Update to Mockito 2.10.0

Issue: gh-4608

acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java

@@ -40,9 +40,9 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests {
 	public void objectsAreRemovedIfPermissionDenied() throws Exception {
 		AclService service = mock(AclService.class);
 		Acl acl = mock(Acl.class);
-		when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(
+		when(acl.isGranted(any(), any(), anyBoolean())).thenReturn(
 				false);
-		when(service.readAclById(any(ObjectIdentity.class), any(List.class))).thenReturn(
+		when(service.readAclById(any(), any())).thenReturn(
 				acl);
 		AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider(
 				service, Arrays.asList(mock(Permission.class)));

acl/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java

@@ -54,7 +54,7 @@ public class AclEntryAfterInvocationProviderTests {
 		Acl acl = mock(Acl.class);
 		when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(
 				true);
-		when(service.readAclById(any(ObjectIdentity.class), any(List.class))).thenReturn(
+		when(service.readAclById(any(), any())).thenReturn(
 				acl);
 		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(
 				service, Arrays.asList(mock(Permission.class)));
@@ -106,9 +106,9 @@ public class AclEntryAfterInvocationProviderTests {
 		when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(
 				false);
 		// Try a second time with no permissions found
-		when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenThrow(
+		when(acl.isGranted(any(), any(List.class), anyBoolean())).thenThrow(
 				new NotFoundException(""));
-		when(service.readAclById(any(ObjectIdentity.class), any(List.class))).thenReturn(
+		when(service.readAclById(any(), any())).thenReturn(
 				acl);
 		AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(
 				service, Arrays.asList(mock(Permission.class)));

build.gradle

@@ -1,6 +1,6 @@
 buildscript {
 	dependencies {
-		classpath 'io.spring.gradle:spring-build-conventions:0.0.4.RELEASE'
+		classpath 'io.spring.gradle:spring-build-conventions:0.0.5.BUILD-SNAPSHOT'
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
 	}
 	repositories {

config/spring-security-config.gradle

@@ -30,7 +30,7 @@ dependencies {
 	testCompile project(path : ':spring-security-core', configuration : 'tests')
 	testCompile project(path : ':spring-security-webflux', configuration : 'tests')
 	testCompile apachedsDependencies
-	testCompile powerMockDependencies
+	testCompile powerMock2Dependencies
 	testCompile spockDependencies
 	testCompile 'ch.qos.logback:logback-classic'
 	testCompile 'javax.annotation:jsr250-api:1.0'

config/src/test/java/org/springframework/security/config/SecurityNamespaceHandlerTests.java

@@ -91,7 +91,7 @@ public class SecurityNamespaceHandlerTests {
 
 		handler.init();
 
-		verifyStatic();
+		verifyStatic(ClassUtils.class);
 		ClassUtils.forName(eq(FILTER_CHAIN_PROXY_CLASSNAME), any(ClassLoader.class));
 		verifyZeroInteractions(logger);
 	}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java

@@ -104,7 +104,7 @@ public class SessionManagementConfigurerServlet31Tests {
 
 		springSecurityFilterChain.doFilter(request, response, chain);
 
-		verifyStatic();
+		verifyStatic(ReflectionUtils.class);
 		ReflectionUtils.invokeMethod(same(method), any(HttpServletRequest.class));
 	}
 

config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java

@@ -104,7 +104,7 @@ public class SessionManagementConfigServlet31Tests {
 
 		springSecurityFilterChain.doFilter(request, response, chain);
 
-		verifyStatic();
+		verifyStatic(ReflectionUtils.class);
 		ReflectionUtils.invokeMethod(same(method), any(HttpServletRequest.class));
 	}
 
@@ -129,7 +129,7 @@ public class SessionManagementConfigServlet31Tests {
 
 		springSecurityFilterChain.doFilter(request, response, chain);
 
-		verifyStatic();
+		verifyStatic(ReflectionUtils.class);
 		ReflectionUtils.invokeMethod(same(method), any(HttpServletRequest.class));
 	}
 

core/spring-security-core.gradle

@@ -24,7 +24,7 @@ dependencies {
 	optional 'org.springframework:spring-jdbc'
 	optional 'org.springframework:spring-tx'
 
-	testCompile powerMockDependencies
+	testCompile powerMock2Dependencies
 	testCompile 'commons-collections:commons-collections'
 	testCompile 'io.projectreactor:reactor-test'
 	testCompile 'org.skyscreamer:jsonassert'

core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java

@@ -89,7 +89,7 @@ public class AspectJMethodSecurityInterceptorTests {
 		when(codeSig.getDeclaringType()).thenReturn(TargetObject.class);
 		when(codeSig.getParameterTypes()).thenReturn(new Class[] { String.class });
 		when(staticPart.getSignature()).thenReturn(codeSig);
-		when(mds.getAttributes(any(JoinPoint.class))).thenReturn(
+		when(mds.getAttributes(any())).thenReturn(
 				SecurityConfig.createList("ROLE_USER"));
 		when(authman.authenticate(token)).thenReturn(token);
 	}
@@ -113,7 +113,7 @@ public class AspectJMethodSecurityInterceptorTests {
 	@Test
 	public void callbackIsNotInvokedWhenPermissionDenied() throws Exception {
 		doThrow(new AccessDeniedException("denied")).when(adm).decide(
-				any(Authentication.class), any(), any(Collection.class));
+				any(), any(), any());
 
 		SecurityContextHolder.getContext().setAuthentication(token);
 		try {

core/src/test/java/org/springframework/security/authentication/ReactiveAuthenticationManagerAdapterTests.java

@@ -20,7 +20,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
-import org.mockito.runners.MockitoJUnitRunner;
+import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.core.Authentication;
 import reactor.core.publisher.Mono;
@@ -76,7 +76,6 @@ public class ReactiveAuthenticationManagerAdapterTests {
 	@Test
 	public void authenticateWhenBadCredentialsThenError() {
 		when(delegate.authenticate(any())).thenThrow(new BadCredentialsException("Failed"));
-		when(authentication.isAuthenticated()).thenReturn(true);
 
 		Mono<Authentication> result = manager.authenticate(authentication);
 

core/src/test/java/org/springframework/security/authentication/jaas/DefaultJaasAuthenticationProviderTests.java

@@ -40,6 +40,7 @@ import org.hamcrest.BaseMatcher;
 import org.hamcrest.Description;
 import org.junit.Before;
 import org.junit.Test;
+import org.mockito.ArgumentCaptor;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -262,19 +263,10 @@ public class DefaultJaasAuthenticationProviderTests {
 	}
 
 	private void verifyFailedLogin() {
-		verify(publisher).publishEvent(
-				argThat(new BaseMatcher<JaasAuthenticationFailedEvent>() {
-					public void describeTo(Description desc) {
-						desc.appendText("isA(org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent)");
-						desc.appendText(" && event.getException() != null");
-					}
-
-					public boolean matches(Object arg) {
-						JaasAuthenticationFailedEvent e = (JaasAuthenticationFailedEvent) arg;
-						return e.getException() != null;
-					}
-
-				}));
+		ArgumentCaptor<JaasAuthenticationFailedEvent> event = ArgumentCaptor.forClass(JaasAuthenticationFailedEvent.class);
+		verify(publisher).publishEvent(event.capture());
+		assertThat(event.getValue()).isInstanceOf(JaasAuthenticationFailedEvent.class);
+		assertThat(event.getValue().getException()).isNotNull();
 		verifyNoMoreInteractions(publisher);
 	}
 }

core/src/test/java/org/springframework/security/context/DelegatingApplicationListenerTests.java

@@ -19,7 +19,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
-import org.mockito.runners.MockitoJUnitRunner;
+import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.event.SmartApplicationListener;
 
@@ -63,7 +63,6 @@ public class DelegatingApplicationListenerTests {
 
 	@Test
 	public void processEventEventTypeNotSupported() {
-		when(delegate.supportsSourceType(event.getSource().getClass())).thenReturn(true);
 		listener.onApplicationEvent(event);
 
 		verify(delegate, never()).onApplicationEvent(any(ApplicationEvent.class));

core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java

@@ -21,6 +21,7 @@ import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.powermock.api.mockito.PowerMockito.doReturn;
 import static org.powermock.api.mockito.PowerMockito.spy;
 import static org.powermock.api.mockito.PowerMockito.when;
 
@@ -85,8 +86,8 @@ public class SpringSecurityCoreVersionTests {
 		String version = "1";
 		spy(SpringSecurityCoreVersion.class);
 		spy(SpringVersion.class);
-		when(SpringSecurityCoreVersion.getVersion()).thenReturn(version);
-		when(SpringVersion.getVersion()).thenReturn(version);
+		doReturn(version).when(SpringSecurityCoreVersion.class,"getVersion");
+		doReturn(version).when(SpringVersion.class,"getVersion");
 
 		performChecks();
 
@@ -97,8 +98,8 @@ public class SpringSecurityCoreVersionTests {
 	public void noLoggingIfSpringVersionNull() throws Exception {
 		spy(SpringSecurityCoreVersion.class);
 		spy(SpringVersion.class);
-		when(SpringSecurityCoreVersion.getVersion()).thenReturn("1");
-		when(SpringVersion.getVersion()).thenReturn(null);
+		doReturn("1").when(SpringSecurityCoreVersion.class,"getVersion");
+		doReturn(null).when(SpringVersion.class,"getVersion");
 
 		performChecks();
 
@@ -109,8 +110,8 @@ public class SpringSecurityCoreVersionTests {
 	public void warnIfSpringVersionTooSmall() throws Exception {
 		spy(SpringSecurityCoreVersion.class);
 		spy(SpringVersion.class);
-		when(SpringSecurityCoreVersion.getVersion()).thenReturn("3");
-		when(SpringVersion.getVersion()).thenReturn("2");
+		doReturn("3").when(SpringSecurityCoreVersion.class,"getVersion");
+		doReturn("2").when(SpringVersion.class,"getVersion");
 
 		performChecks();
 
@@ -121,8 +122,8 @@ public class SpringSecurityCoreVersionTests {
 	public void noWarnIfSpringVersionLarger() throws Exception {
 		spy(SpringSecurityCoreVersion.class);
 		spy(SpringVersion.class);
-		when(SpringSecurityCoreVersion.getVersion()).thenReturn("4.0.0.RELEASE");
-		when(SpringVersion.getVersion()).thenReturn("4.0.0.RELEASE");
+		doReturn("4.0.0.RELEASE").when(SpringSecurityCoreVersion.class,"getVersion");
+		doReturn("4.0.0.RELEASE").when(SpringVersion.class,"getVersion");
 
 		performChecks();
 
@@ -135,8 +136,8 @@ public class SpringSecurityCoreVersionTests {
 		String minSpringVersion = "3.2.8.RELEASE";
 		spy(SpringSecurityCoreVersion.class);
 		spy(SpringVersion.class);
-		when(SpringSecurityCoreVersion.getVersion()).thenReturn("3.2.0.RELEASE");
-		when(SpringVersion.getVersion()).thenReturn("3.2.10.RELEASE");
+		doReturn("3.2.0.RELEASE").when(SpringSecurityCoreVersion.class,"getVersion");
+		doReturn("3.2.10.RELEASE").when(SpringVersion.class,"getVersion");
 
 		performChecks(minSpringVersion);
 
@@ -147,8 +148,8 @@ public class SpringSecurityCoreVersionTests {
 	public void noLoggingIfPropertySet() throws Exception {
 		spy(SpringSecurityCoreVersion.class);
 		spy(SpringVersion.class);
-		when(SpringSecurityCoreVersion.getVersion()).thenReturn("3");
-		when(SpringVersion.getVersion()).thenReturn("2");
+		doReturn("3").when(SpringSecurityCoreVersion.class,"getVersion");
+		doReturn("2").when(SpringVersion.class,"getVersion");
 		System.setProperty(getDisableChecksProperty(), Boolean.TRUE.toString());
 
 		performChecks();

core/src/test/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImplTests.java

@@ -37,7 +37,7 @@ import static org.mockito.Mockito.verify;
  * Tests {@link JdbcDaoImpl}.
  *
  * @author Ben Alex
- * @author Eddú Meléndez
+ * @author Eddú Meléndez
  */
 public class JdbcDaoImplTests {
 
@@ -212,6 +212,6 @@ public class JdbcDaoImplTests {
 
 		dao.getMessages().getMessage(code);
 
-		verify(source).getMessage(eq(code), any(Object[].class), any(Locale.class));
+		verify(source).getMessage(eq(code), any(), any());
 	}
 }

gradle/dependency-management.gradle

@@ -10,13 +10,13 @@ dependencyManagement {
 		dependency 'opensymphony:sitemesh:2.4.2'
 		dependency 'org.gebish:geb-spock:0.10.0'
 		dependency 'org.jasig.cas:cas-server-webapp:4.0.0'
-		dependency 'org.mockito:mockito-core:1.10.19'
-		dependency 'org.powermock:powermock-api-mockito:1.6.2'
-		dependency 'org.powermock:powermock-api-support:1.6.2'
-		dependency 'org.powermock:powermock-core:1.6.2'
-		dependency 'org.powermock:powermock-module-junit4-common:1.6.2'
-		dependency 'org.powermock:powermock-module-junit4:1.6.2'
-		dependency 'org.powermock:powermock-reflect:1.6.2'
+		dependency 'org.mockito:mockito-core:2.10.0'
+		dependency 'org.powermock:powermock-api-mockito2:2.0.0-beta.5'
+		dependency 'org.powermock:powermock-api-support:2.0.0-beta.5'
+		dependency 'org.powermock:powermock-core:2.0.0-beta.5'
+		dependency 'org.powermock:powermock-module-junit4-common:2.0.0-beta.5'
+		dependency 'org.powermock:powermock-module-junit4:2.0.0-beta.5'
+		dependency 'org.powermock:powermock-reflect:2.0.0-beta.5'
 		dependency 'org.python:jython:2.5.0'
 		dependency 'org.seleniumhq.selenium:selenium-java:3.4.0'
 		dependency 'org.spockframework:spock-core:1.0-groovy-2.4'

ldap/src/test/java/org/springframework/security/ldap/SpringSecurityLdapTemplateTests.java

@@ -58,7 +58,6 @@ public class SpringSecurityLdapTemplateTests {
 						searchControls.capture())).thenReturn(resultsEnum);
 		when(resultsEnum.hasMore()).thenReturn(true, false);
 		when(resultsEnum.next()).thenReturn(searchResult);
-		when(searchResult.getName()).thenReturn(searchResultName);
 		when(searchResult.getObject()).thenReturn(searchResultObject);
 
 		SpringSecurityLdapTemplate.searchForSingleEntryInternal(ctx,

messaging/spring-security-messaging.gradle

@@ -14,7 +14,7 @@ dependencies {
 
 	testCompile project(path: ':spring-security-core', configuration: 'tests')
 	testCompile 'commons-codec:commons-codec'
-	testCompile powerMockDependencies
+	testCompile powerMock2Dependencies
 	testCompile slf4jDependencies
 	testCompile spockDependencies
 

messaging/src/test/java/org/springframework/security/messaging/util/matcher/AndMessageMatcherTest.java

@@ -100,7 +100,6 @@ public class AndMessageMatcherTest {
 	@Test
 	public void matchesMultiBothFalse() {
 		when(delegate.matches(message)).thenReturn(false);
-		when(delegate2.matches(message)).thenReturn(false);
 		matcher = new AndMessageMatcher<Object>(delegate, delegate2);
 
 		assertThat(matcher.matches(message)).isFalse();

messaging/src/test/java/org/springframework/security/messaging/util/matcher/OrMessageMatcherTest.java

@@ -83,7 +83,6 @@ public class OrMessageMatcherTest {
 	@Test
 	public void matchesMultiTrue() {
 		when(delegate.matches(message)).thenReturn(true);
-		when(delegate2.matches(message)).thenReturn(true);
 		matcher = new OrMessageMatcher<Object>(delegate, delegate2);
 
 		assertThat(matcher.matches(message)).isTrue();
@@ -109,7 +108,6 @@ public class OrMessageMatcherTest {
 	@Test
 	public void matchesMultiSingleFalse() {
 		when(delegate.matches(message)).thenReturn(true);
-		when(delegate2.matches(message)).thenReturn(false);
 		matcher = new OrMessageMatcher<Object>(delegate, delegate2);
 
 		assertThat(matcher.matches(message)).isTrue();

openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java

@@ -16,11 +16,12 @@
 package org.springframework.security.openid;
 
 import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Matchers.*;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
 import org.junit.*;
+import org.mockito.ArgumentMatchers;
 import org.openid4java.association.AssociationException;
 import org.openid4java.consumer.ConsumerException;
 import org.openid4java.consumer.ConsumerManager;
@@ -52,9 +53,9 @@ public class OpenID4JavaConsumerTests {
 		AuthRequest authReq = mock(AuthRequest.class);
 		DiscoveryInformation di = mock(DiscoveryInformation.class);
 
-		when(mgr.authenticate(any(DiscoveryInformation.class), anyString(), anyString()))
+		when(mgr.authenticate(any(DiscoveryInformation.class), any(), any()))
 				.thenReturn(authReq);
-		when(mgr.associate(anyList())).thenReturn(di);
+		when(mgr.associate(any())).thenReturn(di);
 
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
 				new MockAttributesFactory());
@@ -79,7 +80,7 @@ public class OpenID4JavaConsumerTests {
 		ConsumerManager mgr = mock(ConsumerManager.class);
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
 				new NullAxFetchListFactory());
-		when(mgr.discover(anyString())).thenThrow(new DiscoveryException("msg"));
+		when(mgr.discover(any())).thenThrow(new DiscoveryException("msg"));
 		consumer.beginConsumption(new MockHttpServletRequest(), "", "", "");
 	}
 
@@ -90,9 +91,8 @@ public class OpenID4JavaConsumerTests {
 		OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
 				new NullAxFetchListFactory());
 
-		when(mgr.authenticate(any(DiscoveryInformation.class), anyString(), anyString()))
+		when(mgr.authenticate(ArgumentMatchers.<DiscoveryInformation>any(), any(), any()))
 				.thenThrow(new MessageException("msg"), new ConsumerException("msg"));
-
 		try {
 			consumer.beginConsumption(new MockHttpServletRequest(), "", "", "");
 			fail("OpenIDConsumerException was not thrown");
@@ -117,7 +117,7 @@ public class OpenID4JavaConsumerTests {
 		DiscoveryInformation di = mock(DiscoveryInformation.class);
 
 		when(
-				mgr.verify(anyString(), any(ParameterList.class),
+				mgr.verify(any(), any(ParameterList.class),
 						any(DiscoveryInformation.class))).thenReturn(vr);
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -136,7 +136,7 @@ public class OpenID4JavaConsumerTests {
 				new NullAxFetchListFactory());
 
 		when(
-				mgr.verify(anyString(), any(ParameterList.class),
+				mgr.verify(any(), any(ParameterList.class),
 						any(DiscoveryInformation.class)))
 				.thenThrow(new MessageException(""))
 				.thenThrow(new AssociationException(""))
@@ -184,7 +184,7 @@ public class OpenID4JavaConsumerTests {
 		Message msg = mock(Message.class);
 
 		when(
-				mgr.verify(anyString(), any(ParameterList.class),
+				mgr.verify(any(), any(ParameterList.class),
 						any(DiscoveryInformation.class))).thenReturn(vr);
 		when(vr.getVerifiedId()).thenReturn(id);
 		when(vr.getAuthResponse()).thenReturn(msg);

taglibs/src/test/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTagTests.java

@@ -79,7 +79,7 @@ public class AbstractAuthorizeTagTests {
 
 		tag.authorizeUsingUrlCheck();
 
-		verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any(Authentication.class));
+		verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any());
 	}
 
 	@Test
@@ -93,7 +93,7 @@ public class AbstractAuthorizeTagTests {
 
 		tag.authorizeUsingUrlCheck();
 
-		verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any(Authentication.class));
+		verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any());
 	}
 
 	@Test

test/spring-security-test.gradle

@@ -17,5 +17,5 @@ dependencies {
 	testCompile 'org.skyscreamer:jsonassert'
 	testCompile 'org.springframework:spring-webmvc'
 	testCompile 'org.springframework:spring-tx'
-	testCompile powerMockDependencies
+	testCompile powerMock2Dependencies
 }

test/src/test/java/org/springframework/security/test/context/support/WithMockUserSecurityContextFactoryTests.java

@@ -55,7 +55,6 @@ public class WithMockUserSecurityContextFactoryTests {
 
 	@Test
 	public void usernamePrioritizedOverValue() {
-		when(withUser.value()).thenReturn("valueUser");
 		when(withUser.username()).thenReturn("customUser");
 		when(withUser.password()).thenReturn("password");
 		when(withUser.roles()).thenReturn(new String[] { "USER" });
@@ -94,7 +93,6 @@ public class WithMockUserSecurityContextFactoryTests {
 	@Test(expected = IllegalStateException.class)
 	public void authoritiesAndRolesInvalid() {
 		when(withUser.value()).thenReturn("valueUser");
-		when(withUser.password()).thenReturn("password");
 		when(withUser.roles()).thenReturn(new String[] { "CUSTOM" });
 		when(withUser.authorities()).thenReturn(new String[] { "USER", "CUSTOM" });
 
@@ -104,7 +102,6 @@ public class WithMockUserSecurityContextFactoryTests {
 	@Test(expected = IllegalArgumentException.class)
 	public void rolesWithRolePrefixFails() {
 		when(withUser.value()).thenReturn("valueUser");
-		when(withUser.password()).thenReturn("password");
 		when(withUser.roles()).thenReturn(new String[] { "ROLE_FAIL" });
 		when(withUser.authorities()).thenReturn(new String[] {});
 

test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java

@@ -75,7 +75,6 @@ public class WithSecurityContextTestExcecutionListenerTests {
 	@SuppressWarnings({ "rawtypes", "unchecked" })
 	public void beforeTestMethodNullSecurityContextNoError() throws Exception {
 		Class testClass = FakeTest.class;
-		when(testContext.getApplicationContext()).thenReturn(context);
 		when(testContext.getTestClass()).thenReturn(testClass);
 		when(testContext.getTestMethod()).thenReturn(
 				ReflectionUtils.findMethod(testClass, "testNoAnnotation"));
@@ -88,7 +87,6 @@ public class WithSecurityContextTestExcecutionListenerTests {
 	public void beforeTestMethodNoApplicationContext() throws Exception {
 		Class testClass = FakeTest.class;
 		when(testContext.getApplicationContext()).thenThrow(new IllegalStateException());
-		when(testContext.getTestClass()).thenReturn(testClass);
 		when(testContext.getTestMethod()).thenReturn(
 				ReflectionUtils.findMethod(testClass, "testWithMockUser"));
 

test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationTests.java

@@ -32,6 +32,7 @@ import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -43,6 +44,7 @@ import org.springframework.security.web.context.SecurityContextRepository;
 
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(WebTestUtils.class)
+@PowerMockIgnore("javax.security.auth.*")
 public class SecurityMockMvcRequestPostProcessorsAuthenticationTests {
 	@Captor
 	private ArgumentCaptor<SecurityContext> contextCaptor;
@@ -79,4 +81,4 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationTests {
 		spy(WebTestUtils.class);
 		when(WebTestUtils.getSecurityContextRepository(request)).thenReturn(repository);
 	}
-}
+}

web/spring-security-web.gradle

@@ -20,7 +20,7 @@ dependencies {
 	testCompile 'commons-codec:commons-codec'
 	testCompile 'org.codehaus.groovy:groovy-all'
 	testCompile 'org.skyscreamer:jsonassert'
-	testCompile powerMockDependencies
+	testCompile powerMock2Dependencies
 	testCompile spockDependencies
 	testCompile slf4jDependencies
 

web/src/test/java/org/springframework/security/web/FilterChainProxyTests.java

@@ -64,8 +64,8 @@ public class FilterChainProxyTests {
 				fc.doFilter(extraWrapper, (HttpServletResponse) args[1]);
 				return null;
 			}
-		}).when(filter).doFilter(any(HttpServletRequest.class),
-				any(HttpServletResponse.class), any(FilterChain.class));
+		}).when(filter).doFilter(any(),
+				any(), any());
 		fcp = new FilterChainProxy(new DefaultSecurityFilterChain(matcher,
 				Arrays.asList(filter)));
 		fcp.setFilterChainValidator(mock(FilterChainProxy.FilterChainValidator.class));
@@ -127,12 +127,12 @@ public class FilterChainProxyTests {
 	@Test
 	public void requestIsWrappedForMatchingAndFilteringWhenMatchIsFound()
 			throws Exception {
-		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
+		when(matcher.matches(any())).thenReturn(true);
 		fcp.doFilter(request, response, chain);
 		verify(matcher).matches(any(FirewalledRequest.class));
 		verify(filter).doFilter(any(FirewalledRequest.class),
 				any(HttpServletResponse.class), any(FilterChain.class));
-		verify(chain).doFilter(any(FirewalledRequest.class),
+		verify(chain).doFilter(any(),
 				any(HttpServletResponse.class));
 	}
 
@@ -178,7 +178,7 @@ public class FilterChainProxyTests {
 		when(fw.getFirewalledRequest(firstFwr)).thenReturn(fwr);
 		when(fwr.getRequest()).thenReturn(firstFwr);
 		when(firstFwr.getRequest()).thenReturn(request);
-		when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
+		when(matcher.matches(any())).thenReturn(true);
 		firstFcp.doFilter(request, response, chain);
 		verify(firstFwr).reset();
 		verify(fwr).reset();

web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java

@@ -72,13 +72,7 @@ public class WebExpressionVoterTests {
 		EvaluationContextPostProcessor postProcessor = mock(
 				EvaluationContextPostProcessor.class);
 		when(postProcessor.postProcess(any(EvaluationContext.class),
-				any(FilterInvocation.class))).thenAnswer(new Answer<EvaluationContext>() {
-
-					public EvaluationContext answer(InvocationOnMock invocation)
-							throws Throwable {
-						return invocation.getArgumentAt(0, EvaluationContext.class);
-					}
-				});
+				any(FilterInvocation.class))).thenAnswer( invocation -> invocation.getArgument(0));
 		WebExpressionConfigAttribute weca = new WebExpressionConfigAttribute(ex,
 				postProcessor);
 		EvaluationContext ctx = mock(EvaluationContext.class);

web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesServlet3Tests.java

@@ -67,7 +67,7 @@ public class AbstractRememberMeServicesServlet3Tests {
 		MockRememberMeServices services = new MockRememberMeServices();
 		services.setCookie(new String[] { "mycookie" }, 1000, request, response);
 		verify(response).addCookie(cookie.capture());
-		verifyStatic();
+		verifyStatic(ReflectionUtils.class);
 		ReflectionUtils.invokeMethod(same(method), eq(cookie.getValue()), eq(true));
 	}
 
@@ -81,7 +81,7 @@ public class AbstractRememberMeServicesServlet3Tests {
 				mock(UserDetailsService.class));
 		services.setCookie(new String[] { "mycookie" }, 1000, request, response);
 		verify(response).addCookie(cookie.capture());
-		verifyStatic();
+		verifyStatic(ReflectionUtils.class);
 		ReflectionUtils.invokeMethod(same(method), eq(cookie.getValue()), eq(true));
 	}
 }

web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java

@@ -27,6 +27,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mockito;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -50,6 +51,7 @@ import org.springframework.util.StringUtils;
 @SuppressWarnings("unchecked")
 @RunWith(PowerMockRunner.class)
 @PrepareOnlyThisForTest(ReflectionUtils.class)
+@PowerMockIgnore("javax.security.auth.*")
 public class AbstractRememberMeServicesTests {
 
 	static User joe = new User("joe", "password", true, true, true, true,

web/src/test/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategyTests.java

@@ -62,7 +62,7 @@ public class ChangeSessionIdAuthenticationStrategyTests {
 
 		new ChangeSessionIdAuthenticationStrategy().applySessionFixation(request);
 
-		verifyStatic();
+		verifyStatic(ReflectionUtils.class);
 		ReflectionUtils.invokeMethod(same(method), eq(request));
 	}
 

web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java

@@ -309,7 +309,7 @@ public class ConcurrentSessionFilterTests {
 
 		filter.doFilter(request, response, new MockFilterChain());
 
-		verify(handler).logout(eq(request), eq(response), any(Authentication.class));
+		verify(handler).logout(eq(request), eq(response), any());
 	}
 
 	@Test(expected = IllegalArgumentException.class)

web/src/test/java/org/springframework/security/web/context/request/async/WebAsyncManagerIntegrationFilterTests.java

@@ -64,9 +64,6 @@ public class WebAsyncManagerIntegrationFilterTests {
 
 	@Before
 	public void setUp() {
-		when(asyncWebRequest.getNativeRequest(HttpServletRequest.class)).thenReturn(
-				request);
-		when(request.getRequestURI()).thenReturn("/");
 		filterChain = new MockFilterChain();
 
 		threadFactory = new JoinableThreadFactory();

web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryServlet3Tests.java

@@ -67,7 +67,7 @@ public class CookieCsrfTokenRepositoryServlet3Tests {
 		repository.saveToken(token, request, response);
 
 		verify(response).addCookie(cookie.capture());
-		verifyStatic();
+		verifyStatic(ReflectionUtils.class);
 		ReflectionUtils.invokeMethod(same(this.method), eq(cookie.getValue()), eq(true));
 	}
 
@@ -88,8 +88,8 @@ public class CookieCsrfTokenRepositoryServlet3Tests {
 		repository.saveToken(token, request, response);
 
 		verify(response).addCookie(cookie.capture());
-		verifyStatic(never());
+		verifyStatic(ReflectionUtils.class, never());
 		ReflectionUtils.invokeMethod(same(this.method), eq(cookie.getValue()), eq(true));
 	}
 
-}
+}

web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java

@@ -65,12 +65,8 @@ public class MvcRequestMatcherTests {
 
 	@Test
 	public void extractUriTemplateVariablesSuccess() throws Exception {
-		when(this.result.extractUriTemplateVariables())
-				.thenReturn(Collections.singletonMap("p", "path"));
 		when(this.introspector.getMatchableHandlerMapping(this.request))
 				.thenReturn(this.mapping);
-		when(this.mapping.match(eq(this.request), this.pattern.capture()))
-				.thenReturn(this.result);
 
 		this.matcher = new MvcRequestMatcher(this.introspector, "/{p}");
 		when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(null);
@@ -123,10 +119,6 @@ public class MvcRequestMatcherTests {
 
 	@Test
 	public void matchesServletPathFalse() throws Exception {
-		when(this.introspector.getMatchableHandlerMapping(this.request))
-				.thenReturn(this.mapping);
-		when(this.mapping.match(eq(this.request), this.pattern.capture()))
-				.thenReturn(this.result);
 		this.matcher.setServletPath("/spring");
 		this.request.setServletPath("/");
 

web/src/test/java/org/springframework/security/web/util/matcher/AndRequestMatcherTests.java

@@ -27,7 +27,8 @@ import javax.servlet.http.HttpServletRequest;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
-import org.mockito.runners.MockitoJUnitRunner;
+
+import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.security.web.util.matcher.AndRequestMatcher;
 
@@ -107,7 +108,6 @@ public class AndRequestMatcherTests {
 	@Test
 	public void matchesMultiBothFalse() {
 		when(delegate.matches(request)).thenReturn(false);
-		when(delegate2.matches(request)).thenReturn(false);
 		matcher = new AndRequestMatcher(delegate, delegate2);
 
 		assertThat(matcher.matches(request)).isFalse();
@@ -121,4 +121,4 @@ public class AndRequestMatcherTests {
 
 		assertThat(matcher.matches(request)).isFalse();
 	}
-}
+}

web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java

@@ -211,7 +211,6 @@ public class AntPathRequestMatcherTests {
 	}
 
 	private HttpServletRequest createRequestWithNullMethod(String path) {
-		when(this.request.getQueryString()).thenReturn("doesntMatter");
 		when(this.request.getServletPath()).thenReturn(path);
 		return this.request;
 	}

web/src/test/java/org/springframework/security/web/util/matcher/OrRequestMatcherTests.java

@@ -90,7 +90,6 @@ public class OrRequestMatcherTests {
 	@Test
 	public void matchesMultiTrue() {
 		when(delegate.matches(request)).thenReturn(true);
-		when(delegate2.matches(request)).thenReturn(true);
 		matcher = new OrRequestMatcher(delegate, delegate2);
 
 		assertThat(matcher.matches(request)).isTrue();
@@ -116,7 +115,6 @@ public class OrRequestMatcherTests {
 	@Test
 	public void matchesMultiSingleFalse() {
 		when(delegate.matches(request)).thenReturn(true);
-		when(delegate2.matches(request)).thenReturn(false);
 		matcher = new OrRequestMatcher(delegate, delegate2);
 
 		assertThat(matcher.matches(request)).isTrue();

webflux/src/test/java/org/springframework/security/web/reactive/result/method/annotation/AuthenticationPrincipalArgumentResolverTests.java

@@ -95,7 +95,6 @@ public class AuthenticationPrincipalArgumentResolverTests {
 	@Test
 	public void resolveArgumentWhenIsEmptyThenMonoEmpty() throws Exception {
 		MethodParameter parameter = this.authenticationPrincipal.arg(String.class);
-		when(authentication.getPrincipal()).thenReturn("user");
 		when(exchange.getPrincipal()).thenReturn(Mono.empty());
 
 		Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange);

webflux/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java

@@ -253,7 +253,6 @@ public class AuthenticationWebFilterTests {
 		Mono<Authentication> authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER"));
 		when(this.authenticationConverter.apply(any())).thenReturn(authentication);
 		when(this.authenticationManager.authenticate(any())).thenReturn(Mono.error(new RuntimeException("Failed")));
-		when(this.failureHandler.onAuthenticationFailure(any(),any())).thenReturn(Mono.empty());
 
 		WebTestClient client = WebTestClientBuilder
 			.bindToWebFilters(this.filter)