Merge branch '6.4.x'

rwinch · rwinch · commit f8132018d5f8 · 2025-01-23T12:45:09.000-06:00
TestOneTimeTokenGenerationSuccessHandler.lastToken to non-static variable Closes gh-16472
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurerTests.java
@@ -78,7 +78,7 @@ void oneTimeTokenWhenCorrectTokenThenCanAuthenticate() throws Exception {
 		this.mvc.perform(post("/ott/generate").param("username", "user").with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/login/ott"));
 
-		String token = TestOneTimeTokenGenerationSuccessHandler.lastToken.getTokenValue();
+		String token = getLastToken().getTokenValue();
 
 		this.mvc.perform(post("/login/ott").param("token", token).with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/"), authenticated());
@@ -90,7 +90,7 @@ void oneTimeTokenWhenDifferentAuthenticationUrlsThenCanAuthenticate() throws Exc
 		this.mvc.perform(post("/generateurl").param("username", "user").with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/redirected"));
 
-		String token = TestOneTimeTokenGenerationSuccessHandler.lastToken.getTokenValue();
+		String token = getLastToken().getTokenValue();
 
 		this.mvc.perform(post("/loginprocessingurl").param("token", token).with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/authenticated"), authenticated());
@@ -102,7 +102,7 @@ void oneTimeTokenWhenCorrectTokenUsedTwiceThenSecondTimeFails() throws Exception
 		this.mvc.perform(post("/ott/generate").param("username", "user").with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/login/ott"));
 
-		String token = TestOneTimeTokenGenerationSuccessHandler.lastToken.getTokenValue();
+		String token = getLastToken().getTokenValue();
 
 		this.mvc.perform(post("/login/ott").param("token", token).with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/"), authenticated());
@@ -206,7 +206,7 @@ void oneTimeTokenWhenCustomTokenExpirationTimeSetThenAuthenticate() throws Excep
 		this.mvc.perform(post("/ott/generate").param("username", "user").with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/login/ott"));
 
-		OneTimeToken token = TestOneTimeTokenGenerationSuccessHandler.lastToken;
+		OneTimeToken token = getLastToken();
 
 		this.mvc.perform(post("/login/ott").param("token", token.getTokenValue()).with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/"), authenticated());
@@ -219,25 +219,37 @@ private int getCurrentMinutes(Instant expiresAt) {
 		return expiresMinutes - currentMinutes;
 	}
 
+	private OneTimeToken getLastToken() {
+		OneTimeToken lastToken = this.spring.getContext()
+			.getBean(TestOneTimeTokenGenerationSuccessHandler.class).lastToken;
+		return lastToken;
+	}
+
 	@Configuration(proxyBeanMethods = false)
 	@EnableWebSecurity
 	@Import(UserDetailsServiceConfig.class)
 	static class OneTimeTokenConfigWithCustomTokenExpirationTime {
 
 		@Bean
-		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		SecurityFilterChain securityFilterChain(HttpSecurity http,
+				OneTimeTokenGenerationSuccessHandler ottSuccessHandler) throws Exception {
 			// @formatter:off
 			http
 					.authorizeHttpRequests((authz) -> authz
 							.anyRequest().authenticated()
 					)
 					.oneTimeTokenLogin((ott) -> ott
-							.tokenGenerationSuccessHandler(new TestOneTimeTokenGenerationSuccessHandler())
+							.tokenGenerationSuccessHandler(ottSuccessHandler)
 					);
 			// @formatter:on
 			return http.build();
 		}
 
+		@Bean
+		TestOneTimeTokenGenerationSuccessHandler ottSuccessHandler() {
+			return new TestOneTimeTokenGenerationSuccessHandler();
+		}
+
 		@Bean
 		GenerateOneTimeTokenRequestResolver generateOneTimeTokenRequestResolver() {
 			DefaultGenerateOneTimeTokenRequestResolver delegate = new DefaultGenerateOneTimeTokenRequestResolver();
@@ -255,19 +267,25 @@ GenerateOneTimeTokenRequestResolver generateOneTimeTokenRequestResolver() {
 	static class OneTimeTokenDefaultConfig {
 
 		@Bean
-		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		SecurityFilterChain securityFilterChain(HttpSecurity http,
+				OneTimeTokenGenerationSuccessHandler ottSuccessHandler) throws Exception {
 			// @formatter:off
 			http
 					.authorizeHttpRequests((authz) -> authz
 							.anyRequest().authenticated()
 					)
 					.oneTimeTokenLogin((ott) -> ott
-							.tokenGenerationSuccessHandler(new TestOneTimeTokenGenerationSuccessHandler())
+							.tokenGenerationSuccessHandler(ottSuccessHandler)
 					);
 			// @formatter:on
 			return http.build();
 		}
 
+		@Bean
+		TestOneTimeTokenGenerationSuccessHandler ottSuccessHandler() {
+			return new TestOneTimeTokenGenerationSuccessHandler();
+		}
+
 	}
 
 	@Configuration(proxyBeanMethods = false)
@@ -276,22 +294,28 @@ SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 	static class OneTimeTokenDifferentUrlsConfig {
 
 		@Bean
-		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		SecurityFilterChain securityFilterChain(HttpSecurity http,
+				OneTimeTokenGenerationSuccessHandler ottSuccessHandler) throws Exception {
 			// @formatter:off
 			http
 					.authorizeHttpRequests((authz) -> authz
 							.anyRequest().authenticated()
 					)
 					.oneTimeTokenLogin((ott) -> ott
 							.tokenGeneratingUrl("/generateurl")
-							.tokenGenerationSuccessHandler(new TestOneTimeTokenGenerationSuccessHandler("/redirected"))
+							.tokenGenerationSuccessHandler(ottSuccessHandler)
 							.loginProcessingUrl("/loginprocessingurl")
 							.authenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/authenticated"))
 					);
 			// @formatter:on
 			return http.build();
 		}
 
+		@Bean
+		TestOneTimeTokenGenerationSuccessHandler ottSuccessHandler() {
+			return new TestOneTimeTokenGenerationSuccessHandler("/redirected");
+		}
+
 	}
 
 	@Configuration(proxyBeanMethods = false)
@@ -300,20 +324,26 @@ SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 	static class OneTimeTokenFormLoginConfig {
 
 		@Bean
-		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		SecurityFilterChain securityFilterChain(HttpSecurity http,
+				OneTimeTokenGenerationSuccessHandler ottSuccessHandler) throws Exception {
 			// @formatter:off
 			http
 					.authorizeHttpRequests((authz) -> authz
 							.anyRequest().authenticated()
 					)
 					.formLogin(Customizer.withDefaults())
 					.oneTimeTokenLogin((ott) -> ott
-							.tokenGenerationSuccessHandler(new TestOneTimeTokenGenerationSuccessHandler())
+							.tokenGenerationSuccessHandler(ottSuccessHandler)
 					);
 			// @formatter:on
 			return http.build();
 		}
 
+		@Bean
+		TestOneTimeTokenGenerationSuccessHandler ottSuccessHandler() {
+			return new TestOneTimeTokenGenerationSuccessHandler();
+		}
+
 	}
 
 	@Configuration(proxyBeanMethods = false)
@@ -337,7 +367,7 @@ SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
 	static class TestOneTimeTokenGenerationSuccessHandler implements OneTimeTokenGenerationSuccessHandler {
 
-		private static OneTimeToken lastToken;
+		private OneTimeToken lastToken;
 
 		private final OneTimeTokenGenerationSuccessHandler delegate;
 
@@ -352,7 +382,7 @@ static class TestOneTimeTokenGenerationSuccessHandler implements OneTimeTokenGen
 		@Override
 		public void handle(HttpServletRequest request, HttpServletResponse response, OneTimeToken oneTimeToken)
 				throws IOException, ServletException {
-			lastToken = oneTimeToken;
+			this.lastToken = oneTimeToken;
 			this.delegate.handle(request, response, oneTimeToken);
 		}
 
diff --git a/config/src/test/kotlin/org/springframework/security/config/annotation/web/OneTimeTokenLoginDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/OneTimeTokenLoginDslTests.kt
@@ -74,7 +74,7 @@ class OneTimeTokenLoginDslTests {
                 .redirectedUrl("/login/ott")
         )
 
-        val token = TestOneTimeTokenGenerationSuccessHandler.lastToken?.tokenValue
+        val token = getLastToken().tokenValue
 
         this.mockMvc.perform(
             MockMvcRequestBuilders.post("/login/ott").param("token", token)
@@ -96,7 +96,7 @@ class OneTimeTokenLoginDslTests {
         )
             .andExpectAll(MockMvcResultMatchers.status().isFound(), MockMvcResultMatchers.redirectedUrl("/redirected"))
 
-        val token = TestOneTimeTokenGenerationSuccessHandler.lastToken?.tokenValue
+        val token = getLastToken().tokenValue
 
         this.mockMvc.perform(
             MockMvcRequestBuilders.post("/loginprocessingurl").param("token", token)
@@ -124,7 +124,7 @@ class OneTimeTokenLoginDslTests {
                         .redirectedUrl("/login/ott")
         )
 
-        val token = TestOneTimeTokenGenerationSuccessHandler.lastToken
+        val token = getLastToken()
 
         assertThat(getCurrentMinutes(token!!.expiresAt)).isEqualTo(10)
     }
@@ -135,25 +135,36 @@ class OneTimeTokenLoginDslTests {
         return expiresMinutes - currentMinutes
     }
 
+    private fun getLastToken(): OneTimeToken {
+        val lastToken = spring.context
+            .getBean(TestOneTimeTokenGenerationSuccessHandler::class.java).lastToken
+        return lastToken!!
+    }
+
     @Configuration
     @EnableWebSecurity
     @Import(UserDetailsServiceConfig::class)
     open class OneTimeTokenConfig {
 
         @Bean
-        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        open fun securityFilterChain(http: HttpSecurity, ottSuccessHandler: OneTimeTokenGenerationSuccessHandler): SecurityFilterChain {
             // @formatter:off
             http {
                 authorizeHttpRequests {
                     authorize(anyRequest, authenticated)
                 }
                 oneTimeTokenLogin {
-                    oneTimeTokenGenerationSuccessHandler = TestOneTimeTokenGenerationSuccessHandler()
+                    oneTimeTokenGenerationSuccessHandler = ottSuccessHandler
                 }
             }
             // @formatter:on
             return http.build()
         }
+
+        @Bean
+        open fun ottSuccessHandler(): TestOneTimeTokenGenerationSuccessHandler {
+            return TestOneTimeTokenGenerationSuccessHandler()
+        }
     }
 
     @Configuration
@@ -162,14 +173,14 @@ class OneTimeTokenLoginDslTests {
     open class OneTimeTokenConfigWithCustomTokenResolver {
 
         @Bean
-        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        open fun securityFilterChain(http: HttpSecurity, ottSuccessHandler: OneTimeTokenGenerationSuccessHandler): SecurityFilterChain {
             // @formatter:off
             http {
                 authorizeHttpRequests {
                     authorize(anyRequest, authenticated)
                 }
                 oneTimeTokenLogin {
-                    oneTimeTokenGenerationSuccessHandler = TestOneTimeTokenGenerationSuccessHandler()
+                    oneTimeTokenGenerationSuccessHandler = ottSuccessHandler
                     generateRequestResolver = DefaultGenerateOneTimeTokenRequestResolver().apply {
                         this.setExpiresIn(Duration.ofMinutes(10))
                     }
@@ -179,6 +190,10 @@ class OneTimeTokenLoginDslTests {
             return http.build()
         }
 
+        @Bean
+        open fun ottSuccessHandler(): TestOneTimeTokenGenerationSuccessHandler {
+            return TestOneTimeTokenGenerationSuccessHandler()
+        }
 
     }
 
@@ -187,22 +202,27 @@ class OneTimeTokenLoginDslTests {
     @Import(UserDetailsServiceConfig::class)
     open class OneTimeTokenDifferentUrlsConfig {
         @Bean
-        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        open fun securityFilterChain(http: HttpSecurity, ottSuccessHandler: OneTimeTokenGenerationSuccessHandler): SecurityFilterChain {
             // @formatter:off
             http {
                 authorizeHttpRequests {
                     authorize(anyRequest, authenticated)
                 }
                 oneTimeTokenLogin {
                     tokenGeneratingUrl = "/generateurl"
-                    oneTimeTokenGenerationSuccessHandler = TestOneTimeTokenGenerationSuccessHandler("/redirected")
+                    oneTimeTokenGenerationSuccessHandler = ottSuccessHandler
                     loginProcessingUrl = "/loginprocessingurl"
                     authenticationSuccessHandler = SimpleUrlAuthenticationSuccessHandler("/authenticated")
                 }
             }
             // @formatter:on
             return http.build()
         }
+
+        @Bean
+        open fun ottSuccessHandler(): TestOneTimeTokenGenerationSuccessHandler {
+            return TestOneTimeTokenGenerationSuccessHandler("/redirected")
+        }
     }
 
     @Configuration(proxyBeanMethods = false)
@@ -213,9 +233,10 @@ class OneTimeTokenLoginDslTests {
             InMemoryUserDetailsManager(PasswordEncodedUser.user(), PasswordEncodedUser.admin())
     }
 
-    private class TestOneTimeTokenGenerationSuccessHandler :
+    class TestOneTimeTokenGenerationSuccessHandler :
         OneTimeTokenGenerationSuccessHandler {
         private val delegate: OneTimeTokenGenerationSuccessHandler
+        var lastToken: OneTimeToken? = null
 
         constructor() {
             this.delegate =
@@ -232,12 +253,9 @@ class OneTimeTokenLoginDslTests {
         }
 
         override fun handle(request: HttpServletRequest, response: HttpServletResponse, oneTimeToken: OneTimeToken) {
-            lastToken = oneTimeToken
+            this.lastToken = oneTimeToken
             delegate.handle(request, response, oneTimeToken)
         }
 
-        companion object {
-            var lastToken: OneTimeToken? = null
-        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ class OneTimeTokenLoginDslTests {`
`74`	`74`	`.redirectedUrl("/login/ott")`
`75`	`75`	`)`
`76`	`76`
`77`		`- val token = TestOneTimeTokenGenerationSuccessHandler.lastToken?.tokenValue`
	`77`	`+ val token = getLastToken().tokenValue`
`78`	`78`
`79`	`79`	`this.mockMvc.perform(`
`80`	`80`	`MockMvcRequestBuilders.post("/login/ott").param("token", token)`
`@@ -96,7 +96,7 @@ class OneTimeTokenLoginDslTests {`
`96`	`96`	`)`
`97`	`97`	`.andExpectAll(MockMvcResultMatchers.status().isFound(), MockMvcResultMatchers.redirectedUrl("/redirected"))`
`98`	`98`
`99`		`- val token = TestOneTimeTokenGenerationSuccessHandler.lastToken?.tokenValue`
	`99`	`+ val token = getLastToken().tokenValue`
`100`	`100`
`101`	`101`	`this.mockMvc.perform(`
`102`	`102`	`MockMvcRequestBuilders.post("/loginprocessingurl").param("token", token)`
`@@ -124,7 +124,7 @@ class OneTimeTokenLoginDslTests {`
`124`	`124`	`.redirectedUrl("/login/ott")`
`125`	`125`	`)`
`126`	`126`
`127`		`- val token = TestOneTimeTokenGenerationSuccessHandler.lastToken`
	`127`	`+ val token = getLastToken()`
`128`	`128`
`129`	`129`	`assertThat(getCurrentMinutes(token!!.expiresAt)).isEqualTo(10)`
`130`	`130`	`}`
`@@ -135,25 +135,36 @@ class OneTimeTokenLoginDslTests {`
`135`	`135`	`return expiresMinutes - currentMinutes`
`136`	`136`	`}`
`137`	`137`
	`138`	`+ private fun getLastToken(): OneTimeToken {`
	`139`	`+ val lastToken = spring.context`
	`140`	`+ .getBean(TestOneTimeTokenGenerationSuccessHandler::class.java).lastToken`
	`141`	`+ return lastToken!!`
	`142`	`+ }`
	`143`	`+`
`138`	`144`	`@Configuration`
`139`	`145`	`@EnableWebSecurity`
`140`	`146`	`@Import(UserDetailsServiceConfig::class)`
`141`	`147`	`open class OneTimeTokenConfig {`
`142`	`148`
`143`	`149`	`@Bean`
`144`		`- open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {`
	`150`	`+ open fun securityFilterChain(http: HttpSecurity, ottSuccessHandler: OneTimeTokenGenerationSuccessHandler): SecurityFilterChain {`
`145`	`151`	`// @formatter:off`
`146`	`152`	`http {`
`147`	`153`	`authorizeHttpRequests {`
`148`	`154`	`authorize(anyRequest, authenticated)`
`149`	`155`	`}`
`150`	`156`	`oneTimeTokenLogin {`
`151`		`- oneTimeTokenGenerationSuccessHandler = TestOneTimeTokenGenerationSuccessHandler()`
	`157`	`+ oneTimeTokenGenerationSuccessHandler = ottSuccessHandler`
`152`	`158`	`}`
`153`	`159`	`}`
`154`	`160`	`// @formatter:on`
`155`	`161`	`return http.build()`
`156`	`162`	`}`
	`163`	`+`
	`164`	`+ @Bean`
	`165`	`+ open fun ottSuccessHandler(): TestOneTimeTokenGenerationSuccessHandler {`
	`166`	`+ return TestOneTimeTokenGenerationSuccessHandler()`
	`167`	`+ }`
`157`	`168`	`}`
`158`	`169`
`159`	`170`	`@Configuration`
`@@ -162,14 +173,14 @@ class OneTimeTokenLoginDslTests {`
`162`	`173`	`open class OneTimeTokenConfigWithCustomTokenResolver {`
`163`	`174`
`164`	`175`	`@Bean`
`165`		`- open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {`
	`176`	`+ open fun securityFilterChain(http: HttpSecurity, ottSuccessHandler: OneTimeTokenGenerationSuccessHandler): SecurityFilterChain {`
`166`	`177`	`// @formatter:off`
`167`	`178`	`http {`
`168`	`179`	`authorizeHttpRequests {`
`169`	`180`	`authorize(anyRequest, authenticated)`
`170`	`181`	`}`
`171`	`182`	`oneTimeTokenLogin {`
`172`		`- oneTimeTokenGenerationSuccessHandler = TestOneTimeTokenGenerationSuccessHandler()`
	`183`	`+ oneTimeTokenGenerationSuccessHandler = ottSuccessHandler`
`173`	`184`	`generateRequestResolver = DefaultGenerateOneTimeTokenRequestResolver().apply {`
`174`	`185`	`this.setExpiresIn(Duration.ofMinutes(10))`
`175`	`186`	`}`
`@@ -179,6 +190,10 @@ class OneTimeTokenLoginDslTests {`
`179`	`190`	`return http.build()`
`180`	`191`	`}`
`181`	`192`
	`193`	`+ @Bean`
	`194`	`+ open fun ottSuccessHandler(): TestOneTimeTokenGenerationSuccessHandler {`
	`195`	`+ return TestOneTimeTokenGenerationSuccessHandler()`
	`196`	`+ }`
`182`	`197`
`183`	`198`	`}`
`184`	`199`
`@@ -187,22 +202,27 @@ class OneTimeTokenLoginDslTests {`
`187`	`202`	`@Import(UserDetailsServiceConfig::class)`
`188`	`203`	`open class OneTimeTokenDifferentUrlsConfig {`
`189`	`204`	`@Bean`
`190`		`- open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {`
	`205`	`+ open fun securityFilterChain(http: HttpSecurity, ottSuccessHandler: OneTimeTokenGenerationSuccessHandler): SecurityFilterChain {`
`191`	`206`	`// @formatter:off`
`192`	`207`	`http {`
`193`	`208`	`authorizeHttpRequests {`
`194`	`209`	`authorize(anyRequest, authenticated)`
`195`	`210`	`}`
`196`	`211`	`oneTimeTokenLogin {`
`197`	`212`	`tokenGeneratingUrl = "/generateurl"`
`198`		`- oneTimeTokenGenerationSuccessHandler = TestOneTimeTokenGenerationSuccessHandler("/redirected")`
	`213`	`+ oneTimeTokenGenerationSuccessHandler = ottSuccessHandler`
`199`	`214`	`loginProcessingUrl = "/loginprocessingurl"`
`200`	`215`	`authenticationSuccessHandler = SimpleUrlAuthenticationSuccessHandler("/authenticated")`
`201`	`216`	`}`
`202`	`217`	`}`
`203`	`218`	`// @formatter:on`
`204`	`219`	`return http.build()`
`205`	`220`	`}`
	`221`	`+`
	`222`	`+ @Bean`
	`223`	`+ open fun ottSuccessHandler(): TestOneTimeTokenGenerationSuccessHandler {`
	`224`	`+ return TestOneTimeTokenGenerationSuccessHandler("/redirected")`
	`225`	`+ }`
`206`	`226`	`}`
`207`	`227`
`208`	`228`	`@Configuration(proxyBeanMethods = false)`
`@@ -213,9 +233,10 @@ class OneTimeTokenLoginDslTests {`
`213`	`233`	`InMemoryUserDetailsManager(PasswordEncodedUser.user(), PasswordEncodedUser.admin())`
`214`	`234`	`}`
`215`	`235`
`216`		`- private class TestOneTimeTokenGenerationSuccessHandler :`
	`236`	`+ class TestOneTimeTokenGenerationSuccessHandler :`
`217`	`237`	`OneTimeTokenGenerationSuccessHandler {`
`218`	`238`	`private val delegate: OneTimeTokenGenerationSuccessHandler`
	`239`	`+ var lastToken: OneTimeToken? = null`
`219`	`240`
`220`	`241`	`constructor() {`
`221`	`242`	`this.delegate =`
`@@ -232,12 +253,9 @@ class OneTimeTokenLoginDslTests {`
`232`	`253`	`}`
`233`	`254`
`234`	`255`	`override fun handle(request: HttpServletRequest, response: HttpServletResponse, oneTimeToken: OneTimeToken) {`
`235`		`- lastToken = oneTimeToken`
	`256`	`+ this.lastToken = oneTimeToken`
`236`	`257`	`delegate.handle(request, response, oneTimeToken)`
`237`	`258`	`}`
`238`	`259`
`239`		`- companion object {`
`240`		`- var lastToken: OneTimeToken? = null`
`241`		`- }`
`242`	`260`	`}`
`243`	`261`	`}`