Fix Spring IO Tests

Author: Rob Winch

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.groovy

@@ -68,8 +68,8 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
 			filterChains[1].requestMatcher instanceof AnyRequestMatcher
 			filterChains[1].filters.collect { it.class.name.contains('$') ? it.class.superclass : it.class } ==
 					[WebAsyncManagerIntegrationFilter, SecurityContextPersistenceFilter, HeaderWriterFilter, CsrfFilter, LogoutFilter, UsernamePasswordAuthenticationFilter,
-					 RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter,
-					 AnonymousAuthenticationFilter, SessionManagementFilter, ExceptionTranslationFilter, FilterSecurityInterceptor ]
+					RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter,
+					AnonymousAuthenticationFilter, SessionManagementFilter, ExceptionTranslationFilter, FilterSecurityInterceptor ]
 
 		and: "UsernamePasswordAuthentictionFilter is configured correctly"
 			UsernamePasswordAuthenticationFilter authFilter = findFilter(UsernamePasswordAuthenticationFilter,1)
@@ -80,10 +80,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
 			authFilter.requiresAuthentication(new MockHttpServletRequest(servletPath : "/login", method: "POST"), new MockHttpServletResponse())
 			!authFilter.requiresAuthentication(new MockHttpServletRequest(servletPath : "/login", method: "GET"), new MockHttpServletResponse())
 
-		and: "SessionFixationProtectionStrategy is configured correctly"
-			SessionFixationProtectionStrategy sessionStrategy = ReflectionTestUtils.getField(authFilter,"sessionStrategy").delegateStrategies.find { SessionFixationProtectionStrategy }
-			sessionStrategy.migrateSessionAttributes
-
 		and: "Exception handling is configured correctly"
 			AuthenticationEntryPoint authEntryPoint = filterChains[1].filters.find { it instanceof ExceptionTranslationFilter}.authenticationEntryPoint
 			MockHttpServletResponse response = new MockHttpServletResponse()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.groovy

@@ -24,6 +24,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.core.session.SessionRegistry
+import org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy;
+import org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy;
 import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
 import org.springframework.security.web.authentication.session.SessionFixationProtectionEvent
@@ -41,7 +43,7 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
 		when:
 			loadConfig(SessionManagementConfig)
 		then:
-			findSessionAuthenticationStrategy(SessionFixationProtectionStrategy)
+			findSessionAuthenticationStrategy(AbstractSessionFixationProtectionStrategy)
 	}
 
 	@EnableWebSecurity
@@ -124,7 +126,11 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
 		when:
 			loadConfig(SFPMigrateSessionManagementConfig)
 		then:
-			findSessionAuthenticationStrategy(SessionFixationProtectionStrategy).migrateSessionAttributes
+			if(isChangeSession()) {
+				findSessionAuthenticationStrategy(ChangeSessionIdAuthenticationStrategy)
+			} else {
+				findSessionAuthenticationStrategy(SessionFixationProtectionStrategy).migrateSessionAttributes
+			}
 	}
 
 	@EnableWebSecurity
@@ -140,7 +146,7 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
 		setup:
 			loadConfig(SFPPostProcessedConfig)
 		when:
-			findSessionAuthenticationStrategy(SessionFixationProtectionStrategy).onSessionChange("id", new MockHttpSession(), new TestingAuthenticationToken("u","p","ROLE_USER"))
+			findSessionAuthenticationStrategy(AbstractSessionFixationProtectionStrategy).onSessionChange("id", new MockHttpSession(), new TestingAuthenticationToken("u","p","ROLE_USER"))
 		then:
 			context.getBean(MockEventListener).events
 	}
@@ -167,7 +173,7 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
 	}
 
 	def findSessionAuthenticationStrategy(def c) {
-		findFilter(SessionManagementFilter).sessionAuthenticationStrategy.delegateStrategies.find { it.class.isAssignableFrom(c) }
+		findFilter(SessionManagementFilter).sessionAuthenticationStrategy.delegateStrategies.find { c.isAssignableFrom(it.class) }
 	}
 
 	@EnableWebSecurity
@@ -189,4 +195,12 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
 		}
 
 	}
+
+	boolean isChangeSession() {
+		try {
+			new ChangeSessionIdAuthenticationStrategy()
+			return true
+		} catch(Exception e) {}
+		return false
+	}
 }

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.groovy

@@ -17,30 +17,28 @@ package org.springframework.security.config.annotation.web.configurers
 
 import javax.servlet.http.HttpServletResponse
 
-import org.springframework.context.annotation.Configuration
 import org.springframework.mock.web.MockFilterChain
 import org.springframework.mock.web.MockHttpServletRequest
 import org.springframework.mock.web.MockHttpServletResponse
-import org.springframework.security.authentication.AuthenticationTrustResolver;
+import org.springframework.security.authentication.AuthenticationTrustResolver
 import org.springframework.security.config.annotation.AnyObjectPostProcessor
 import org.springframework.security.config.annotation.BaseSpringSpec
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.http.SessionCreationPolicy
-import org.springframework.security.core.session.SessionDestroyedEvent
 import org.springframework.security.web.access.ExceptionTranslationFilter
+import org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
 import org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
 import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
 import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy
-import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
 import org.springframework.security.web.context.NullSecurityContextRepository
 import org.springframework.security.web.context.SecurityContextPersistenceFilter
 import org.springframework.security.web.context.SecurityContextRepository
 import org.springframework.security.web.savedrequest.RequestCache
 import org.springframework.security.web.session.ConcurrentSessionFilter
-import org.springframework.security.web.session.HttpSessionDestroyedEvent;
+import org.springframework.security.web.session.HttpSessionDestroyedEvent
 import org.springframework.security.web.session.SessionManagementFilter
 
 /**
@@ -229,7 +227,7 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
 		and: "RegisterSessionAuthenticationStrategy is registered with ObjectPostProcessor"
 			1 * opp.postProcess(_ as RegisterSessionAuthenticationStrategy) >> {RegisterSessionAuthenticationStrategy o -> o}
 		and: "SessionFixationProtectionStrategy is registered with ObjectPostProcessor"
-			1 * opp.postProcess(_ as SessionFixationProtectionStrategy) >> {SessionFixationProtectionStrategy o -> o}
+			1 * opp.postProcess(_ as AbstractSessionFixationProtectionStrategy) >> {AbstractSessionFixationProtectionStrategy o -> o}
 	}
 
 	def "use sharedObject trustResolver"() {

web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java

@@ -17,6 +17,7 @@
 import java.util.Locale;
 
 import javax.servlet.ServletOutputStream;
+import javax.servlet.WriteListener;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpServletResponseWrapper;
 
@@ -469,5 +470,15 @@ public void write(byte[] b, int off, int len) throws IOException {
 		public String toString() {
 			return getClass().getName() + "[delegate=" + delegate.toString() + "]";
 		}
+
+		@Override
+		public boolean isReady() {
+			return delegate.isReady();
+		}
+
+		@Override
+		public void setWriteListener(WriteListener writeListener) {
+			delegate.setWriteListener(writeListener);
+		}
 	}
 }

web/src/test/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategyTests.java

@@ -42,6 +42,12 @@ public class ChangeSessionIdAuthenticationStrategyTests {
 
 	@Test(expected = IllegalStateException.class)
 	public void constructChangeIdMethodNotFound() {
+		spy(ReflectionUtils.class);
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.getSession();
+		when(ReflectionUtils.findMethod(HttpServletRequest.class, "changeSessionId"))
+				.thenReturn(null);
+
 		new ChangeSessionIdAuthenticationStrategy();
 	}