This commit creates RedirectMatcher for binary backward compatability with
Spring 4.3.x and Spring 5 to ensure that the Spring IO tests pass.
Issue gh-4080
Previously if csrf() was used and subsequently not used, the
TestCsrfTokenRepository was still used. This makes it difficult to test
the actual CsrfTokenRepository implementation.
Now the TestCsrfTokenRepository is only used if explicitly enabled.
Fixes gh-4016
WithSecurityContextTestExecutionListener should order after
SqlScriptsTestExecutionListener so sql can setup the current user's info
in the database.
Fixes gh-3962
Previously, Spring Security's test support did not work well with the
standalone setup. This was because the springSecurityFilterChain was not
found by the WebTestUtils.
This commit ensures that the springSecurityFilterChain is added as a
servlet attribute if it is explicitly defined. WebTestUtils can then
find the springSecurityFilterChain in the ServletContext.
Fixes gh-3881
Previously Spring Security's WithSecurityContextTestExecutionListener
allowed a WithSecurityContextFactory<Annotation> to be used. This
was broken in SEC-3074.
This commit ensures that WithSecurityContextFactory<Annotation> is
supported again.
Fixes gh-3837
When enabling debug for spring security, the FilterChainProxy will be wrapped by the DebugFilter.
This DebugFilter will be registered as bean springSecurityFilterChain. The WebTestUtils will now search for the bean by name instead of FilterChainProxy class.
In this case we have to cast to a Java ServletFilter to support both filter...
Fixes gh-3836
Previously if unauthenticated() experienced an AnonymousAuthenticationToken
it would not match.
This commit ensures that if the user is anonymous (not just null)
unauthenticated() works.
Fixes gh-3409
WithSecurityContextTestExecutionListener used the variable name withUser
in mulitple places when it should have been named withSecurityContext.
This commit renames the variables to withSecurityContext.
Fixes gh-3775
Previously a NullPointerException would be thrown if no HttpSecurity
matched on the request passed in. This was because findFilters would
return null rather than an empty List.
This commit returns null if findFilters gets a null result.
Fixes gh-3343
Previously a default RequestPostProcessor overrode additional
RequestPostProcessor instances added to the request. This was due to
SPR-12945. Now that SPR-12945 is fixed, this commit adds a test to
ensure this stays fixed.
Rob Winch
Johnny Lim
Vedran Pavic
Rob Winch
Micah Silverman
Eddú Meléndez
Jens Goldhammer
Billy Korando