Removed web dependency on core-tests

core/src/test/java/org/springframework/security/access/vote/SampleServiceImpl.java

@@ -14,10 +14,6 @@
  */
 package org.springframework.security.access.vote;
 
-import org.springframework.security.core.context.SecurityContextHolder;
-
-import org.apache.log4j.Logger;
-
 import java.util.List;
 import java.util.Vector;
 
@@ -29,32 +25,12 @@ import java.util.Vector;
  * @version $Id$
  */
 public class SampleServiceImpl implements SampleService {
-    //~ Instance fields ================================================================================================
-
-    Logger logger = Logger.getLogger(SampleServiceImpl.class);
-
     //~ Methods ========================================================================================================
 
     public void doSomethingOnThis(SampleBlockOfData block1, SampleBlockOfData block2) {
-        if (logger.isDebugEnabled()) {
-            logger.debug("You made it! Your context is " + SecurityContextHolder.getContext().getAuthentication());
-        }
-
-        if (logger.isDebugEnabled()) {
-            logger.debug("Block1 is " + block1);
-        }
-
-        if (logger.isDebugEnabled()) {
-            logger.debug("Block2 is " + block2);
-        }
     }
 
     public List<SampleBlockOfData> getTheSampleData() {
-        if (logger.isDebugEnabled()) {
-            logger.debug(SecurityContextHolder.getContext().getAuthentication().getName()
-                + " is requesting some sample data.");
-        }
-
         List<SampleBlockOfData> dataList = new Vector<SampleBlockOfData>();
         SampleBlockOfData block;
 

core/src/test/java/org/springframework/security/core/authority/mapping/MapBasedAttributes2GrantedAuthoritiesMapperTest.java

@@ -8,8 +8,6 @@ import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 
-import org.apache.log4j.Level;
-import org.apache.log4j.Logger;
 import org.junit.Test;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.GrantedAuthorityImpl;
@@ -23,11 +21,6 @@ import org.springframework.security.core.authority.mapping.MapBasedAttributes2Gr
 @SuppressWarnings("unchecked")
 public class MapBasedAttributes2GrantedAuthoritiesMapperTest {
 
-    protected void setUp() throws Exception {
-        // Set Log4j loglevel to debug to include all logstatements in tests
-        Logger.getRootLogger().setLevel(Level.DEBUG);
-    }
-
     @Test(expected=IllegalArgumentException.class)
     public void testAfterPropertiesSetNoMap() throws Exception {
         MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper();

core/src/test/java/org/springframework/security/matcher/AuthenticationMatcher.java

@@ -1,48 +0,0 @@
-package org.springframework.security.matcher;
-
-import org.hamcrest.Description;
-import org.hamcrest.Factory;
-import org.hamcrest.Matcher;
-import org.hamcrest.TypeSafeMatcher;
-import org.springframework.security.core.Authentication;
-
-public class AuthenticationMatcher extends TypeSafeMatcher<Authentication> {
-    private String username;
-    private String password;
-
-    @Override
-    public boolean matchesSafely(Authentication auth) {
-        if (!username.equals(auth.getName())) {
-            return false;
-        }
-
-        if (password != null && !password.equals(auth.getCredentials())) {
-            return false;
-        }
-
-        return true;
-    }
-
-    public void describeTo(Description d) {
-        d.appendText("an authentication object with username = '" + username + "'");
-        if (password != null) {
-            d.appendText(", password = '" + password + "'");
-        }
-    }
-
-    @Factory
-    public static Matcher<Authentication> anAuthenticationWithUsername(String name) {
-        AuthenticationMatcher matcher = new AuthenticationMatcher();
-        matcher.username = name;
-        return matcher;
-    }
-
-    @Factory
-    public static Matcher<Authentication> anAuthenticationWithUsernameAndPassword(String name, String password) {
-        AuthenticationMatcher matcher = new AuthenticationMatcher();
-        matcher.username = name;
-        matcher.password = password;
-        return matcher;
-
-    }
-}

web/pom.xml

@@ -15,13 +15,6 @@
             <artifactId>spring-security-core</artifactId>
             <version>${project.version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-core</artifactId>
-            <version>${project.version}</version>
-            <classifier>tests</classifier>
-            <optional>true</optional>
-        </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>org.springframework.web</artifactId>

web/src/test/java/org/springframework/security/web/authentication/AbstractProcessingFilterTests.java

@@ -15,6 +15,8 @@
 
 package org.springframework.security.web.authentication;
 
+import static org.mockito.Mockito.*;
+
 import java.io.IOException;
 import java.util.Properties;
 
@@ -33,8 +35,8 @@ import junit.framework.TestCase;
 import org.springframework.mock.web.MockFilterConfig;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.MockAuthenticationManager;
 import org.springframework.security.authentication.AccountExpiredException;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -74,7 +76,7 @@ public class AbstractProcessingFilterTests extends TestCase {
     }
 
     private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request,
-        ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+            ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
         filter.init(filterConfig);
         filter.doFilter(request, response, filterChain);
         filter.destroy();
@@ -190,7 +192,7 @@ public class AbstractProcessingFilterTests extends TestCase {
 
     public void testGettersSetters() throws Exception {
         AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager());
+        filter.setAuthenticationManager(mock(AuthenticationManager.class));
         filter.setFilterProcessesUrl("/p");
         filter.afterPropertiesSet();
 
@@ -239,7 +241,7 @@ public class AbstractProcessingFilterTests extends TestCase {
         filter.setFilterProcessesUrl("/j_mock_post");
         filter.setAuthenticationSuccessHandler(successHandler);
         filter.setAuthenticationFailureHandler(failureHandler);
-        filter.setAuthenticationManager(new MockAuthenticationManager(true));
+        filter.setAuthenticationManager(mock(AuthenticationManager.class));
         filter.afterPropertiesSet();
 
         // Test
@@ -269,7 +271,7 @@ public class AbstractProcessingFilterTests extends TestCase {
     public void testStartupDetectsInvalidFilterProcessesUrl() throws Exception {
         AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
         filter.setAuthenticationFailureHandler(failureHandler);
-        filter.setAuthenticationManager(new MockAuthenticationManager());
+        filter.setAuthenticationManager(mock(AuthenticationManager.class));
         filter.setAuthenticationSuccessHandler(successHandler);
         filter.setFilterProcessesUrl(null);
 

web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java

@@ -15,17 +15,23 @@
 
 package org.springframework.security.web.authentication;
 
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.*;
+
 import javax.servlet.ServletException;
 
 import junit.framework.TestCase;
 
 import org.junit.Test;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.MockAuthenticationManager;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
 
 
 /**
@@ -45,7 +51,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
 
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         assertEquals("/j_spring_security_check", filter.getFilterProcessesUrl());
-        filter.setAuthenticationManager(new MockAuthenticationManager(true));
+        filter.setAuthenticationManager(createAuthenticationManager());
         filter.init(null);
 
         Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
@@ -61,10 +67,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
         request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
 
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager(true));
-
-        Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
-        assertTrue(result != null);
+        filter.setAuthenticationManager(createAuthenticationManager());
+        assertNotNull(filter.attemptAuthentication(request, new MockHttpServletResponse()));
     }
 
     @Test
@@ -73,16 +77,14 @@ public class AuthenticationProcessingFilterTests extends TestCase {
         request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
 
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager(true));
-
-        Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
-        assertTrue(result != null);
+        filter.setAuthenticationManager(createAuthenticationManager());
+        assertNotNull(filter.attemptAuthentication(request, new MockHttpServletResponse()));
     }
 
     @Test
     public void testUsingDifferentParameterNamesWorksAsExpected() throws ServletException {
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager(true));
+        filter.setAuthenticationManager(createAuthenticationManager());
         filter.setUsernameParameter("x");
         filter.setPasswordParameter("y");
 
@@ -91,7 +93,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
         request.addParameter("y", "koala");
 
         Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
-        assertTrue(result != null);
+        assertNotNull(result);
         assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress());
     }
 
@@ -102,7 +104,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
         request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
 
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager(true));
+        filter.setAuthenticationManager(createAuthenticationManager());
 
         Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
         assertEquals("rod", result.getName());
@@ -113,7 +115,9 @@ public class AuthenticationProcessingFilterTests extends TestCase {
         MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
         request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager(false));
+        AuthenticationManager am = mock(AuthenticationManager.class);
+        when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
+        filter.setAuthenticationManager(am);
 
         try {
             filter.attemptAuthentication(request, new MockHttpServletResponse());
@@ -135,10 +139,22 @@ public class AuthenticationProcessingFilterTests extends TestCase {
 
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         filter.setAllowSessionCreation(false);
-        filter.setAuthenticationManager(new MockAuthenticationManager(true));
+        filter.setAuthenticationManager(createAuthenticationManager());
 
         filter.attemptAuthentication(request, new MockHttpServletResponse());
 
         assertNull(request.getSession(false));
     }
+
+    private AuthenticationManager createAuthenticationManager() {
+        AuthenticationManager am = mock(AuthenticationManager.class);
+        when(am.authenticate(any(Authentication.class))).thenAnswer(new Answer<Authentication>() {
+            public Authentication answer(InvocationOnMock invocation) throws Throwable {
+                return (Authentication) invocation.getArguments()[0];
+            }
+        });
+
+        return am;
+    }
+
 }

web/src/test/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilterTests.java

@@ -1,7 +1,8 @@
 package org.springframework.security.web.authentication.preauth;
 
 import static org.junit.Assert.assertNull;
-import static org.mockito.Mockito.mock;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.*;
 
 import javax.servlet.FilterChain;
 import javax.servlet.http.HttpServletRequest;
@@ -10,10 +11,10 @@ import org.junit.Before;
 import org.junit.Test;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.MockAuthenticationManager;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
 
 public class AbstractPreAuthenticatedProcessingFilterTests {
     private AbstractPreAuthenticatedProcessingFilter filter;
@@ -38,7 +39,9 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
 
     @Test
     public void filterChainProceedsOnFailedAuthenticationByDefault() throws Exception {
-        filter.setAuthenticationManager(new MockAuthenticationManager(false));
+        AuthenticationManager am = mock(AuthenticationManager.class);
+        when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
+        filter.setAuthenticationManager(am);
         filter.afterPropertiesSet();
         filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
         assertNull(SecurityContextHolder.getContext().getAuthentication());
@@ -47,8 +50,10 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
     /* SEC-881 */
     @Test(expected=BadCredentialsException.class)
     public void exceptionIsThrownOnFailedAuthenticationIfContinueFilterChainOnUnsuccessfulAuthenticationSetToFalse() throws Exception {
+        AuthenticationManager am = mock(AuthenticationManager.class);
+        when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
         filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
-        filter.setAuthenticationManager(new MockAuthenticationManager(false));
+        filter.setAuthenticationManager(am);
         filter.afterPropertiesSet();
         filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
         assertNull(SecurityContextHolder.getContext().getAuthentication());

web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterTests.java

@@ -1,23 +1,33 @@
 package org.springframework.security.web.authentication.preauth;
 
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.MockAuthenticationManager;
-import org.springframework.security.web.FilterChainOrder;
-import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
+import static org.junit.Assert.*;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.*;
 
 import javax.servlet.http.HttpServletRequest;
 
-import junit.framework.TestCase;
-
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.FilterChainOrder;
 
-public class PreAuthenticatedProcessingFilterTests extends TestCase {
-    protected void setUp() throws Exception {
+public class PreAuthenticatedProcessingFilterTests {
+    @After
+    @Before
+    public void setUp() throws Exception {
         SecurityContextHolder.clearContext();
     }
-    
+
+    @Test
     public void testAfterPropertiesSet() {
         ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
         try {
@@ -29,29 +39,43 @@ public class PreAuthenticatedProcessingFilterTests extends TestCase {
         }
     }
 
-    public final void testDoFilterAuthenticated() throws Exception {
+    @Test
+    public void testDoFilterAuthenticated() throws Exception {
         testDoFilter(true);
     }
 
-    public final void testDoFilterUnauthenticated() throws Exception {
+    @Test
+    public void testDoFilterUnauthenticated() throws Exception {
         testDoFilter(false);
     }
-    
-    private final void testDoFilter(boolean grantAccess) throws Exception {
+
+    private void testDoFilter(boolean grantAccess) throws Exception {
         MockHttpServletRequest req = new MockHttpServletRequest();
         MockHttpServletResponse res = new MockHttpServletResponse();
         getFilter(grantAccess).doFilter(req,res,new MockFilterChain());
         assertEquals(grantAccess,null!= SecurityContextHolder.getContext().getAuthentication());
     }
-    
-    private static final ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception {
+
+    private static ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception {
         ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager(grantAccess));
+        AuthenticationManager am = mock(AuthenticationManager.class);
+
+        if (!grantAccess) {
+            when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
+        } else {
+            when(am.authenticate(any(Authentication.class))).thenAnswer(new Answer<Authentication>() {
+                public Authentication answer(InvocationOnMock invocation) throws Throwable {
+                    return (Authentication) invocation.getArguments()[0];
+                }
+            });
+        }
+
+        filter.setAuthenticationManager(am);
         filter.afterPropertiesSet();
         return filter;
     }
-    
-    private static final class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
+
+    private static class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
         protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
             return "testPrincipal";
         }

web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderPreAuthenticatedProcessingFilterTests.java

@@ -1,14 +1,19 @@
 package org.springframework.security.web.authentication.preauth.header;
 
 import static org.junit.Assert.*;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.*;
 
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.MockAuthenticationManager;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException;
 import org.springframework.security.web.authentication.preauth.RequestHeaderPreAuthenticatedProcessingFilter;
@@ -44,7 +49,7 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests {
         MockHttpServletResponse response = new MockHttpServletResponse();
         MockFilterChain chain = new MockFilterChain();
         RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager());
+        filter.setAuthenticationManager(createAuthenticationManager());
 
         filter.doFilter(request, response, chain);
         assertNotNull(SecurityContextHolder.getContext().getAuthentication());
@@ -59,7 +64,7 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests {
         MockHttpServletResponse response = new MockHttpServletResponse();
         MockFilterChain chain = new MockFilterChain();
         RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager());
+        filter.setAuthenticationManager(createAuthenticationManager());
         filter.setPrincipalRequestHeader("myUsernameHeader");
 
         filter.doFilter(request, response, chain);
@@ -73,7 +78,7 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests {
         MockHttpServletResponse response = new MockHttpServletResponse();
         MockFilterChain chain = new MockFilterChain();
         RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager());
+        filter.setAuthenticationManager(createAuthenticationManager());
         filter.setCredentialsRequestHeader("myCredentialsHeader");
         request.addHeader("SM_USER", "cat");
         request.addHeader("myCredentialsHeader", "catspassword");
@@ -83,4 +88,14 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests {
         assertEquals("catspassword", SecurityContextHolder.getContext().getAuthentication().getCredentials());
     }
 
+    private AuthenticationManager createAuthenticationManager() {
+        AuthenticationManager am = mock(AuthenticationManager.class);
+        when(am.authenticate(any(Authentication.class))).thenAnswer(new Answer<Authentication>() {
+            public Authentication answer(InvocationOnMock invocation) throws Throwable {
+                return (Authentication) invocation.getArguments()[0];
+            }
+        });
+
+        return am;
+    }
 }

web/src/test/java/org/springframework/security/web/authentication/rememberme/JdbcTokenRepositoryImplTests.java

@@ -1,35 +1,34 @@
 package org.springframework.security.web.authentication.rememberme;
 
-import org.springframework.security.TestDataSource;
-import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
-import org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken;
-import org.springframework.jdbc.core.JdbcTemplate;
-
-import org.junit.After;
-import org.junit.AfterClass;
 import static org.junit.Assert.*;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
 
 import java.sql.Timestamp;
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
 
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.jdbc.datasource.SingleConnectionDataSource;
+
 /**
  * @author Luke Taylor
  * @version $Id$
  */
 @SuppressWarnings("unchecked")
 public class JdbcTokenRepositoryImplTests {
-    private static TestDataSource dataSource;
+    private static SingleConnectionDataSource dataSource;
     private JdbcTokenRepositoryImpl repo;
     private JdbcTemplate template;
 
     @BeforeClass
     public static void createDataSource() {
-        dataSource = new TestDataSource("tokenrepotest");
+        dataSource = new SingleConnectionDataSource("jdbc:hsqldb:mem:tokenrepotest", "sa", "", true);
+        dataSource.setDriverClassName("org.hsqldb.jdbcDriver");
     }
 
     @AfterClass

web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilterTests.java

@@ -15,6 +15,9 @@
 
 package org.springframework.security.web.authentication.rememberme;
 
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.*;
+
 import java.io.IOException;
 
 import javax.servlet.Filter;
@@ -28,19 +31,18 @@ import javax.servlet.http.HttpServletResponse;
 
 import junit.framework.TestCase;
 
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.MockApplicationEventPublisher;
-import org.springframework.security.MockAuthenticationManager;
 import org.springframework.security.MockFilterConfig;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.NullRememberMeServices;
 import org.springframework.security.web.authentication.RememberMeServices;
-import org.springframework.security.web.authentication.rememberme.RememberMeProcessingFilter;
-import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
 
 
 /**
@@ -74,11 +76,10 @@ public class RememberMeProcessingFilterTests extends TestCase {
 
     public void testDetectsAuthenticationManagerProperty() throws Exception {
         RememberMeProcessingFilter filter = new RememberMeProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager());
+        filter.setAuthenticationManager(mock(AuthenticationManager.class));
         filter.setRememberMeServices(new NullRememberMeServices());
 
         filter.afterPropertiesSet();
-        assertTrue(true);
 
         filter.setAuthenticationManager(null);
 
@@ -92,7 +93,7 @@ public class RememberMeProcessingFilterTests extends TestCase {
 
     public void testDetectsRememberMeServicesProperty() throws Exception {
         RememberMeProcessingFilter filter = new RememberMeProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager());
+        filter.setAuthenticationManager(mock(AuthenticationManager.class));
 
         // check default is NullRememberMeServices
         // assertEquals(NullRememberMeServices.class, filter.getRememberMeServices().getClass());
@@ -119,7 +120,7 @@ public class RememberMeProcessingFilterTests extends TestCase {
 
         // Setup our filter correctly
         RememberMeProcessingFilter filter = new RememberMeProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager());
+        filter.setAuthenticationManager(mock(AuthenticationManager.class));
         filter.setRememberMeServices(new MockRememberMeServices(remembered));
         filter.afterPropertiesSet();
 
@@ -136,7 +137,9 @@ public class RememberMeProcessingFilterTests extends TestCase {
     public void testOperationWhenNoAuthenticationInContextHolder() throws Exception {
 
         RememberMeProcessingFilter filter = new RememberMeProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager());
+        AuthenticationManager am = mock(AuthenticationManager.class);
+        when(am.authenticate(remembered)).thenReturn(remembered);
+        filter.setAuthenticationManager(am);
         filter.setRememberMeServices(new MockRememberMeServices(remembered));
         filter.afterPropertiesSet();
 
@@ -149,7 +152,7 @@ public class RememberMeProcessingFilterTests extends TestCase {
         assertEquals(remembered, SecurityContextHolder.getContext().getAuthentication());
     }
 
-    public void testOnunsuccessfulLoginIsCalledWhenProviderRejectsAuth() throws Exception {
+    public void testOnUnsuccessfulLoginIsCalledWhenProviderRejectsAuth() throws Exception {
         final Authentication failedAuth = new TestingAuthenticationToken("failed", "");
 
         RememberMeProcessingFilter filter = new RememberMeProcessingFilter() {
@@ -158,9 +161,11 @@ public class RememberMeProcessingFilterTests extends TestCase {
                 SecurityContextHolder.getContext().setAuthentication(failedAuth);
             }
         };
-        filter.setAuthenticationManager(new MockAuthenticationManager(false));
+        AuthenticationManager am = mock(AuthenticationManager.class);
+        when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
+        filter.setAuthenticationManager(am);
         filter.setRememberMeServices(new MockRememberMeServices(remembered));
-        filter.setApplicationEventPublisher(new MockApplicationEventPublisher());
+        filter.setApplicationEventPublisher(mock(ApplicationEventPublisher.class));
         filter.afterPropertiesSet();
 
         MockHttpServletRequest request = new MockHttpServletRequest();

web/src/test/java/org/springframework/security/web/authentication/www/BasicProcessingFilterTests.java

@@ -15,13 +15,10 @@
 
 package org.springframework.security.web.authentication.www;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import static org.springframework.security.matcher.AuthenticationMatcher.anAuthenticationWithUsernameAndPassword;
+import static org.junit.Assert.*;
+import static org.mockito.AdditionalMatchers.not;
+import static org.mockito.Matchers.*;
+import static org.mockito.Mockito.*;
 
 import java.io.IOException;
 
@@ -29,11 +26,9 @@ import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
 
 import org.apache.commons.codec.binary.Base64;
-import org.jmock.Expectations;
-import org.jmock.Mockery;
-import org.jmock.integration.junit4.JUnit4Mockery;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -41,7 +36,6 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.MockAuthenticationEntryPoint;
-import org.springframework.security.MockAuthenticationManager;
 import org.springframework.security.MockFilterConfig;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -49,8 +43,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.authentication.www.BasicProcessingFilter;
-import org.springframework.security.web.authentication.www.BasicProcessingFilterEntryPoint;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
 
 
 /**
@@ -63,7 +56,8 @@ public class BasicProcessingFilterTests {
     //~ Instance fields ================================================================================================
 
     private BasicProcessingFilter filter;
-    private Mockery jmock = new JUnit4Mockery();
+    private AuthenticationManager manager;
+//    private Mockery jmock = new JUnit4Mockery();
 
     //~ Methods ========================================================================================================
 
@@ -72,32 +66,26 @@ public class BasicProcessingFilterTests {
         filter.init(new MockFilterConfig());
 
         final MockHttpServletResponse response = new MockHttpServletResponse();
-        Mockery jmockContext = new JUnit4Mockery();
-
-        final FilterChain chain = jmockContext.mock(FilterChain.class);
-        jmockContext.checking(new Expectations() {{
-                exactly(expectChainToProceed ? 1 : 0).of(chain).doFilter(request, response);
-            }});
 
+        FilterChain chain = mock(FilterChain.class);
         filter.doFilter(request, response, chain);
         filter.destroy();
-        jmockContext.assertIsSatisfied();
+
+        verify(chain, expectChainToProceed ? times(1) : never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
         return response;
     }
 
     @Before
     public void setUp() throws Exception {
         SecurityContextHolder.clearContext();
-
-        final AuthenticationManager manager = jmock.mock(AuthenticationManager.class);
-        final Authentication rod =
+        UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "koala");
+        rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
+        Authentication rod =
             new UsernamePasswordAuthenticationToken("rod", "koala", AuthorityUtils.createAuthorityList("ROLE_1"));
-        jmock.checking(new Expectations() {{
-            allowing(manager).authenticate(with(anAuthenticationWithUsernameAndPassword("rod", "koala")));
-                will(returnValue(rod));
-            allowing(manager).authenticate(with(any(Authentication.class)));
-                will(throwException(new BadCredentialsException("")));
-        }});
+
+        manager = mock(AuthenticationManager.class);
+        when(manager.authenticate(rodRequest)).thenReturn(rod);
+        when(manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
 
         filter = new BasicProcessingFilter();
         filter.setAuthenticationManager(manager);
@@ -124,7 +112,7 @@ public class BasicProcessingFilterTests {
     @Test
     public void testGettersSetters() {
         BasicProcessingFilter filter = new BasicProcessingFilter();
-        filter.setAuthenticationManager(new MockAuthenticationManager());
+        filter.setAuthenticationManager(manager);
         assertTrue(filter.getAuthenticationManager() != null);
 
         filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("sx"));
@@ -153,7 +141,7 @@ public class BasicProcessingFilterTests {
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
         request.setServletPath("/some_file.html");
-        request.setSession(new MockHttpSession());
+//        request.setSession(new MockHttpSession());
 
         // Test
         assertNull(SecurityContextHolder.getContext().getAuthentication());
@@ -177,16 +165,11 @@ public class BasicProcessingFilterTests {
         assertNull(SecurityContextHolder.getContext().getAuthentication());
     }
 
-    @Test
+    @Test(expected=IllegalArgumentException.class)
     public void testStartupDetectsMissingAuthenticationEntryPoint() throws Exception {
-        try {
-            BasicProcessingFilter filter = new BasicProcessingFilter();
-            filter.setAuthenticationManager(new MockAuthenticationManager());
-            filter.afterPropertiesSet();
-            fail("Should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertEquals("An AuthenticationEntryPoint is required", expected.getMessage());
-        }
+        BasicProcessingFilter filter = new BasicProcessingFilter();
+        filter.setAuthenticationManager(manager);
+        filter.afterPropertiesSet();
     }
 
     @Test(expected=IllegalArgumentException.class)
@@ -203,7 +186,6 @@ public class BasicProcessingFilterTests {
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
         request.setServletPath("/some_file.html");
-        request.setSession(new MockHttpSession());
 
         // Test
         executeFilterInContainerSimulator(filter, request, true);
@@ -217,7 +199,6 @@ public class BasicProcessingFilterTests {
         request = new MockHttpServletRequest();
         request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
         request.setServletPath("/some_file.html");
-        request.setSession(new MockHttpSession());
 
         // Test - the filter chain will not be invoked, as we get a 403 forbidden response
         MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);

web/src/test/java/org/springframework/security/web/intercept/FilterSecurityInterceptorTests.java

@@ -25,20 +25,19 @@ import org.jmock.integration.junit4.JUnit4Mockery;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.MockApplicationEventPublisher;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
+import org.springframework.security.access.event.AuthorizedEvent;
 import org.springframework.security.access.intercept.RunAsManager;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.FilterInvocation;
-import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.intercept.FilterSecurityInterceptor;
 
 
 /**
@@ -54,6 +53,7 @@ public class FilterSecurityInterceptorTests {
     private FilterInvocationSecurityMetadataSource ods;
     private RunAsManager ram;
     private FilterSecurityInterceptor interceptor;
+    private ApplicationEventPublisher publisher;
 
 
     //~ Methods ========================================================================================================
@@ -65,11 +65,12 @@ public class FilterSecurityInterceptorTests {
         ods = jmock.mock(FilterInvocationSecurityMetadataSource.class);
         adm = jmock.mock(AccessDecisionManager.class);
         ram = jmock.mock(RunAsManager.class);
+        publisher = jmock.mock(ApplicationEventPublisher.class);
         interceptor.setAuthenticationManager(am);
         interceptor.setSecurityMetadataSource(ods);
         interceptor.setAccessDecisionManager(adm);
         interceptor.setRunAsManager(ram);
-        interceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
+        interceptor.setApplicationEventPublisher(publisher);
         SecurityContextHolder.clearContext();
     }
 
@@ -121,6 +122,7 @@ public class FilterSecurityInterceptorTests {
             oneOf(adm).decide(token, fi, attributes);
             // Setup our expectation that the filter chain will be invoked, as access is granted
             oneOf(chain).doFilter(request, response);
+            oneOf(publisher).publishEvent(with(aNonNull(AuthorizedEvent.class)));
         }});
 
         interceptor.invoke(fi);

web/src/test/java/org/springframework/security/web/intercept/WebInvocationPrivilegeEvaluatorTests.java

@@ -24,7 +24,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.junit.Before;
 import org.junit.Test;
-import org.springframework.security.MockApplicationEventPublisher;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.intercept.RunAsManager;
@@ -58,7 +58,7 @@ public class WebInvocationPrivilegeEvaluatorTests {
         interceptor.setSecurityMetadataSource(ods);
         interceptor.setAccessDecisionManager(adm);
         interceptor.setRunAsManager(ram);
-        interceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
+        interceptor.setApplicationEventPublisher(mock(ApplicationEventPublisher.class));
         SecurityContextHolder.clearContext();
     }