package org.springframework.security.config;

import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.List;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockAuthenticationEntryPoint;
import org.springframework.security.MockFilterChain;
import org.springframework.security.SecurityConfig;
import org.springframework.security.concurrent.ConcurrentLoginException;
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
import org.springframework.security.concurrent.ConcurrentSessionFilter;
import org.springframework.security.context.HttpSessionContextIntegrationFilter;
import org.springframework.security.firewall.DefaultHttpFirewall;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.anonymous.AnonymousProcessingFilter;
import org.springframework.security.securechannel.ChannelProcessingFilter;
import org.springframework.security.ui.ExceptionTranslationFilter;
import org.springframework.security.ui.SessionFixationProtectionFilter;
import org.springframework.security.ui.WebAuthenticationDetails;
import org.springframework.security.ui.basicauth.BasicProcessingFilter;
import org.springframework.security.ui.logout.LogoutFilter;
import org.springframework.security.ui.logout.LogoutHandler;
import org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter;
import org.springframework.security.ui.rememberme.NullRememberMeServices;
import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMeServices;
import org.springframework.security.ui.rememberme.RememberMeProcessingFilter;
import org.springframework.security.ui.rememberme.RememberMeServices;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
import org.springframework.security.util.FieldUtils;
import org.springframework.security.util.FilterChainProxy;
import org.springframework.security.util.InMemoryXmlApplicationContext;
import org.springframework.security.util.MockFilter;
import org.springframework.security.util.PortMapperImpl;
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.util.ReflectionUtils;

/* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.class */
public class HttpSecurityBeanDefinitionParserTests {
    private AbstractXmlApplicationContext appContext;

    @After
    public void closeAppContext() {
        if (this.appContext != null) {
            this.appContext.close();
            this.appContext = null;
        }
    }

    @Test
    public void minimalConfigurationParses() {
        setContext("<http><http-basic /></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
    }

    @Test
    public void httpAutoConfigSetsUpCorrectFilterList() throws Exception {
        setContext("<http auto-config='true' />    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        List filters = getFilters("/anyurl");
        checkAutoConfigFilters(filters);
        Assert.assertEquals(true, FieldUtils.getFieldValue(this.appContext.getBean(BeanIds.FILTER_CHAIN_PROXY), "stripQueryStringFromUrls"));
        Assert.assertEquals(true, FieldUtils.getFieldValue(filters.get(10), "objectDefinitionSource.stripQueryStringFromUrls"));
    }

    @Test(expected = BeanDefinitionParsingException.class)
    public void duplicateElementCausesError() throws Exception {
        setContext("<http auto-config='true' /><http auto-config='true' />    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
    }

    private void checkAutoConfigFilters(List list) throws Exception {
        Assert.assertEquals("Expected 11 filters in chain", 11L, list.size());
        Iterator it = list.iterator();
        Assert.assertTrue(it.next() instanceof HttpSessionContextIntegrationFilter);
        Assert.assertTrue(it.next() instanceof LogoutFilter);
        Object next = it.next();
        Assert.assertTrue(next instanceof AuthenticationProcessingFilter);
        Object fieldValue = FieldUtils.getFieldValue(next, "rememberMeServices");
        Assert.assertNotNull(fieldValue);
        Assert.assertTrue(fieldValue instanceof RememberMeServices);
        Assert.assertFalse(fieldValue instanceof NullRememberMeServices);
        Assert.assertTrue(it.next() instanceof DefaultLoginPageGeneratingFilter);
        Assert.assertTrue(it.next() instanceof BasicProcessingFilter);
        Assert.assertTrue(it.next() instanceof SecurityContextHolderAwareRequestFilter);
        Assert.assertTrue(it.next() instanceof RememberMeProcessingFilter);
        Assert.assertTrue(it.next() instanceof AnonymousProcessingFilter);
        Assert.assertTrue(it.next() instanceof ExceptionTranslationFilter);
        Assert.assertTrue(it.next() instanceof SessionFixationProtectionFilter);
        Object next2 = it.next();
        Assert.assertTrue(next2 instanceof FilterSecurityInterceptor);
        Assert.assertTrue(((FilterSecurityInterceptor) next2).isObserveOncePerRequest());
    }

    @Test
    public void filterListShouldBeEmptyForUnprotectedUrl() throws Exception {
        setContext("    <http auto-config='true'>        <intercept-url pattern='/unprotected' filters='none' />    </http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertTrue(getFilters("/unprotected").size() == 0);
    }

    @Test
    public void regexPathsWorkCorrectly() throws Exception {
        setContext("    <http auto-config='true' path-type='regex'>        <intercept-url pattern='\\A\\/[a-z]+' filters='none' />    </http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertEquals(0L, getFilters("/imlowercase").size());
        List filters = getFilters("/ImCaughtByTheUniversalMatchPattern");
        checkAutoConfigFilters(filters);
        Assert.assertEquals(false, FieldUtils.getFieldValue(this.appContext.getBean(BeanIds.FILTER_CHAIN_PROXY), "stripQueryStringFromUrls"));
        Assert.assertEquals(false, FieldUtils.getFieldValue(filters.get(10), "objectDefinitionSource.stripQueryStringFromUrls"));
    }

    @Test
    public void lowerCaseComparisonAttributeIsRespectedByFilterChainProxy() throws Exception {
        setContext("    <http auto-config='true' path-type='ant' lowercase-comparisons='false'>        <intercept-url pattern='/Secure*' filters='none' />    </http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertEquals(0L, getFilters("/Secure").size());
        checkAutoConfigFilters(getFilters("/secure"));
        checkAutoConfigFilters(getFilters("/ImCaughtByTheUniversalMatchPattern"));
    }

    @Test
    public void formLoginWithNoLoginPageAddsDefaultLoginPageFilter() throws Exception {
        setContext("<http auto-config='true' path-type='ant' lowercase-comparisons='false'>   <form-login /></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        checkAutoConfigFilters(getFilters("/anything"));
    }

    @Test
    public void formLoginAlwaysUseDefaultSetsCorrectProperty() throws Exception {
        setContext("<http>   <form-login default-target-url='/default' always-use-default-target='true' /></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        AuthenticationProcessingFilter authenticationProcessingFilter = (AuthenticationProcessingFilter) getFilters("/anything").get(1);
        Assert.assertEquals("/default", authenticationProcessingFilter.getDefaultTargetUrl());
        Assert.assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(authenticationProcessingFilter, "alwaysUseDefaultTargetUrl"));
    }

    @Test(expected = BeanCreationException.class)
    public void invalidLoginPageIsDetected() throws Exception {
        setContext("<http>   <form-login login-page='noLeadingSlash'/></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
    }

    @Test(expected = BeanCreationException.class)
    public void invalidDefaultTargetUrlIsDetected() throws Exception {
        setContext("<http>   <form-login default-target-url='noLeadingSlash'/></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
    }

    @Test(expected = BeanCreationException.class)
    public void invalidLogoutUrlIsDetected() throws Exception {
        setContext("<http>   <logout logout-url='noLeadingSlash'/>   <form-login /></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
    }

    @Test(expected = BeanCreationException.class)
    public void invalidLogoutSuccessUrlIsDetected() throws Exception {
        setContext("<http>   <logout logout-success-url='noLeadingSlash'/>   <form-login /></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
    }

    @Test
    public void lowerCaseComparisonIsRespectedBySecurityFilterInvocationDefinitionSource() throws Exception {
        setContext("    <http auto-config='true' path-type='ant' lowercase-comparisons='false'>        <intercept-url pattern='/Secure*' access='ROLE_A,ROLE_B' />        <intercept-url pattern='/**' access='ROLE_C' />    </http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        FilterInvocationDefinitionSource objectDefinitionSource = ((FilterSecurityInterceptor) this.appContext.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR)).getObjectDefinitionSource();
        ConfigAttributeDefinition attributes = objectDefinitionSource.getAttributes(createFilterinvocation("/Secure", null));
        Assert.assertEquals(2L, attributes.getConfigAttributes().size());
        Assert.assertTrue(attributes.contains(new SecurityConfig("ROLE_A")));
        Assert.assertTrue(attributes.contains(new SecurityConfig("ROLE_B")));
        ConfigAttributeDefinition attributes2 = objectDefinitionSource.getAttributes(createFilterinvocation("/secure", null));
        Assert.assertEquals(1L, attributes2.getConfigAttributes().size());
        Assert.assertTrue(attributes2.contains(new SecurityConfig("ROLE_C")));
    }

    @Test
    public void httpMethodMatchIsSupported() throws Exception {
        setContext("    <http auto-config='true'>        <intercept-url pattern='/**' access='ROLE_C' />        <intercept-url pattern='/secure*' method='DELETE' access='ROLE_SUPERVISOR' />        <intercept-url pattern='/secure*' method='POST' access='ROLE_A,ROLE_B' />    </http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        ConfigAttributeDefinition attributes = ((FilterSecurityInterceptor) this.appContext.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR)).getObjectDefinitionSource().getAttributes(createFilterinvocation("/secure", "POST"));
        Assert.assertEquals(2L, attributes.getConfigAttributes().size());
        Assert.assertTrue(attributes.contains(new SecurityConfig("ROLE_A")));
        Assert.assertTrue(attributes.contains(new SecurityConfig("ROLE_B")));
    }

    @Test
    public void oncePerRequestAttributeIsSupported() throws Exception {
        setContext("<http once-per-request='false'><http-basic /></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        List filters = getFilters("/someurl");
        Assert.assertFalse(((FilterSecurityInterceptor) filters.get(filters.size() - 1)).isObserveOncePerRequest());
    }

    @Test
    public void accessDeniedPageAttributeIsSupported() throws Exception {
        setContext("<http access-denied-page='/access-denied'><http-basic /></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        List filters = getFilters("/someurl");
        Assert.assertEquals("/access-denied", FieldUtils.getFieldValue((ExceptionTranslationFilter) filters.get(filters.size() - 3), "accessDeniedHandler.errorPage"));
    }

    @Test(expected = BeanCreationException.class)
    public void invalidAccessDeniedUrlIsDetected() throws Exception {
        setContext("<http auto-config='true' access-denied-page='noLeadingSlash'/>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
    }

    @Test
    public void interceptUrlWithRequiresChannelAddsChannelFilterToStack() throws Exception {
        setContext("    <http auto-config='true'>        <intercept-url pattern='/**' requires-channel='https' />    </http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        List filters = getFilters("/someurl");
        Assert.assertEquals("Expected 12 filters in chain", 12L, filters.size());
        Assert.assertTrue(filters.get(0) instanceof ChannelProcessingFilter);
    }

    @Test
    public void portMappingsAreParsedCorrectly() throws Exception {
        setContext("    <http auto-config='true'>        <port-mappings>            <port-mapping http='9080' https='9443'/>        </port-mappings>    </http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        PortMapperImpl portMapperImpl = (PortMapperImpl) this.appContext.getBean(BeanIds.PORT_MAPPER);
        Assert.assertEquals(1L, portMapperImpl.getTranslatedPortMappings().size());
        Assert.assertEquals(9080, portMapperImpl.lookupHttpPort(9443));
        Assert.assertEquals(9443, portMapperImpl.lookupHttpsPort(9080));
    }

    @Test
    public void portMappingsWorkWithPlaceholders() throws Exception {
        System.setProperty("http", "9080");
        System.setProperty(PortMappingsBeanDefinitionParser.ATT_HTTPS_PORT, "9443");
        setContext("    <b:bean id='configurer' class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>    <http auto-config='true'>        <port-mappings>            <port-mapping http='${http}' https='${https}'/>        </port-mappings>    </http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        PortMapperImpl portMapperImpl = (PortMapperImpl) this.appContext.getBean(BeanIds.PORT_MAPPER);
        Assert.assertEquals(1L, portMapperImpl.getTranslatedPortMappings().size());
        Assert.assertEquals(9080, portMapperImpl.lookupHttpPort(9443));
        Assert.assertEquals(9443, portMapperImpl.lookupHttpsPort(9080));
    }

    @Test
    public void accessDeniedPageWorkWithPlaceholders() throws Exception {
        System.setProperty("accessDenied", "/go-away");
        setContext("    <b:bean id='configurer' class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>    <http auto-config='true' access-denied-page='${accessDenied}'/>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertEquals("/go-away", FieldUtils.getFieldValue((ExceptionTranslationFilter) this.appContext.getBean(BeanIds.EXCEPTION_TRANSLATION_FILTER), "accessDeniedHandler.errorPage"));
    }

    @Test
    public void externalFiltersAreTreatedCorrectly() throws Exception {
        setContext("<http auto-config='true'/>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider><b:bean id='userFilter' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>    <custom-filter after='LOGOUT_FILTER'/></b:bean><b:bean id='userFilter1' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>    <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER'/></b:bean><b:bean id='userFilter2' class='org.springframework.security.util.MockFilter'>    <custom-filter position='FIRST'/></b:bean><b:bean id='userFilter3' class='org.springframework.security.util.MockFilter'/><b:bean id='userFilter4' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'/>");
        List filters = getFilters("/someurl");
        Assert.assertEquals(14L, filters.size());
        Assert.assertTrue(filters.get(0) instanceof MockFilter);
        Assert.assertTrue(filters.get(1) instanceof SecurityContextHolderAwareRequestFilter);
        Assert.assertTrue(filters.get(4) instanceof SecurityContextHolderAwareRequestFilter);
    }

    @Test(expected = BeanCreationException.class)
    public void twoFiltersWithSameOrderAreRejected() {
        setContext("<http auto-config='true'/>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider><b:bean id='userFilter' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>    <custom-filter position='LOGOUT_FILTER'/></b:bean>");
    }

    @Test
    public void rememberMeServiceWorksWithTokenRepoRef() {
        setContext("<http auto-config='true'>    <remember-me token-repository-ref='tokenRepo'/></http><b:bean id='tokenRepo' class='org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl'/>     <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertTrue(this.appContext.getBean(BeanIds.REMEMBER_ME_SERVICES) instanceof PersistentTokenBasedRememberMeServices);
    }

    @Test
    public void rememberMeServiceWorksWithDataSourceRef() {
        setContext("<http auto-config='true'>    <remember-me data-source-ref='ds'/></http><b:bean id='ds' class='org.springframework.security.TestDataSource'>     <b:constructor-arg value='tokendb'/></b:bean>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertTrue(this.appContext.getBean(BeanIds.REMEMBER_ME_SERVICES) instanceof PersistentTokenBasedRememberMeServices);
    }

    @Test
    public void rememberMeServiceWorksWithExternalServicesImpl() throws Exception {
        setContext("<http auto-config='true'>    <remember-me key='ourkey' services-ref='rms'/></http><b:bean id='rms' class='org.springframework.security.ui.rememberme.TokenBasedRememberMeServices'>     <b:property name='userDetailsService' ref='us'/>    <b:property name='key' value='ourkey'/>    <b:property name='tokenValiditySeconds' value='5000'/></b:bean>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertEquals(5000, FieldUtils.getFieldValue(this.appContext.getBean(BeanIds.REMEMBER_ME_SERVICES), "tokenValiditySeconds"));
        LogoutHandler[] logoutHandlerArr = (LogoutHandler[]) FieldUtils.getFieldValue(this.appContext.getBean(BeanIds.LOGOUT_FILTER), "handlers");
        Assert.assertEquals(2L, logoutHandlerArr.length);
        Assert.assertEquals(this.appContext.getBean(BeanIds.REMEMBER_ME_SERVICES), logoutHandlerArr[1]);
    }

    @Test
    public void rememberMeTokenValidityIsParsedCorrectly() throws Exception {
        setContext("<http auto-config='true'>    <remember-me key='ourkey' token-validity-seconds='10000' /></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertEquals(10000, FieldUtils.getFieldValue(this.appContext.getBean(BeanIds.REMEMBER_ME_SERVICES), "tokenValiditySeconds"));
    }

    @Test
    public void rememberMeServiceConfigurationParsesWithCustomUserService() {
        setContext("<http auto-config='true'>    <remember-me key='somekey' user-service-ref='userService'/></http><b:bean id='userService' class='org.springframework.security.userdetails.MockUserDetailsService'/>     <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
    }

    @Test
    public void x509SupportAddsFilterAtExpectedPosition() throws Exception {
        setContext("<http auto-config='true'>    <x509 /></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertTrue(getFilters("/someurl").get(2) instanceof X509PreAuthenticatedProcessingFilter);
    }

    @Test
    public void concurrentSessionSupportAddsFilterAndExpectedBeans() throws Exception {
        setContext("<http auto-config='true'>    <concurrent-session-control session-registry-alias='seshRegistry' expired-url='/expired'/></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertTrue(getFilters("/someurl").get(0) instanceof ConcurrentSessionFilter);
        Assert.assertNotNull(this.appContext.getBean("seshRegistry"));
        Assert.assertNotNull(this.appContext.getBean(BeanIds.CONCURRENT_SESSION_CONTROLLER));
    }

    @Test
    public void externalSessionRegistryBeanIsConfiguredCorrectly() throws Exception {
        setContext("<http auto-config='true'>    <concurrent-session-control session-registry-ref='seshRegistry' /></http><b:bean id='seshRegistry' class='org.springframework.security.concurrent.SessionRegistryImpl'/>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Object bean = this.appContext.getBean("seshRegistry");
        Object fieldValue = FieldUtils.getFieldValue(this.appContext.getBean(BeanIds.CONCURRENT_SESSION_FILTER), "sessionRegistry");
        Object fieldValue2 = FieldUtils.getFieldValue(this.appContext.getBean(BeanIds.CONCURRENT_SESSION_CONTROLLER), "sessionRegistry");
        Object fieldValue3 = FieldUtils.getFieldValue(this.appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER), "sessionRegistry");
        Assert.assertSame(bean, fieldValue);
        Assert.assertSame(bean, fieldValue2);
        Assert.assertSame(bean, fieldValue3);
    }

    @Test(expected = BeanDefinitionParsingException.class)
    public void concurrentSessionSupportCantBeUsedWithIndependentControllerBean() throws Exception {
        setContext("<authentication-manager alias='authManager' session-controller-ref='sc'/><http auto-config='true'>    <concurrent-session-control session-registry-alias='seshRegistry' expired-url='/expired'/></http><b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>  <b:property name='sessionRegistry'>    <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>  </b:property></b:bean>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
    }

    @Test(expected = BeanDefinitionParsingException.class)
    public void concurrentSessionSupportCantBeUsedWithIndependentControllerBean2() throws Exception {
        setContext("<http auto-config='true'>    <concurrent-session-control session-registry-alias='seshRegistry' expired-url='/expired'/></http><b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>  <b:property name='sessionRegistry'>    <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>  </b:property></b:bean><authentication-manager alias='authManager' session-controller-ref='sc'/>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
    }

    @Test(expected = ConcurrentLoginException.class)
    public void concurrentSessionMaxSessionsIsCorrectlyConfigured() throws Exception {
        setContext("<http auto-config='true'>    <concurrent-session-control max-sessions='2' exception-if-maximum-exceeded='true' /></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        ConcurrentSessionControllerImpl concurrentSessionControllerImpl = (ConcurrentSessionControllerImpl) this.appContext.getBean(BeanIds.CONCURRENT_SESSION_CONTROLLER);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("bob", "pass");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setSession(new MockHttpSession());
        usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(mockHttpServletRequest));
        try {
            concurrentSessionControllerImpl.checkAuthenticationAllowed(usernamePasswordAuthenticationToken);
        } catch (ConcurrentLoginException e) {
            Assert.fail("First login should be allowed");
        }
        concurrentSessionControllerImpl.registerSuccessfulAuthentication(usernamePasswordAuthenticationToken);
        mockHttpServletRequest.setSession(new MockHttpSession());
        try {
            concurrentSessionControllerImpl.checkAuthenticationAllowed(usernamePasswordAuthenticationToken);
        } catch (ConcurrentLoginException e2) {
            Assert.fail("Second login should be allowed");
        }
        usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(mockHttpServletRequest));
        concurrentSessionControllerImpl.registerSuccessfulAuthentication(usernamePasswordAuthenticationToken);
        mockHttpServletRequest.setSession(new MockHttpSession());
        usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(mockHttpServletRequest));
        concurrentSessionControllerImpl.checkAuthenticationAllowed(usernamePasswordAuthenticationToken);
    }

    @Test
    public void customEntryPointIsSupported() throws Exception {
        setContext("<http auto-config='true' entry-point-ref='entryPoint'/><b:bean id='entryPoint' class='org.springframework.security.MockAuthenticationEntryPoint'>    <b:constructor-arg value='/customlogin'/></b:bean>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertTrue("ExceptionTranslationFilter should be configured with custom entry point", ((ExceptionTranslationFilter) getFilters("/someurl").get(8)).getAuthenticationEntryPoint() instanceof MockAuthenticationEntryPoint);
    }

    @Test
    public void rememberMeServicesWorksWithoutBasicProcessingFilter() {
        setContext("    <http>        <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>        <logout logout-success-url='/login.jsp'/>        <anonymous username='guest' granted-authority='guest'/>        <remember-me />    </http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
    }

    @Test
    public void disablingSessionProtectionRemovesFilter() throws Exception {
        setContext("<http auto-config='true' session-fixation-protection='none'/>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertFalse(getFilters("/someurl").get(1) instanceof SessionFixationProtectionFilter);
    }

    @Test
    public void httpElementDoesntInterfereWithBeanPostProcessing() {
        setContext("<http auto-config='true'/><authentication-provider user-service-ref='myUserService'/><b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/><b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>");
        Assert.assertEquals("Hello from the post processor!", ((PostProcessedMockUserDetailsService) this.appContext.getBean("myUserService")).getPostProcessorWasHere());
    }

    @Test
    public void unprotectedLoginPageDoesntResultInWarning() {
        setContext("    <http>        <intercept-url pattern='/login.jsp*' access='IS_AUTHENTICATED_ANONYMOUSLY'/>        <intercept-url pattern='/**' access='ROLE_A'/>        <anonymous />        <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>    </http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        closeAppContext();
        setContext("    <http>        <intercept-url pattern='/login.jsp*' filters='none'/>        <intercept-url pattern='/**' access='ROLE_A'/>        <anonymous />        <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>    </http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
    }

    @Test
    public void protectedLoginPageResultsInWarning() {
        setContext("    <http>        <intercept-url pattern='/**' access='ROLE_A'/>        <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>    </http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        closeAppContext();
        setContext("    <http>        <intercept-url pattern='/**' access='ROLE_A'/>        <anonymous />        <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>    </http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
    }

    @Test
    public void settingCreateSessionToAlwaysSetsFilterPropertiesCorrectly() throws Exception {
        setContext("<http auto-config='true' create-session='always'/>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(this.appContext.getBean(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER), "forceEagerSessionCreation"));
        Assert.assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(this.appContext.getBean(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER), "allowSessionCreation"));
    }

    @Test
    public void settingCreateSessionToNeverSetsFilterPropertiesCorrectly() throws Exception {
        setContext("<http auto-config='true' create-session='never'/>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        Assert.assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(this.appContext.getBean(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER), "forceEagerSessionCreation"));
        Assert.assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(this.appContext.getBean(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER), "allowSessionCreation"));
    }

    @Test
    public void supportsTwoIdenticalInterceptUrls() {
        setContext("<http auto-config='true'>    <intercept-url pattern='/someurl' access='ROLE_A'/>    <intercept-url pattern='/someurl' access='ROLE_B'/></http>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        ConfigAttributeDefinition attributes = ((FilterSecurityInterceptor) this.appContext.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR)).getObjectDefinitionSource().getAttributes(createFilterinvocation("/someurl", null));
        Assert.assertEquals(1L, attributes.getConfigAttributes().size());
        Assert.assertTrue(attributes.contains(new SecurityConfig("ROLE_B")));
    }

    @Test
    public void httpFirewallInjectionIsSupported() throws Exception {
        setContext("<http-firewall ref='fw'/><http>   <form-login /></http><b:bean id='fw' class='" + DefaultHttpFirewall.class.getName() + "'/>" + ConfigTestUtils.AUTH_PROVIDER_XML);
        Assert.assertSame(this.appContext.getBean("fw"), FieldUtils.getFieldValue((FilterChainProxy) this.appContext.getBean(BeanIds.FILTER_CHAIN_PROXY), "firewall"));
    }

    private void setContext(String str) {
        this.appContext = new InMemoryXmlApplicationContext(str);
    }

    private List getFilters(String str) throws Exception {
        FilterChainProxy filterChainProxy = (FilterChainProxy) this.appContext.getBean(BeanIds.FILTER_CHAIN_PROXY);
        Method declaredMethod = filterChainProxy.getClass().getDeclaredMethod("getFilters", String.class);
        declaredMethod.setAccessible(true);
        return (List) ReflectionUtils.invokeMethod(declaredMethod, filterChainProxy, new Object[]{str});
    }

    private FilterInvocation createFilterinvocation(String str, String str2) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setMethod(str2);
        mockHttpServletRequest.setRequestURI((String) null);
        mockHttpServletRequest.setServletPath(str);
        return new FilterInvocation(mockHttpServletRequest, new MockHttpServletResponse(), new MockFilterChain());
    }
}
