Move Core Access API

Issue gh-17847
4 months ago · eedcec9d5c
157 changed files with 805 additions and 38 deletions
--- a/access/spring-security-access.gradle
+++ b/access/spring-security-access.gradle
@ -0,0 +1,42 @@
 apply plugin: 'io.spring.convention.spring-module'
 dependencies {
 	management platform(project(":spring-security-dependencies"))
 	api project(':spring-security-crypto')
 	api project(':spring-security-core')
 	api 'org.springframework:spring-aop'
 	api 'org.springframework:spring-beans'
 	api 'org.springframework:spring-context'
 	api 'org.springframework:spring-core'
 	api 'org.springframework:spring-expression'
 	api 'io.micrometer:micrometer-observation'
 	optional 'com.fasterxml.jackson.core:jackson-databind'
 	optional 'io.micrometer:context-propagation'
 	optional 'io.projectreactor:reactor-core'
 	optional 'jakarta.annotation:jakarta.annotation-api'
 	optional 'org.aspectj:aspectjrt'
 	optional 'org.springframework:spring-jdbc'
 	optional 'org.springframework:spring-tx'
 	optional 'org.jetbrains.kotlinx:kotlinx-coroutines-reactor'
 	testImplementation 'commons-collections:commons-collections'
 	testImplementation 'io.projectreactor:reactor-test'
 	testImplementation "org.assertj:assertj-core"
 	testImplementation "org.junit.jupiter:junit-jupiter-api"
 	testImplementation "org.junit.jupiter:junit-jupiter-params"
 	testImplementation "org.junit.jupiter:junit-jupiter-engine"
 	testImplementation "org.mockito:mockito-core"
 	testImplementation "org.mockito:mockito-junit-jupiter"
 	testImplementation "org.springframework:spring-core-test"
 	testImplementation "org.springframework:spring-test"
 	testImplementation 'org.skyscreamer:jsonassert'
 	testImplementation 'org.springframework:spring-test'
 	testImplementation 'org.jetbrains.kotlin:kotlin-reflect'
 	testImplementation 'org.jetbrains.kotlin:kotlin-stdlib-jdk8'
 	testImplementation 'io.mockk:mockk'
 	testRuntimeOnly 'org.hsqldb:hsqldb'
 	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 }
--- a/access/src/main/java/org/springframework/security/access/AccessDecisionManager.java
+++ b/access/src/main/java/org/springframework/security/access/AccessDecisionManager.java
--- a/access/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
+++ b/access/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
--- a/access/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
+++ b/access/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
--- a/access/src/main/java/org/springframework/security/access/ConfigAttribute.java
+++ b/access/src/main/java/org/springframework/security/access/ConfigAttribute.java
--- a/access/src/main/java/org/springframework/security/access/SecurityConfig.java
+++ b/access/src/main/java/org/springframework/security/access/SecurityConfig.java
--- a/access/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
+++ b/access/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
--- a/access/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
+++ b/access/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
--- a/access/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
+++ b/access/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
--- a/access/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/annotation/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/annotation/package-info.java
@ -0,0 +1,23 @@
 /*
 * Copyright 2004-present the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 /**
 * Support for JSR-250 and Spring Security {@code @Secured} annotations.
 */
@NullMarked
 package org.springframework.security.access.annotation;
 import org.jspecify.annotations.NullMarked;
--- a/access/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
+++ b/access/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
--- a/access/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
+++ b/access/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
--- a/access/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
+++ b/access/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
--- a/access/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
+++ b/access/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
--- a/access/src/main/java/org/springframework/security/access/event/LoggerListener.java
+++ b/access/src/main/java/org/springframework/security/access/event/LoggerListener.java
--- a/access/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
+++ b/access/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
--- a/access/src/main/java/org/springframework/security/access/event/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/event/package-info.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/package-info.java
@ -0,0 +1,25 @@
 /*
 * Copyright 2004-present the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 /**
 * Implementation of expression-based method security.
 *
 * @since 3.0
 */
@NullMarked
 package org.springframework.security.access.expression.method;
 import org.jspecify.annotations.NullMarked;
--- a/access/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
--- a/access/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
--- a/access/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
--- a/access/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
--- a/access/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
--- a/access/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
--- a/access/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
--- a/access/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
--- a/access/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
--- a/access/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java
--- a/access/src/main/java/org/springframework/security/access/intercept/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/package-info.java
--- a/access/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/method/P.java
+++ b/access/src/main/java/org/springframework/security/access/method/P.java
--- a/access/src/main/java/org/springframework/security/access/method/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/method/package-info.java
--- a/access/src/main/java/org/springframework/security/access/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/package-info.java
@ -0,0 +1,27 @@
 /*
 * Copyright 2004-present the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 /**
 * Core access-control related code, including security metadata related classes,
 * interception code, access control annotations, EL support and voter-based
 * implementations of the central
 * {@link org.springframework.security.access.AccessDecisionManager AccessDecisionManager}
 * interface.
 */
@NullMarked
 package org.springframework.security.access;
 import org.jspecify.annotations.NullMarked;
--- a/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java
--- a/access/src/main/java/org/springframework/security/access/prepost/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/package-info.java
@ -0,0 +1,27 @@
 /*
 * Copyright 2004-present the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 /**
 * Contains the infrastructure classes for handling the {@code @PreAuthorize},
 * {@code @PreFilter}, {@code @PostAuthorize} and {@code @PostFilter} annotations.
 * <p>
 * Other than the annotations themselves, the classes should be regarded as for internal
 * framework use and are liable to change without notice.
 */
@NullMarked
 package org.springframework.security.access.prepost;
 import org.jspecify.annotations.NullMarked;
--- a/access/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
+++ b/access/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
--- a/access/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
+++ b/access/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
--- a/access/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
+++ b/access/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
--- a/access/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
+++ b/access/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
--- a/access/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
+++ b/access/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
--- a/access/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
+++ b/access/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
--- a/access/src/main/java/org/springframework/security/access/vote/RoleVoter.java
+++ b/access/src/main/java/org/springframework/security/access/vote/RoleVoter.java
--- a/access/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
+++ b/access/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
--- a/access/src/main/java/org/springframework/security/access/vote/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/vote/package-info.java
--- a/access/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
+++ b/access/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
--- a/access/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
+++ b/access/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
--- a/access/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
+++ b/access/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
--- a/access/src/test/java/org/springframework/security/access/ITargetObject.java
+++ b/access/src/test/java/org/springframework/security/access/ITargetObject.java
@ -0,0 +1,36 @@
 /*
 * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.access;
 /**
 * Represents the interface of a secured object.
 *
 * @author Ben Alex
 */
 public interface ITargetObject {
 	Integer computeHashCode(String input);
 	int countLength(String input);
 	String makeLowerCase(String input);
 	String makeUpperCase(String input);
 	String publicMakeLowerCase(String input);
 }
--- a/access/src/test/java/org/springframework/security/access/OtherTargetObject.java
+++ b/access/src/test/java/org/springframework/security/access/OtherTargetObject.java
@ -0,0 +1,53 @@
 /*
 * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.access;
 /**
 * Simply extends {@link TargetObject} so we have a different object to put configuration
 * attributes against.
 * <P>
 * There is no different behaviour. We have to define each method so that
 * <code>Class.getMethod(methodName, args)</code> returns a <code>Method</code>
 * referencing this class rather than the parent class.
 * </p>
 * <P>
 * We need to implement <code>ITargetObject</code> again because the
 * <code>MethodDefinitionAttributes</code> only locates attributes on interfaces
 * explicitly defined by the intercepted class (not the interfaces defined by its parent
 * class or classes).
 * </p>
 *
 * @author Ben Alex
 */
 public class OtherTargetObject extends TargetObject implements ITargetObject {
 	@Override
 	public String makeLowerCase(String input) {
 		return super.makeLowerCase(input);
 	}
 	@Override
 	public String makeUpperCase(String input) {
 		return super.makeUpperCase(input);
 	}
 	@Override
 	public String publicMakeLowerCase(String input) {
 		return super.publicMakeLowerCase(input);
 	}
 }
--- a/access/src/test/java/org/springframework/security/access/SecurityConfigTests.java
+++ b/access/src/test/java/org/springframework/security/access/SecurityConfigTests.java
--- a/access/src/test/java/org/springframework/security/access/TargetObject.java
+++ b/access/src/test/java/org/springframework/security/access/TargetObject.java
@ -0,0 +1,81 @@
 /*
 * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.access;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 /**
 * Represents a secured object.
 *
 * @author Ben Alex
 */
 public class TargetObject implements ITargetObject {
 	@Override
 	public Integer computeHashCode(String input) {
 		return input.hashCode();
 	}
 	@Override
 	public int countLength(String input) {
 		return input.length();
 	}
 	/**
 	 * Returns the lowercase string, followed by security environment information.
 	 * @param input the message to make lowercase
 	 * @return the lowercase message, a space, the <code>Authentication</code> class that
 	 * was on the <code>SecurityContext</code> at the time of method invocation, and a
 	 * boolean indicating if the <code>Authentication</code> object is authenticated or
 	 * not
 	 */
 	@Override
 	public String makeLowerCase(String input) {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 		if (auth == null) {
 			return input.toLowerCase() + " Authentication empty";
 		}
 		else {
 			return input.toLowerCase() + " " + auth.getClass().getName() + " " + auth.isAuthenticated();
 		}
 	}
 	/**
 	 * Returns the uppercase string, followed by security environment information.
 	 * @param input the message to make uppercase
 	 * @return the uppercase message, a space, the <code>Authentication</code> class that
 	 * was on the <code>SecurityContext</code> at the time of method invocation, and a
 	 * boolean indicating if the <code>Authentication</code> object is authenticated or
 	 * not
 	 */
 	@Override
 	public String makeUpperCase(String input) {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 		return input.toUpperCase() + " " + auth.getClass().getName() + " " + auth.isAuthenticated();
 	}
 	/**
 	 * Delegates through to the {@link #makeLowerCase(String)} method.
 	 * @param input the message to be made lower-case
 	 */
 	@Override
 	public String publicMakeLowerCase(String input) {
 		return this.makeLowerCase(input);
 	}
 }
--- a/access/src/test/java/org/springframework/security/access/annotation/BusinessService.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/BusinessService.java
--- a/access/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
--- a/access/src/test/java/org/springframework/security/access/annotation/Entity.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/Entity.java
--- a/access/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
--- a/access/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
--- a/access/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
--- a/access/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
--- a/access/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java
--- a/access/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java
--- a/access/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
@ -39,8 +39,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
 /**
- * Tests for
+ * Tests for {@link SecuredAnnotationSecurityMetadataSource}
 * {@link org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource}
 *
 * @author Mark St.Godard
 * @author Joe Scalise
--- a/access/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
--- a/access/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
--- a/access/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
--- a/access/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
--- a/access/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
--- a/access/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
--- a/access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
--- a/access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
@ -17,6 +17,7 @@
 package org.springframework.security.access.expression.method;
 import org.aopalliance.intercept.MethodInvocation;
 import org.assertj.core.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@ -28,7 +29,6 @@ import org.springframework.security.access.expression.ExpressionUtils;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.core.Authentication;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@ -65,19 +65,19 @@ public class MethodSecurityExpressionRootTests {
 	public void canCallMethodsOnVariables() {
 		this.ctx.setVariable("var", "somestring");
 		Expression e = this.parser.parseExpression("#var.length() == 10");
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 	}
 	@Test
 	public void isAnonymousReturnsTrueIfTrustResolverReportsAnonymous() {
 		given(this.trustResolver.isAnonymous(this.user)).willReturn(true);
-		assertThat(this.root.isAnonymous()).isTrue();
+		Assertions.assertThat(this.root.isAnonymous()).isTrue();
 	}
 	@Test
 	public void isAnonymousReturnsFalseIfTrustResolverReportsNonAnonymous() {
 		given(this.trustResolver.isAnonymous(this.user)).willReturn(false);
-		assertThat(this.root.isAnonymous()).isFalse();
+		Assertions.assertThat(this.root.isAnonymous()).isFalse();
 	}
 	@Test
@ -87,7 +87,7 @@ public class MethodSecurityExpressionRootTests {
 		this.ctx.setVariable("domainObject", dummyDomainObject);
 		this.root.setPermissionEvaluator(pe);
 		given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(false);
-		assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isFalse();
+		Assertions.assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isFalse();
 	}
 	@Test
@ -97,7 +97,7 @@ public class MethodSecurityExpressionRootTests {
 		this.ctx.setVariable("domainObject", dummyDomainObject);
 		this.root.setPermissionEvaluator(pe);
 		given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(true);
-		assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isTrue();
+		Assertions.assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isTrue();
 	}
 	@Test
@ -109,13 +109,13 @@ public class MethodSecurityExpressionRootTests {
 		given(pe.hasPermission(eq(this.user), eq(dummyDomainObject), any(Integer.class))).willReturn(true, true, false);
 		Expression e = this.parser.parseExpression("hasPermission(#domainObject, 0xA)");
 		// evaluator returns true
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 		e = this.parser.parseExpression("hasPermission(#domainObject, 10)");
 		// evaluator returns true
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 		e = this.parser.parseExpression("hasPermission(#domainObject, 0xFF)");
 		// evaluator returns false, make sure return value matches
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse();
 	}
 	@Test
@ -132,11 +132,11 @@ public class MethodSecurityExpressionRootTests {
 		given(pe.hasPermission(this.user, targetObject, i)).willReturn(true, false);
 		given(pe.hasPermission(this.user, "x", i)).willReturn(true);
 		Expression e = this.parser.parseExpression("hasPermission(this, 2)");
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 		e = this.parser.parseExpression("hasPermission(this, 2)");
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse();
 		e = this.parser.parseExpression("hasPermission(this.x, 2)");
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 	}
 }
--- a/access/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
--- a/access/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
--- a/access/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
+++ b/access/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
--- a/Show More
+++ b/Show More