenticationToken token = buildObjectMapper().readValue(rememberMeAuthTokenWithoutUserJson, RememberMeAuthenticationToken.class); + RememberMeAuthenticationToken token = buildObjectMapper().readValue(REMEMBERME_AUTH_STRINGPRINCIPAL_JSON, RememberMeAuthenticationToken.class); assertThat(token).isNotNull(); - assertThat(token.getPrincipal()).isNotNull().isEqualTo("dummy").isEqualTo(token.getName()); + assertThat(token.getPrincipal()).isNotNull().isEqualTo("admin").isEqualTo(token.getName()); assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); } @Test public void deserializeRememberMeAuthenticationTokenWithUserTest() throws IOException { RememberMeAuthenticationToken token = buildObjectMapper() - .readValue(String.format(rememberMeAuthTokenJson, "\"password\""), RememberMeAuthenticationToken.class); + .readValue(String.format(REMEMBERME_AUTH_JSON, "\"password\""), RememberMeAuthenticationToken.class); assertThat(token).isNotNull(); assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class); - assertThat(((User)token.getPrincipal()).getUsername()).isEqualTo("dummy"); - assertThat(((User)token.getPrincipal()).getPassword()).isEqualTo("password"); + assertThat(((User)token.getPrincipal()).getUsername()).isEqualTo("admin"); + assertThat(((User)token.getPrincipal()).getPassword()).isEqualTo("1234"); assertThat(((User) token.getPrincipal()).getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); assertThat(((User) token.getPrincipal()).isEnabled()).isEqualTo(true); diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java index 171c2106b4..e1c8cc2d06 100644 --- a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java @@ -36,29 +36,29 @@ import static org.assertj.core.api.Assertions.assertThat; */ public class SecurityContextMixinTests extends AbstractMixinTests { - String securityContextJson = "{\"@class\": \"org.springframework.security.core.context.SecurityContextImpl\", \"authentication\": " + - "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," + - "\"principal\": \"dummy\", \"credentials\": \"password\", \"authenticated\": true, \"details\": null," + - "\"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]" + - "}" + - "}"; + // @formatter:off + public static final String SECURITY_CONTEXT_JSON = "{" + + "\"@class\": \"org.springframework.security.core.context.SecurityContextImpl\", " + + "\"authentication\": " + UsernamePasswordAuthenticationTokenMixinTests.AUTHENTICATED_STRINGPRINCIPAL_JSON + + "}"; + // @formatter:on @Test public void securityContextSerializeTest() throws JsonProcessingException, JSONException { SecurityContext context = new SecurityContextImpl(); - context.setAuthentication(new UsernamePasswordAuthenticationToken("dummy", "password", Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")))); + context.setAuthentication(new UsernamePasswordAuthenticationToken("admin", "1234", Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")))); String actualJson = buildObjectMapper().writeValueAsString(context); - JSONAssert.assertEquals(securityContextJson, actualJson, true); + JSONAssert.assertEquals(SECURITY_CONTEXT_JSON, actualJson, true); } @Test public void securityContextDeserializeTest() throws IOException { - SecurityContext context = buildObjectMapper().readValue(securityContextJson, SecurityContextImpl.class); + SecurityContext context = buildObjectMapper().readValue(SECURITY_CONTEXT_JSON, SecurityContextImpl.class); assertThat(context).isNotNull(); assertThat(context.getAuthentication()).isNotNull().isInstanceOf(UsernamePasswordAuthenticationToken.class); - assertThat(context.getAuthentication().getPrincipal()).isEqualTo("dummy"); - assertThat(context.getAuthentication().getCredentials()).isEqualTo("password"); - assertThat(context.getAuthentication().isAuthenticated()).isEqualTo(true); + assertThat(context.getAuthentication().getPrincipal()).isEqualTo("admin"); + assertThat(context.getAuthentication().getCredentials()).isEqualTo("1234"); + assertThat(context.getAuthentication().isAuthenticated()).isTrue(); assertThat(context.getAuthentication().getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); } } diff --git a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java index 986e338fb6..696754bab1 100644 --- a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java @@ -33,18 +33,28 @@ import static org.assertj.core.api.Assertions.*; */ public class SimpleGrantedAuthorityMixinTests extends AbstractMixinTests { - String simpleGrantedAuthorityJson = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}"; + // @formatter:off + public static final String AUTHORITY_JSON = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}"; + + public static final String AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.ArrayList\", [" + AUTHORITY_JSON + "]]"; + + public static final String AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", [" + AUTHORITY_JSON + "]]"; + + public static final String NO_AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.ArrayList\", []]"; + + public static final String NO_AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", []]"; + // @formatter:on @Test public void serializeSimpleGrantedAuthorityTest() throws JsonProcessingException, JSONException { SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER"); String serializeJson = buildObjectMapper().writeValueAsString(authority); - JSONAssert.assertEquals(simpleGrantedAuthorityJson, serializeJson, true); + JSONAssert.assertEquals(AUTHORITY_JSON, serializeJson, true); } @Test public void deserializeGrantedAuthorityTest() throws IOException { - SimpleGrantedAuthority authority = buildObjectMapper().readValue(simpleGrantedAuthorityJson, SimpleGrantedAuthority.class); + SimpleGrantedAuthority authority = buildObjectMapper().readValue(AUTHORITY_JSON, SimpleGrantedAuthority.class); assertThat(authority).isNotNull(); assertThat(authority.getAuthority()).isNotNull().isEqualTo("ROLE_USER"); } diff --git a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java index 1a7d88959a..8fd750e65c 100644 --- a/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/UserDeserializerTests.java @@ -16,18 +16,21 @@ package org.springframework.security.jackson2; +import java.io.IOException; +import java.util.Collections; +import java.util.regex.Pattern; + import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ObjectNode; import org.json.JSONException; import org.junit.Test; import org.skyscreamer.jsonassert.JSONAssert; + import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; -import java.io.IOException; -import java.util.Collections; - import static org.assertj.core.api.Assertions.assertThat; /** @@ -35,21 +38,27 @@ import static org.assertj.core.api.Assertions.assertThat; * @since 4.2 */ public class UserDeserializerTests extends AbstractMixinTests { + public static final String USER_PASSWORD = "\"1234\""; - String userWithAuthoritiesJson = "{\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"admin\"," + - " \"password\": %s, \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true, " + - "\"enabled\": true, \"authorities\": [\"java.util.Collections$UnmodifiableSet\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}"; - - String userWithoutAuthoritiesJson = "{\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"admin\"," + - " \"password\": \"1234\", \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true," + - " \"enabled\": true, \"authorities\": [\"java.util.Collections$UnmodifiableSet\", []]}"; + // @formatter:off + public static final String USER_JSON = "{" + + "\"@class\": \"org.springframework.security.core.userdetails.User\", " + + "\"username\": \"admin\"," + + " \"password\": "+ USER_PASSWORD +", " + + "\"accountNonExpired\": true, " + + "\"accountNonLocked\": true, " + + "\"credentialsNonExpired\": true, " + + "\"enabled\": true, " + + "\"authorities\": " + SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON + + "}"; + // @formatter:on @Test public void serializeUserTest() throws JsonProcessingException, JSONException { ObjectMapper mapper = buildObjectMapper(); - User user = new User("admin", "1234", Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"))); + User user = createDefaultUser(); String userJson = mapper.writeValueAsString(user); - JSONAssert.assertEquals(String.format(userWithAuthoritiesJson, "\"1234\""), userJson, true); + JSONAssert.assertEquals(userWithPasswordJson(user.getPassword()), userJson, true); } @Test @@ -57,26 +66,23 @@ public class UserDeserializerTests extends AbstractMixinTests { ObjectMapper mapper = buildObjectMapper(); User user = new User("admin", "1234", Collections.emptyList()); String userJson = mapper.writeValueAsString(user); - JSONAssert.assertEquals(userWithoutAuthoritiesJson, userJson, true); + JSONAssert.assertEquals(userWithNoAuthoritiesJson(), userJson, true); } @Test(expected = IllegalArgumentException.class) public void deserializeUserWithNullPasswordEmptyAuthorityTest() throws IOException { - String userJsonWithoutPasswordString = "{\"@class\": \"org.springframework.security.core.userdetails.User\", " + - "\"username\": \"user\", \"accountNonExpired\": true, " + - "\"accountNonLocked\": true, \"credentialsNonExpired\": true, \"enabled\": true, " + - "\"authorities\": []}"; + String userJsonWithoutPasswordString = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON, "[]"); + ObjectMapper mapper = buildObjectMapper(); mapper.readValue(userJsonWithoutPasswordString, User.class); } @Test - public void deserializeUserWithNullPasswordNoAuthorityTest() throws IOException { - String userJsonWithoutPasswordString = "{\"@class\": \"org.springframework.security.core.userdetails.User\", " + - "\"username\": \"admin\", \"accountNonExpired\": true, " + - "\"accountNonLocked\": true, \"credentialsNonExpired\": true, \"enabled\": true, " + - "\"authorities\": [\"java.util.HashSet\", []]}"; + public void deserializeUserWithNullPasswordNoAuthorityTest() throws Exception { ObjectMapper mapper = buildObjectMapper(); + + String userJsonWithoutPasswordString = removeNode(userWithNoAuthoritiesJson(), mapper, "password"); + User user = mapper.readValue(userJsonWithoutPasswordString, User.class); assertThat(user).isNotNull(); assertThat(user.getUsername()).isEqualTo("admin"); @@ -86,20 +92,39 @@ public class UserDeserializerTests extends AbstractMixinTests { } @Test(expected = IllegalArgumentException.class) - public void deserializeUserWithNoClassIdInAuthoritiesTest() throws IOException { - String userJson = "{\"@class\": \"org.springframework.security.core.userdetails.User\", " + - "\"username\": \"user\", \"password\": \"pass\", \"accountNonExpired\": false, " + - "\"accountNonLocked\": false, \"credentialsNonExpired\": false, \"enabled\": false, " + - "\"authorities\": [{\"authority\": \"ROLE_USER\"}]}"; - buildObjectMapper().readValue(userJson, User.class); + public void deserializeUserWithNoClassIdInAuthoritiesTest() throws Exception { + ObjectMapper mapper = buildObjectMapper(); + String userJson = USER_JSON.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON, "[{\"authority\": \"ROLE_USER\"}]"); + mapper.readValue(userJson, User.class); } @Test public void deserializeUserWithClassIdInAuthoritiesTest() throws IOException { - User user = buildObjectMapper().readValue(String.format(userWithAuthoritiesJson, "\"1234\""), User.class); + User user = buildObjectMapper().readValue(userJson(), User.class); assertThat(user).isNotNull(); assertThat(user.getUsername()).isEqualTo("admin"); assertThat(user.getPassword()).isEqualTo("1234"); assertThat(user.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); } + + private String removeNode(String json, ObjectMapper mapper, String toRemove) throws Exception { + ObjectNode node = mapper.getFactory().createParser(json).readValueAsTree(); + node.remove(toRemove); + + String result = mapper.writeValueAsString(node); + JSONAssert.assertNotEquals(json, result, false); + return result; + } + + public static String userJson() { + return USER_JSON; + } + + public static String userWithPasswordJson(String password) { + return userJson().replaceAll(Pattern.quote(USER_PASSWORD), "\""+ password +"\""); + } + + public static String userWithNoAuthoritiesJson() { + return userJson().replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_SET_JSON, SimpleGrantedAuthorityMixinTests.NO_AUTHORITIES_SET_JSON); + } } diff --git a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java index 546ea3f976..c2fc4b6d37 100644 --- a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java @@ -16,19 +16,18 @@ package org.springframework.security.jackson2; +import java.io.IOException; + import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import org.json.JSONException; import org.junit.Test; import org.skyscreamer.jsonassert.JSONAssert; + import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; -import java.io.IOException; -import java.util.Collections; - import static org.assertj.core.api.Assertions.assertThat; /** @@ -36,40 +35,46 @@ import static org.assertj.core.api.Assertions.assertThat; * @since 4.2 */ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixinTests { + // @formatter:off + private static final String AUTHENTICATED_JSON = "{" + + "\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," + + "\"principal\": "+ UserDeserializerTests.USER_JSON + ", " + + "\"credentials\": \"1234\", " + + "\"authenticated\": true, " + + "\"details\": null, " + + "\"authorities\": "+ SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON + + "}"; + // @formatter:on - String unauthenticatedTokenWithoutUserPrincipal = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," + - " \"principal\": \"user1\", \"credentials\": \"password\", \"authenticated\": false, \"details\": null, " + - "\"authorities\": [\"java.util.ArrayList\", []]}"; + // @formatter:off + public static final String AUTHENTICATED_STRINGPRINCIPAL_JSON = AUTHENTICATED_JSON.replace( UserDeserializerTests.USER_JSON, "\"admin\""); + // @formatter:on - String authenticatedTokenWithoutUserPrincipal = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," + - " \"principal\": \"user1\", \"credentials\": \"password\", \"authenticated\": true, \"details\": null, " + - "\"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}"; - - String authenticatedTokenWithUserPrincipal = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," + - "\"principal\": {\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"user\", \"password\": %s, \"accountNonExpired\": true, \"enabled\": true, " + - "\"accountNonLocked\": true, \"credentialsNonExpired\": true, \"authorities\": [\"java.util.Collections$UnmodifiableSet\"," + - "[{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}, \"credentials\": %s," + - "\"details\": null, \"authenticated\": true," + - "\"authorities\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}]]}"; + // @formatter:off + private static final String UNAUTHENTICATED_STRINGPRINCIPAL_JSON = AUTHENTICATED_STRINGPRINCIPAL_JSON + .replace("\"authenticated\": true, ", "\"authenticated\": false, ") + .replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON, SimpleGrantedAuthorityMixinTests.NO_AUTHORITIES_ARRAYLIST_JSON); + // @formatter:on @Test public void serializeUnauthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws JsonProcessingException, JSONException { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user1", "password"); + UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("admin", "1234"); String serializedJson = buildObjectMapper().writeValueAsString(token); - JSONAssert.assertEquals(unauthenticatedTokenWithoutUserPrincipal, serializedJson, true); + JSONAssert.assertEquals(UNAUTHENTICATED_STRINGPRINCIPAL_JSON, serializedJson, true); } @Test public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws JsonProcessingException, JSONException { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user1", "password", Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"))); + User user = createDefaultUser(); + UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), user.getAuthorities()); String serializedJson = buildObjectMapper().writeValueAsString(token); - JSONAssert.assertEquals(authenticatedTokenWithoutUserPrincipal, serializedJson, true); + JSONAssert.assertEquals(AUTHENTICATED_STRINGPRINCIPAL_JSON, serializedJson, true); } @Test public void deserializeUnauthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws IOException, JSONException { UsernamePasswordAuthenticationToken token = buildObjectMapper() - .readValue(unauthenticatedTokenWithoutUserPrincipal, UsernamePasswordAuthenticationToken.class); + .readValue(UNAUTHENTICATED_STRINGPRINCIPAL_JSON, UsernamePasswordAuthenticationToken.class); assertThat(token).isNotNull(); assertThat(token.isAuthenticated()).isEqualTo(false); assertThat(token.getAuthorities()).isNotNull().hasSize(0); @@ -77,27 +82,26 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin @Test public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws IOException { + UsernamePasswordAuthenticationToken expectedToken = createToken(); UsernamePasswordAuthenticationToken token = buildObjectMapper() - .readValue(authenticatedTokenWithoutUserPrincipal, UsernamePasswordAuthenticationToken.class); + .readValue(AUTHENTICATED_STRINGPRINCIPAL_JSON, UsernamePasswordAuthenticationToken.class); assertThat(token).isNotNull(); - assertThat(token.isAuthenticated()).isEqualTo(true); - assertThat(token.getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); + assertThat(token.isAuthenticated()).isTrue(); + assertThat(token.getAuthorities()).isEqualTo(expectedToken.getAuthorities()); } @Test public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinWithUserTest() throws JsonProcessingException, JSONException { - GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER"); - User user = new User("user", "password", Collections.singleton(authority)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, "password", Collections.singleton(authority)); + UsernamePasswordAuthenticationToken token = createToken(); String actualJson = buildObjectMapper().writeValueAsString(token); - JSONAssert.assertEquals(String.format(authenticatedTokenWithUserPrincipal, "password", "password"), actualJson, true); + JSONAssert.assertEquals(AUTHENTICATED_JSON, actualJson, true); } @Test public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithUserTest() throws IOException { ObjectMapper mapper = buildObjectMapper(); UsernamePasswordAuthenticationToken token = mapper - .readValue(String.format(authenticatedTokenWithUserPrincipal, "\"password\"", "\"password\""), UsernamePasswordAuthenticationToken.class); + .readValue(AUTHENTICATED_JSON, UsernamePasswordAuthenticationToken.class); assertThat(token).isNotNull(); assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class); assertThat(((User)token.getPrincipal()).getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); @@ -107,11 +111,15 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin @Test public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinAfterEraseCredentialInvoked() throws JsonProcessingException, JSONException { - GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER"); - User user = new User("user", "password", Collections.singleton(authority)); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, "password", Collections.singleton(authority)); + UsernamePasswordAuthenticationToken token = createToken(); token.eraseCredentials(); String actualJson = buildObjectMapper().writeValueAsString(token); - JSONAssert.assertEquals(String.format(authenticatedTokenWithUserPrincipal, "null", "null"), actualJson, true); + JSONAssert.assertEquals(AUTHENTICATED_JSON.replaceAll(UserDeserializerTests.USER_PASSWORD, "null"), actualJson, true); + } + + private UsernamePasswordAuthenticationToken createToken() { + User user = createDefaultUser(); + UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()); + return token; } -} +} \ No newline at end of file diff --git a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java index 1be162aeb4..6a20c452f8 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/CookieMixinTests.java @@ -34,8 +34,20 @@ import static org.assertj.core.api.Assertions.assertThat; */ public class CookieMixinTests { - String cookieJson = "{\"@class\": \"javax.servlet.http.Cookie\", \"name\": \"demo\", \"value\": \"cookie1\"," + - "\"comment\": null, \"maxAge\": -1, \"path\": null, \"secure\": false, \"version\": 0, \"isHttpOnly\": false, \"domain\": null}"; + // @formatter:off + private static final String COOKIE_JSON = "{" + + "\"@class\": \"javax.servlet.http.Cookie\", " + + "\"name\": \"demo\", " + + "\"value\": \"cookie1\"," + + "\"comment\": null, " + + "\"maxAge\": -1, " + + "\"path\": null, " + + "\"secure\": false, " + + "\"version\": 0, " + + "\"isHttpOnly\": false, " + + "\"domain\": null" + + "}"; + // @formatter:on ObjectMapper buildObjectMapper() { ObjectMapper mapper = new ObjectMapper(); @@ -48,12 +60,12 @@ public class CookieMixinTests { public void serializeCookie() throws JsonProcessingException, JSONException { Cookie cookie = new Cookie("demo", "cookie1"); String actualString = buildObjectMapper().writeValueAsString(cookie); - JSONAssert.assertEquals(cookieJson, actualString, true); + JSONAssert.assertEquals(COOKIE_JSON, actualString, true); } @Test public void deserializeCookie() throws IOException { - Cookie cookie = buildObjectMapper().readValue(cookieJson, Cookie.class); + Cookie cookie = buildObjectMapper().readValue(COOKIE_JSON, Cookie.class); assertThat(cookie).isNotNull(); assertThat(cookie.getName()).isEqualTo("demo"); assertThat(cookie.getDomain()).isEqualTo(""); diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java index d449a96d09..48de55fc61 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixinTests.java @@ -38,27 +38,34 @@ import static org.assertj.core.api.Assertions.assertThat; public class DefaultCsrfTokenMixinTests { ObjectMapper objectMapper; - String defaultCsrfTokenJson; + + + // @formatter:off + public static final String CSRF_JSON = "{" + + "\"@class\": \"org.springframework.security.web.csrf.DefaultCsrfToken\", " + + "\"headerName\": \"csrf-header\", " + + "\"parameterName\": \"_csrf\", " + + "\"token\": \"1\"" + + "}"; + // @formatter:on @Before public void setup() { objectMapper = new ObjectMapper(); ClassLoader loader = getClass().getClassLoader(); objectMapper.registerModules(SecurityJacksonModules.getModules(loader)); - defaultCsrfTokenJson = "{\"@class\": \"org.springframework.security.web.csrf.DefaultCsrfToken\", " + - "\"headerName\": \"csrf-header\", \"parameterName\": \"_csrf\", \"token\": \"1\"}"; } @Test public void defaultCsrfTokenSerializedTest() throws JsonProcessingException, JSONException { DefaultCsrfToken token = new DefaultCsrfToken("csrf-header", "_csrf", "1"); String serializedJson = objectMapper.writeValueAsString(token); - JSONAssert.assertEquals(defaultCsrfTokenJson, serializedJson, true); + JSONAssert.assertEquals(CSRF_JSON, serializedJson, true); } @Test public void defaultCsrfTokenDeserializeTest() throws IOException { - DefaultCsrfToken token = objectMapper.readValue(defaultCsrfTokenJson, DefaultCsrfToken.class); + DefaultCsrfToken token = objectMapper.readValue(CSRF_JSON, DefaultCsrfToken.class); assertThat(token).isNotNull(); assertThat(token.getHeaderName()).isEqualTo("csrf-header"); assertThat(token.getParameterName()).isEqualTo("_csrf"); diff --git a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java index 49b2c56f67..e52d3f8c47 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixinTests.java @@ -16,6 +16,12 @@ package org.springframework.security.web.jackson2; +import java.io.IOException; +import java.util.Collections; +import java.util.Locale; + +import javax.servlet.http.Cookie; + import org.json.JSONException; import org.junit.Test; import org.skyscreamer.jsonassert.JSONAssert; @@ -25,11 +31,6 @@ import org.springframework.security.web.PortResolverImpl; import org.springframework.security.web.savedrequest.DefaultSavedRequest; import org.springframework.security.web.savedrequest.SavedCookie; -import javax.servlet.http.Cookie; -import java.io.IOException; -import java.util.Collections; -import java.util.Locale; - import static org.assertj.core.api.Assertions.assertThat; /** @@ -38,12 +39,40 @@ import static org.assertj.core.api.Assertions.assertThat; */ public class DefaultSavedRequestMixinTests extends AbstractMixinTests { - String defaultSavedRequestJson = "{" + - "\"@class\": \"org.springframework.security.web.savedrequest.DefaultSavedRequest\", \"cookies\": [\"java.util.ArrayList\", [{\"@class\": \"org.springframework.security.web.savedrequest.SavedCookie\", \"name\": \"SESSION\", \"value\": \"123456789\", \"comment\": null, \"maxAge\": -1, \"path\": null, \"secure\":false, \"version\": 0, \"domain\": null}]]," + - "\"locales\": [\"java.util.ArrayList\", [\"en\"]], \"headers\": {\"@class\": \"java.util.TreeMap\", \"x-auth-token\": [\"java.util.ArrayList\", [\"12\"]]}, \"parameters\": {\"@class\": \"java.util.TreeMap\"}," + - "\"contextPath\": \"\", \"method\": \"\", \"pathInfo\": null, \"queryString\": null, \"requestURI\": \"\", \"requestURL\": \"http://localhost\", \"scheme\": \"http\", " + - "\"serverName\": \"localhost\", \"servletPath\": \"\", \"serverPort\": 80"+ - "}"; + + // @formatter:off + private static final String COOKIES_JSON = "[\"java.util.ArrayList\", [{" + + "\"@class\": \"org.springframework.security.web.savedrequest.SavedCookie\", " + + "\"name\": \"SESSION\", " + + "\"value\": \"123456789\", " + + "\"comment\": null, " + + "\"maxAge\": -1, " + + "\"path\": null, " + + "\"secure\":false, " + + "\"version\": 0, " + + "\"domain\": null" + + "}]]"; + // @formatter:on + + // @formatter:off + private static final String REQUEST_JSON = "{" + + "\"@class\": \"org.springframework.security.web.savedrequest.DefaultSavedRequest\", " + + "\"cookies\": "+ COOKIES_JSON +"," + + "\"locales\": [\"java.util.ArrayList\", [\"en\"]], " + + "\"headers\": {\"@class\": \"java.util.TreeMap\", \"x-auth-token\": [\"java.util.ArrayList\", [\"12\"]]}, " + + "\"parameters\": {\"@class\": \"java.util.TreeMap\"}," + + "\"contextPath\": \"\", " + + "\"method\": \"\", " + + "\"pathInfo\": null, " + + "\"queryString\": null, " + + "\"requestURI\": \"\", " + + "\"requestURL\": \"http://localhost\", " + + "\"scheme\": \"http\", " + + "\"serverName\": \"localhost\", " + + "\"servletPath\": \"\", " + + "\"serverPort\": 80" + + "}"; + // @formatter:on @Test public void matchRequestBuildWithConstructorAndBuilder() { @@ -66,7 +95,7 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests { request.setCookies(new Cookie("SESSION", "123456789")); request.addHeader("x-auth-token", "12"); String actualString = buildObjectMapper().writerWithDefaultPrettyPrinter().writeValueAsString(new DefaultSavedRequest(request, new PortResolverImpl())); - JSONAssert.assertEquals(defaultSavedRequestJson, actualString, true); + JSONAssert.assertEquals(REQUEST_JSON, actualString, true); } @Test @@ -78,12 +107,12 @@ public class DefaultSavedRequestMixinTests extends AbstractMixinTests { .setLocales(Collections.singletonList(new Locale("en"))).setContextPath("").setMethod("") .setServletPath("").build(); String actualString = buildObjectMapper().writerWithDefaultPrettyPrinter().writeValueAsString(request); - JSONAssert.assertEquals(defaultSavedRequestJson, actualString, true); + JSONAssert.assertEquals(REQUEST_JSON, actualString, true); } @Test public void deserializeDefaultSavedRequest() throws IOException { - DefaultSavedRequest request = (DefaultSavedRequest) buildObjectMapper().readValue(defaultSavedRequestJson, Object.class); + DefaultSavedRequest request = (DefaultSavedRequest) buildObjectMapper().readValue(REQUEST_JSON, Object.class); assertThat(request).isNotNull(); assertThat(request.getCookies()).hasSize(1); assertThat(request.getLocales()).hasSize(1).contains(new Locale("en")); diff --git a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java index 776b01211b..bfa054c79a 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/SavedCookieMixinTests.java @@ -16,20 +16,21 @@ package org.springframework.security.web.jackson2; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.Cookie; + import com.fasterxml.jackson.annotation.JsonAutoDetect; import com.fasterxml.jackson.annotation.PropertyAccessor; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import org.json.JSONException; -import org.junit.Before; import org.junit.Test; import org.skyscreamer.jsonassert.JSONAssert; -import org.springframework.security.web.savedrequest.SavedCookie; -import javax.servlet.http.Cookie; -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; +import org.springframework.security.web.savedrequest.SavedCookie; import static org.assertj.core.api.Assertions.assertThat; @@ -37,59 +38,66 @@ import static org.assertj.core.api.Assertions.assertThat; * @author Jitendra Singh. */ public class SavedCookieMixinTests extends AbstractMixinTests { + // @formatter:off + private static final String COOKIE_JSON = "{" + + "\"@class\": \"org.springframework.security.web.savedrequest.SavedCookie\", " + + "\"name\": \"SESSION\", " + + "\"value\": \"123456789\", " + + "\"comment\": null, " + + "\"maxAge\": -1, " + + "\"path\": null, " + + "\"secure\":false, " + + "\"version\": 0, " + + "\"domain\": null" + + "}"; + // @formatter:on - private String expectedSavedCookieJson; - - @Before - public void setup() { - expectedSavedCookieJson = "{\"@class\": \"org.springframework.security.web.savedrequest.SavedCookie\", " + - "\"name\": \"session\", \"value\": \"123456\", \"comment\": null, \"domain\": null, \"maxAge\": -1, " + - "\"path\": null, \"secure\": false, \"version\": 0}"; - } - + // @formatter:off + private static final String COOKIES_JSON = "[\"java.util.ArrayList\", [" + + COOKIE_JSON + + "]]"; + // @formatter:on @Test public void serializeWithDefaultConfigurationTest() throws JsonProcessingException, JSONException { - SavedCookie savedCookie = new SavedCookie(new Cookie("session", "123456")); + SavedCookie savedCookie = new SavedCookie(new Cookie("SESSION", "123456789")); String actualJson = buildObjectMapper().writeValueAsString(savedCookie); - JSONAssert.assertEquals(expectedSavedCookieJson, actualJson, true); + JSONAssert.assertEquals(COOKIE_JSON, actualJson, true); } @Test public void serializeWithOverrideConfigurationTest() throws JsonProcessingException, JSONException { - SavedCookie savedCookie = new SavedCookie(new Cookie("session", "123456")); + SavedCookie savedCookie = new SavedCookie(new Cookie("SESSION", "123456789")); ObjectMapper mapper = buildObjectMapper(); mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.PUBLIC_ONLY) .setVisibility(PropertyAccessor.GETTER, JsonAutoDetect.Visibility.ANY); String actualJson = mapper.writeValueAsString(savedCookie); - JSONAssert.assertEquals(expectedSavedCookieJson, actualJson, true); + JSONAssert.assertEquals(COOKIE_JSON, actualJson, true); } @Test public void serializeSavedCookieWithList() throws JsonProcessingException, JSONException { List savedCookies = new ArrayList(); - savedCookies.add(new SavedCookie(new Cookie("session", "123456"))); - String expectedJson = String.format("[\"java.util.ArrayList\", [%s]]", expectedSavedCookieJson); + savedCookies.add(new SavedCookie(new Cookie("SESSION", "123456789"))); String actualJson = buildObjectMapper().writeValueAsString(savedCookies); - JSONAssert.assertEquals(expectedJson, actualJson, true); + JSONAssert.assertEquals(COOKIES_JSON, actualJson, true); } @Test @SuppressWarnings("unchecked") public void deserializeSavedCookieWithList() throws IOException, JSONException { - String expectedJson = String.format("[\"java.util.ArrayList\", [%s]]", expectedSavedCookieJson); - List savedCookies = (List)buildObjectMapper().readValue(expectedJson, Object.class); + List savedCookies = (List)buildObjectMapper().readValue(COOKIES_JSON, Object.class); assertThat(savedCookies).isNotNull().hasSize(1); - assertThat(savedCookies.get(0).getName()).isEqualTo("session"); - assertThat(savedCookies.get(0).getValue()).isEqualTo("123456"); + assertThat(savedCookies.get(0).getName()).isEqualTo("SESSION"); + assertThat(savedCookies.get(0).getValue()).isEqualTo("123456789"); } @Test public void deserializeSavedCookieJsonTest() throws IOException { - SavedCookie savedCookie = (SavedCookie) buildObjectMapper().readValue(expectedSavedCookieJson, Object.class); + SavedCookie savedCookie = (SavedCookie) buildObjectMapper().readValue(COOKIE_JSON, Object.class); assertThat(savedCookie).isNotNull(); - assertThat(savedCookie.getName()).isEqualTo("session"); - assertThat(savedCookie.getValue()).isEqualTo("123456"); + assertThat(savedCookie.getName()).isEqualTo("SESSION"); + assertThat(savedCookie.getValue()).isEqualTo("123456789"); assertThat(savedCookie.isSecure()).isEqualTo(false); assertThat(savedCookie.getVersion()).isEqualTo(0); assertThat(savedCookie.getComment()).isNull(); diff --git a/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java b/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java index 091b8ce4ba..9bdc629578 100644 --- a/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java +++ b/web/src/test/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixinTests.java @@ -39,8 +39,15 @@ import static org.assertj.core.api.Assertions.assertThat; public class WebAuthenticationDetailsMixinTests { ObjectMapper mapper; - String webAuthenticationDetailsJson = "{\"@class\": \"org.springframework.security.web.authentication.WebAuthenticationDetails\"," - + "\"sessionId\": \"1\", \"remoteAddress\": \"/localhost\"}"; + + // @formatter:off + private static final String AUTHENTICATION_DETAILS_JSON = "{" + + "\"@class\": \"org.springframework.security.web.authentication.WebAuthenticationDetails\"," + + "\"sessionId\": \"1\", " + + "\"remoteAddress\": " + + "\"/localhost\"" + + "}"; + // @formatter:on @Before public void setup() { @@ -58,7 +65,7 @@ public class WebAuthenticationDetailsMixinTests { WebAuthenticationDetails details = new WebAuthenticationDetails(request); - WebAuthenticationDetails authenticationDetails = this.mapper.readValue(webAuthenticationDetailsJson, + WebAuthenticationDetails authenticationDetails = this.mapper.readValue(AUTHENTICATION_DETAILS_JSON, WebAuthenticationDetails.class); assertThat(details.equals(authenticationDetails)); } @@ -71,13 +78,13 @@ public class WebAuthenticationDetailsMixinTests { request.setSession(new MockHttpSession(null, "1")); WebAuthenticationDetails details = new WebAuthenticationDetails(request); String actualJson = this.mapper.writeValueAsString(details); - JSONAssert.assertEquals(webAuthenticationDetailsJson, actualJson, true); + JSONAssert.assertEquals(AUTHENTICATION_DETAILS_JSON, actualJson, true); } @Test public void webAuthenticationDetailsDeserializeTest() throws IOException, JSONException { - WebAuthenticationDetails details = this.mapper.readValue(webAuthenticationDetailsJson, + WebAuthenticationDetails details = this.mapper.readValue(AUTHENTICATION_DETAILS_JSON, WebAuthenticationDetails.class); assertThat(details).isNotNull(); assertThat(details.getRemoteAddress()).isEqualTo("/localhost");