package org.springframework.security.config.http;

import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.concurrent.ConcurrentLoginException;
import org.springframework.security.authentication.concurrent.ConcurrentSessionController;
import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
import org.springframework.security.authentication.concurrent.SessionRegistryImpl;
import org.springframework.security.config.ConfigTestUtils;
import org.springframework.security.config.PostProcessedMockUserDetailsService;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.openid.OpenID4JavaConsumer;
import org.springframework.security.openid.OpenIDAttribute;
import org.springframework.security.openid.OpenIDAuthenticationProcessingFilter;
import org.springframework.security.openid.OpenIDAuthenticationProvider;
import org.springframework.security.util.FieldUtils;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.PortMapperImpl;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AnonymousProcessingFilter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.authentication.concurrent.ConcurrentSessionFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
import org.springframework.security.web.authentication.rememberme.RememberMeProcessingFilter;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
import org.springframework.security.web.session.SessionManagementFilter;
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.util.ReflectionUtils;

/* loaded from: input_file:org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.class */
public class HttpSecurityBeanDefinitionParserTests {
    private static final int AUTO_CONFIG_FILTERS = 11;
    private AbstractXmlApplicationContext appContext;

    /* loaded from: input_file:org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests$MockEntryPoint.class */
    private static class MockEntryPoint extends LoginUrlAuthenticationEntryPoint {
        public MockEntryPoint() {
            super.setLoginFormUrl("/notused");
        }
    }

    @After
    public void closeAppContext() {
        if (this.appContext != null) {
            this.appContext.close();
            this.appContext = null;
        }
        SecurityContextHolder.clearContext();
    }

    @Test
    public void minimalConfigurationParses() {
        setContext("<http><http-basic /></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
    }

    @Test
    public void beanClassNamesAreCorrect() throws Exception {
        Assert.assertEquals(DefaultWebSecurityExpressionHandler.class.getName(), "org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler");
        Assert.assertEquals(ExpressionBasedFilterInvocationSecurityMetadataSource.class.getName(), "org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource");
        Assert.assertEquals(UsernamePasswordAuthenticationProcessingFilter.class.getName(), "org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter");
        Assert.assertEquals(OpenIDAuthenticationProcessingFilter.class.getName(), "org.springframework.security.openid.OpenIDAuthenticationProcessingFilter");
        Assert.assertEquals(OpenIDAuthenticationProvider.class.getName(), "org.springframework.security.openid.OpenIDAuthenticationProvider");
    }

    @Test
    public void httpAutoConfigSetsUpCorrectFilterList() throws Exception {
        setContext("<http auto-config='true' /><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        List<Filter> filters = getFilters("/anyurl");
        checkAutoConfigFilters(filters);
        Assert.assertEquals(true, FieldUtils.getFieldValue(this.appContext.getBean("_filterChainProxy"), "stripQueryStringFromUrls"));
        Assert.assertEquals(true, FieldUtils.getFieldValue(filters.get(10), "securityMetadataSource.stripQueryStringFromUrls"));
    }

    @Test(expected = BeanDefinitionParsingException.class)
    public void duplicateElementCausesError() throws Exception {
        setContext("<http auto-config='true' /><http auto-config='true' /><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
    }

    private void checkAutoConfigFilters(List<Filter> list) throws Exception {
        Iterator<Filter> it = list.iterator();
        Assert.assertTrue(it.next() instanceof SecurityContextPersistenceFilter);
        Assert.assertTrue(it.next() instanceof LogoutFilter);
        Assert.assertTrue(it.next() instanceof UsernamePasswordAuthenticationProcessingFilter);
        Assert.assertTrue(it.next() instanceof DefaultLoginPageGeneratingFilter);
        Assert.assertTrue(it.next() instanceof BasicProcessingFilter);
        Assert.assertTrue(it.next() instanceof RequestCacheAwareFilter);
        Assert.assertTrue(it.next() instanceof SecurityContextHolderAwareRequestFilter);
        Assert.assertTrue(it.next() instanceof AnonymousProcessingFilter);
        Assert.assertTrue(it.next() instanceof ExceptionTranslationFilter);
        Assert.assertTrue(it.next() instanceof SessionManagementFilter);
        FilterSecurityInterceptor next = it.next();
        Assert.assertTrue(next instanceof FilterSecurityInterceptor);
        Assert.assertTrue(next.isObserveOncePerRequest());
    }

    @Test
    public void filterListShouldBeEmptyForUnprotectedUrl() throws Exception {
        setContext("    <http auto-config='true'>        <intercept-url pattern='/unprotected' filters='none' />    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertTrue(getFilters("/unprotected").size() == 0);
    }

    @Test
    public void regexPathsWorkCorrectly() throws Exception {
        setContext("    <http auto-config='true' path-type='regex'>        <intercept-url pattern='\\A\\/[a-z]+' filters='none' />    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertEquals(0L, getFilters("/imlowercase").size());
        List<Filter> filters = getFilters("/ImCaughtByTheUniversalMatchPattern");
        checkAutoConfigFilters(filters);
        Assert.assertEquals(false, FieldUtils.getFieldValue(this.appContext.getBean("_filterChainProxy"), "stripQueryStringFromUrls"));
        Assert.assertEquals(false, FieldUtils.getFieldValue(filters.get(10), "securityMetadataSource.stripQueryStringFromUrls"));
    }

    @Test
    public void lowerCaseComparisonAttributeIsRespectedByFilterChainProxy() throws Exception {
        setContext("    <http auto-config='true' path-type='ant' lowercase-comparisons='false'>        <intercept-url pattern='/Secure*' filters='none' />    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertEquals(0L, getFilters("/Secure").size());
        checkAutoConfigFilters(getFilters("/secure"));
        checkAutoConfigFilters(getFilters("/ImCaughtByTheUniversalMatchPattern"));
    }

    @Test
    public void formLoginWithNoLoginPageAddsDefaultLoginPageFilter() throws Exception {
        setContext("<http auto-config='true' path-type='ant' lowercase-comparisons='false'>   <form-login /></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        checkAutoConfigFilters(getFilters("/anything"));
    }

    @Test
    public void formLoginAlwaysUseDefaultSetsCorrectProperty() throws Exception {
        setContext("<http>   <form-login default-target-url='/default' always-use-default-target='true' /></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        UsernamePasswordAuthenticationProcessingFilter usernamePasswordAuthenticationProcessingFilter = getFilters("/anything").get(1);
        Assert.assertEquals("/default", FieldUtils.getFieldValue(usernamePasswordAuthenticationProcessingFilter, "successHandler.defaultTargetUrl"));
        Assert.assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(usernamePasswordAuthenticationProcessingFilter, "successHandler.alwaysUseDefaultTargetUrl"));
    }

    @Test
    public void anonymousFilterIsAddedByDefault() throws Exception {
        setContext("<http>   <form-login /></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertThat(getFilters("/anything").get(5), Matchers.instanceOf(AnonymousProcessingFilter.class));
    }

    @Test
    public void anonymousFilterIsRemovedIfDisabledFlagSet() throws Exception {
        setContext("<http>   <form-login />   <anonymous enabled='false'/></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertThat(getFilters("/anything").get(5), Matchers.not(Matchers.instanceOf(AnonymousProcessingFilter.class)));
    }

    @Test(expected = BeanCreationException.class)
    public void invalidLoginPageIsDetected() throws Exception {
        setContext("<http>   <form-login login-page='noLeadingSlash'/></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
    }

    @Test(expected = BeanCreationException.class)
    public void invalidDefaultTargetUrlIsDetected() throws Exception {
        setContext("<http>   <form-login default-target-url='noLeadingSlash'/></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
    }

    @Test(expected = BeanCreationException.class)
    public void invalidLogoutUrlIsDetected() throws Exception {
        setContext("<http>   <logout logout-url='noLeadingSlash'/>   <form-login /></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
    }

    @Test(expected = BeanCreationException.class)
    public void invalidLogoutSuccessUrlIsDetected() throws Exception {
        setContext("<http>   <logout logout-success-url='noLeadingSlash'/>   <form-login /></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
    }

    @Test
    public void lowerCaseComparisonIsRespectedBySecurityFilterInvocationDefinitionSource() throws Exception {
        setContext("    <http auto-config='true' path-type='ant' lowercase-comparisons='false'>        <intercept-url pattern='/Secure*' access='ROLE_A,ROLE_B' />        <intercept-url pattern='/**' access='ROLE_C' />    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        FilterInvocationSecurityMetadataSource securityMetadataSource = ((FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class)).getSecurityMetadataSource();
        List attributes = securityMetadataSource.getAttributes(createFilterinvocation("/Secure", null));
        Assert.assertEquals(2L, attributes.size());
        Assert.assertTrue(attributes.contains(new SecurityConfig("ROLE_A")));
        Assert.assertTrue(attributes.contains(new SecurityConfig("ROLE_B")));
        List attributes2 = securityMetadataSource.getAttributes(createFilterinvocation("/secure", null));
        Assert.assertEquals(1L, attributes2.size());
        Assert.assertTrue(attributes2.contains(new SecurityConfig("ROLE_C")));
    }

    @Test
    public void httpMethodMatchIsSupported() throws Exception {
        setContext("    <http auto-config='true'>        <intercept-url pattern='/**' access='ROLE_C' />        <intercept-url pattern='/secure*' method='DELETE' access='ROLE_SUPERVISOR' />        <intercept-url pattern='/secure*' method='POST' access='ROLE_A,ROLE_B' />    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        List attributes = ((FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class)).getSecurityMetadataSource().getAttributes(createFilterinvocation("/secure", "POST"));
        Assert.assertEquals(2L, attributes.size());
        Assert.assertTrue(attributes.contains(new SecurityConfig("ROLE_A")));
        Assert.assertTrue(attributes.contains(new SecurityConfig("ROLE_B")));
    }

    @Test
    public void oncePerRequestAttributeIsSupported() throws Exception {
        setContext("<http once-per-request='false'><http-basic /></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        List<Filter> filters = getFilters("/someurl");
        Assert.assertFalse(filters.get(filters.size() - 1).isObserveOncePerRequest());
    }

    @Test
    public void accessDeniedPageAttributeIsSupported() throws Exception {
        setContext("<http access-denied-page='/access-denied'><http-basic /></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        List<Filter> filters = getFilters("/someurl");
        Assert.assertEquals("/access-denied", FieldUtils.getFieldValue(filters.get(filters.size() - 3), "accessDeniedHandler.errorPage"));
    }

    @Test(expected = BeanCreationException.class)
    public void invalidAccessDeniedUrlIsDetected() throws Exception {
        setContext("<http auto-config='true' access-denied-page='noLeadingSlash'/><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
    }

    @Test
    public void interceptUrlWithRequiresChannelAddsChannelFilterToStack() throws Exception {
        setContext("    <http auto-config='true'>        <intercept-url pattern='/**' requires-channel='https' />    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        List<Filter> filters = getFilters("/someurl");
        Assert.assertEquals("Expected 12  filters in chain", 12L, filters.size());
        Assert.assertTrue(filters.get(0) instanceof ChannelProcessingFilter);
    }

    @Test
    public void portMappingsAreParsedCorrectly() throws Exception {
        setContext("    <http auto-config='true'>        <port-mappings>            <port-mapping http='9080' https='9443'/>        </port-mappings>    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        PortMapperImpl portMapper = getPortMapper();
        Assert.assertEquals(1L, portMapper.getTranslatedPortMappings().size());
        Assert.assertEquals(9080, portMapper.lookupHttpPort(9443));
        Assert.assertEquals(9443, portMapper.lookupHttpsPort(9080));
    }

    @Test
    public void portMappingsWorkWithPlaceholders() throws Exception {
        System.setProperty("http", "9080");
        System.setProperty("https", "9443");
        setContext("    <b:bean id='configurer' class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>    <http auto-config='true'>        <port-mappings>            <port-mapping http='${http}' https='${https}'/>        </port-mappings>    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        PortMapperImpl portMapper = getPortMapper();
        Assert.assertEquals(1L, portMapper.getTranslatedPortMappings().size());
        Assert.assertEquals(9080, portMapper.lookupHttpPort(9443));
        Assert.assertEquals(9443, portMapper.lookupHttpsPort(9080));
    }

    private PortMapperImpl getPortMapper() {
        return (PortMapperImpl) new ArrayList(this.appContext.getBeansOfType(PortMapperImpl.class).values()).get(0);
    }

    @Test
    public void accessDeniedPageWorkWithPlaceholders() throws Exception {
        System.setProperty("accessDenied", "/go-away");
        setContext("    <b:bean id='configurer' class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>    <http auto-config='true' access-denied-page='${accessDenied}'/><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertEquals("/go-away", FieldUtils.getFieldValue((ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class), "accessDeniedHandler.errorPage"));
    }

    @Test
    public void accessDeniedHandlerPageIsSetCorectly() throws Exception {
        setContext("    <http auto-config='true'>        <access-denied-handler error-page='/go-away'/>    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertEquals("/go-away", FieldUtils.getFieldValue((ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class), "accessDeniedHandler.errorPage"));
    }

    @Test
    public void accessDeniedHandlerIsSetCorectly() throws Exception {
        setContext("    <b:bean id='adh' class='" + AccessDeniedHandlerImpl.class.getName() + "'/>    <http auto-config='true'>        <access-denied-handler ref='adh'/>    </http>" + ConfigTestUtils.AUTH_PROVIDER_XML);
        Assert.assertSame((AccessDeniedHandlerImpl) this.appContext.getBean("adh"), FieldUtils.getFieldValue((ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class), "accessDeniedHandler"));
    }

    @Test(expected = BeanDefinitionParsingException.class)
    public void accessDeniedHandlerAndAccessDeniedHandlerAreMutuallyExclusive() throws Exception {
        setContext("    <http auto-config='true' access-denied-page='/go-away'>        <access-denied-handler error-page='/go-away'/>    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertEquals("/go-away", FieldUtils.getFieldValue((ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class), "accessDeniedHandler.errorPage"));
    }

    @Test(expected = BeanDefinitionParsingException.class)
    public void accessDeniedHandlerPageAndRefAreMutuallyExclusive() throws Exception {
        setContext("    <b:bean id='adh' class='" + AccessDeniedHandlerImpl.class.getName() + "'/>    <http auto-config='true'>        <access-denied-handler error-page='/go-away' ref='adh'/>    </http>" + ConfigTestUtils.AUTH_PROVIDER_XML);
        Assert.assertEquals("/go-away", FieldUtils.getFieldValue((ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class), "accessDeniedHandler.errorPage"));
    }

    @Test
    public void externalFiltersAreTreatedCorrectly() throws Exception {
        String name = SecurityContextHolderAwareRequestFilter.class.getName();
        String name2 = SecurityContextPersistenceFilter.class.getName();
        setContext("<http auto-config='true'>    <custom-filter position='FIRST' ref='userFilter1' />    <custom-filter after='LOGOUT_FILTER' ref='userFilter' />    <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER' ref='userFilter3'/></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager><b:bean id='userFilter' class='" + name + "'/><b:bean id='userFilter1' class='" + name2 + "'/><b:bean id='userFilter2' class='" + name2 + "'/><b:bean id='userFilter3' class='" + name2 + "'/><b:bean id='userFilter4' class='" + name + "'/>");
        List<Filter> filters = getFilters("/someurl");
        Assert.assertEquals(14L, filters.size());
        Assert.assertTrue(filters.get(0) instanceof SecurityContextPersistenceFilter);
        Assert.assertTrue(filters.get(1) instanceof SecurityContextPersistenceFilter);
        Assert.assertTrue(filters.get(4) instanceof SecurityContextHolderAwareRequestFilter);
    }

    @Test(expected = BeanDefinitionParsingException.class)
    public void twoFiltersWithSameOrderAreRejected() {
        setContext("<http auto-config='true'>    <custom-filter position='LOGOUT_FILTER' ref='userFilter'/></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager><b:bean id='userFilter' class='" + SecurityContextHolderAwareRequestFilter.class.getName() + "'/>");
    }

    @Test
    public void rememberMeServiceWorksWithTokenRepoRef() throws Exception {
        setContext("<http auto-config='true'>    <remember-me token-repository-ref='tokenRepo'/></http><b:bean id='tokenRepo' class='" + InMemoryTokenRepositoryImpl.class.getName() + "'/> " + ConfigTestUtils.AUTH_PROVIDER_XML);
        Assert.assertTrue(getRememberMeServices() instanceof PersistentTokenBasedRememberMeServices);
    }

    @Test
    public void rememberMeServiceWorksWithDataSourceRef() throws Exception {
        setContext("<http auto-config='true'>    <remember-me data-source-ref='ds'/></http><b:bean id='ds' class='org.springframework.security.TestDataSource'>     <b:constructor-arg value='tokendb'/></b:bean><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertTrue(getRememberMeServices() instanceof PersistentTokenBasedRememberMeServices);
    }

    @Test
    public void rememberMeServiceWorksWithExternalServicesImpl() throws Exception {
        setContext("<http auto-config='true'>    <remember-me key='ourkey' services-ref='rms'/></http><b:bean id='rms' class='" + TokenBasedRememberMeServices.class.getName() + "'>     <b:property name='userDetailsService' ref='us'/>    <b:property name='key' value='ourkey'/>    <b:property name='tokenValiditySeconds' value='5000'/></b:bean>" + ConfigTestUtils.AUTH_PROVIDER_XML);
        Assert.assertEquals(5000, FieldUtils.getFieldValue(getRememberMeServices(), "tokenValiditySeconds"));
        List list = (List) FieldUtils.getFieldValue(getFilter(LogoutFilter.class), "handlers");
        Assert.assertEquals(2L, list.size());
        Assert.assertEquals(getRememberMeServices(), list.get(1));
    }

    @Test
    public void rememberMeTokenValidityIsParsedCorrectly() throws Exception {
        setContext("<http auto-config='true'>    <remember-me key='ourkey' token-validity-seconds='10000' /></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertEquals(10000, FieldUtils.getFieldValue(getRememberMeServices(), "tokenValiditySeconds"));
    }

    @Test
    public void rememberMeTokenValidityAllowsNegativeValueForNonPersistentImplementation() throws Exception {
        setContext("<http auto-config='true'>    <remember-me key='ourkey' token-validity-seconds='-1' /></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertEquals(-1, FieldUtils.getFieldValue(getRememberMeServices(), "tokenValiditySeconds"));
    }

    @Test(expected = BeanDefinitionParsingException.class)
    public void rememberMeTokenValidityRejectsNegativeValueForPersistentImplementation() throws Exception {
        setContext("<http auto-config='true'>    <remember-me token-validity-seconds='-1' token-repository-ref='tokenRepo'/></http><b:bean id='tokenRepo' class='org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl'/> <authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
    }

    @Test
    public void rememberMeServiceConfigurationParsesWithCustomUserService() {
        setContext("<http auto-config='true'>    <remember-me key='somekey' user-service-ref='userService'/></http><b:bean id='userService' class='org.springframework.security.core.userdetails.MockUserDetailsService'/> <authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
    }

    @Test
    public void x509SupportAddsFilterAtExpectedPosition() throws Exception {
        setContext("<http auto-config='true'>    <x509 /></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertTrue(getFilters("/someurl").get(2) instanceof X509PreAuthenticatedProcessingFilter);
    }

    @Test
    public void x509SubjectPrincipalRegexCanBeSetUsingPropertyPlaceholder() throws Exception {
        System.setProperty("subject-principal-regex", "uid=(.*),");
        setContext("<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/><http auto-config='true'>    <x509 subject-principal-regex='${subject-principal-regex}'/></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertEquals("uid=(.*),", ((Pattern) FieldUtils.getFieldValue((SubjectDnX509PrincipalExtractor) FieldUtils.getFieldValue(getFilters("/someurl").get(2), "principalExtractor"), "subjectDnPattern")).pattern());
    }

    @Test
    public void concurrentSessionSupportAddsFilterAndExpectedBeans() throws Exception {
        setContext("<http auto-config='true'>    <concurrent-session-control session-registry-alias='seshRegistry' expired-url='/expired'/></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertTrue(getFilters("/someurl").get(0) instanceof ConcurrentSessionFilter);
        Assert.assertNotNull(this.appContext.getBean("seshRegistry"));
        Assert.assertNotNull(getConcurrentSessionController());
    }

    @Test
    public void externalSessionRegistryBeanIsConfiguredCorrectly() throws Exception {
        setContext("<http auto-config='true'>    <concurrent-session-control session-registry-ref='sr' /></http><b:bean id='sr' class='" + SessionRegistryImpl.class.getName() + "'/>" + ConfigTestUtils.AUTH_PROVIDER_XML);
        checkSessionRegistry();
    }

    @Test(expected = BeanDefinitionParsingException.class)
    public void useOfExternalConcurrentSessionControllerRequiresSessionRegistryToBeSet() throws Exception {
        setContext("<http auto-config='true'>    <concurrent-session-control session-controller-ref='sc' expired-url='/expired'/></http><b:bean id='sc' class='" + ConcurrentSessionControllerImpl.class.getName() + "'>  <b:property name='sessionRegistry'>    <b:bean class='" + SessionRegistryImpl.class.getName() + "'/>  </b:property></b:bean>" + ConfigTestUtils.AUTH_PROVIDER_XML);
    }

    @Test
    public void useOfExternalSessionControllerAndRegistryIsWiredCorrectly() throws Exception {
        setContext("<http auto-config='true'>    <concurrent-session-control session-registry-ref='sr' session-controller-ref='sc' expired-url='/expired'/></http><b:bean id='sc' class='" + ConcurrentSessionControllerImpl.class.getName() + "'>  <b:property name='sessionRegistry' ref='sr'/></b:bean><b:bean id='sr' class='" + SessionRegistryImpl.class.getName() + "'/>" + ConfigTestUtils.AUTH_PROVIDER_XML);
        checkSessionRegistry();
    }

    private void checkSessionRegistry() throws Exception {
        Object bean = this.appContext.getBean("sr");
        Object fieldValue = FieldUtils.getFieldValue(getFilter(ConcurrentSessionFilter.class), "sessionRegistry");
        Object fieldValue2 = FieldUtils.getFieldValue(getFilter(UsernamePasswordAuthenticationProcessingFilter.class), "sessionStrategy.sessionRegistry");
        Object fieldValue3 = FieldUtils.getFieldValue(getConcurrentSessionController(), "sessionRegistry");
        Object fieldValue4 = FieldUtils.getFieldValue(getFilter(SessionManagementFilter.class), "sessionStrategy.sessionRegistry");
        Assert.assertSame(bean, fieldValue);
        Assert.assertSame(bean, fieldValue3);
        Assert.assertSame(bean, fieldValue4);
        Assert.assertSame(bean, fieldValue2);
    }

    @Test(expected = ConcurrentLoginException.class)
    public void concurrentSessionMaxSessionsIsCorrectlyConfigured() throws Exception {
        setContext("<http auto-config='true'>    <concurrent-session-control max-sessions='2' exception-if-maximum-exceeded='true' /></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        ConcurrentSessionControllerImpl concurrentSessionController = getConcurrentSessionController();
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("bob", "pass");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setSession(new MockHttpSession());
        usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(mockHttpServletRequest));
        try {
            concurrentSessionController.checkAuthenticationAllowed(usernamePasswordAuthenticationToken);
        } catch (ConcurrentLoginException e) {
            Assert.fail("First login should be allowed");
        }
        concurrentSessionController.registerSuccessfulAuthentication(usernamePasswordAuthenticationToken);
        mockHttpServletRequest.setSession(new MockHttpSession());
        try {
            concurrentSessionController.checkAuthenticationAllowed(usernamePasswordAuthenticationToken);
        } catch (ConcurrentLoginException e2) {
            Assert.fail("Second login should be allowed");
        }
        usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(mockHttpServletRequest));
        concurrentSessionController.registerSuccessfulAuthentication(usernamePasswordAuthenticationToken);
        mockHttpServletRequest.setSession(new MockHttpSession());
        usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(mockHttpServletRequest));
        concurrentSessionController.checkAuthenticationAllowed(usernamePasswordAuthenticationToken);
    }

    @Test
    public void customEntryPointIsSupported() throws Exception {
        setContext("<http auto-config='true' entry-point-ref='entryPoint'/><b:bean id='entryPoint' class='" + MockEntryPoint.class.getName() + "'></b:bean>" + ConfigTestUtils.AUTH_PROVIDER_XML);
        Assert.assertTrue("ExceptionTranslationFilter should be configured with custom entry point", getFilters("/someurl").get(8).getAuthenticationEntryPoint() instanceof MockEntryPoint);
    }

    @Test
    public void rememberMeServicesWorksWithoutBasicProcessingFilter() {
        setContext("    <http>        <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>        <logout logout-success-url='/login.jsp'/>        <anonymous username='guest' granted-authority='guest'/>        <remember-me />    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
    }

    @Test
    public void disablingSessionProtectionRemovesSessionManagementFilterIfNoInvalidSessionUrlSet() throws Exception {
        setContext("<http auto-config='true' session-fixation-protection='none'/><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        List<Filter> filters = getFilters("/someurl");
        Assert.assertTrue(filters.get(8) instanceof ExceptionTranslationFilter);
        Assert.assertFalse(filters.get(9) instanceof SessionManagementFilter);
    }

    @Test
    public void disablingSessionProtectionRetainsSessionManagementFilterInvalidSessionUrlSet() throws Exception {
        setContext("<http auto-config='true' session-fixation-protection='none' invalid-session-url='/timeoutUrl' /><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Filter filter = getFilters("/someurl").get(9);
        Assert.assertTrue(filter instanceof SessionManagementFilter);
        Assert.assertEquals("/timeoutUrl", FieldUtils.getProtectedFieldValue("invalidSessionUrl", filter));
    }

    @Test
    public void httpElementDoesntInterfereWithBeanPostProcessing() {
        setContext("<http auto-config='true'/><authentication-manager>   <authentication-provider user-service-ref='myUserService'/></authentication-manager><b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/><b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>");
        Assert.assertEquals("Hello from the post processor!", ((PostProcessedMockUserDetailsService) this.appContext.getBean("myUserService")).getPostProcessorWasHere());
    }

    @Test
    public void unprotectedLoginPageDoesntResultInWarning() {
        setContext("    <http>        <intercept-url pattern='/login.jsp*' access='IS_AUTHENTICATED_ANONYMOUSLY'/>        <intercept-url pattern='/**' access='ROLE_A'/>        <anonymous />        <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        closeAppContext();
        setContext("    <http>        <intercept-url pattern='/login.jsp*' filters='none'/>        <intercept-url pattern='/**' access='ROLE_A'/>        <anonymous />        <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
    }

    @Test
    public void protectedLoginPageResultsInWarning() {
        setContext("    <http>        <intercept-url pattern='/**' access='ROLE_A'/>        <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        closeAppContext();
        setContext("    <http>        <intercept-url pattern='/**' access='ROLE_A'/>        <anonymous />        <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
    }

    @Test
    public void settingCreateSessionToAlwaysSetsFilterPropertiesCorrectly() throws Exception {
        setContext("<http auto-config='true' create-session='always'/><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Object filter = getFilter(SecurityContextPersistenceFilter.class);
        Assert.assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
        Assert.assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.allowSessionCreation"));
        Assert.assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "repo.disableUrlRewriting"));
    }

    @Test
    public void settingCreateSessionToNeverSetsFilterPropertiesCorrectly() throws Exception {
        setContext("<http auto-config='true' create-session='never'/><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Object filter = getFilter(SecurityContextPersistenceFilter.class);
        Assert.assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
        Assert.assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "repo.allowSessionCreation"));
        FilterChainProxy filterChainProxy = (FilterChainProxy) this.appContext.getBean("_filterChainProxy");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setServletPath("/anything");
        filterChainProxy.doFilter(mockHttpServletRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertNull(mockHttpServletRequest.getSession(false));
    }

    @Test
    public void settingCreateSessionToIfRequiredDoesntCreateASessionForPublicInvocation() throws Exception {
        setContext("<http auto-config='true' create-session='ifRequired'/><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Object filter = getFilter(SecurityContextPersistenceFilter.class);
        Assert.assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
        Assert.assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.allowSessionCreation"));
        FilterChainProxy filterChainProxy = (FilterChainProxy) this.appContext.getBean("_filterChainProxy");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setServletPath("/anything");
        filterChainProxy.doFilter(mockHttpServletRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertNull(mockHttpServletRequest.getSession(false));
    }

    @Test
    public void supportsTwoIdenticalInterceptUrls() throws Exception {
        setContext("<http auto-config='true'>    <intercept-url pattern='/someurl' access='ROLE_A'/>    <intercept-url pattern='/someurl' access='ROLE_B'/></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        List attributes = ((FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class)).getSecurityMetadataSource().getAttributes(createFilterinvocation("/someurl", null));
        Assert.assertEquals(1L, attributes.size());
        Assert.assertTrue(attributes.contains(new SecurityConfig("ROLE_B")));
    }

    @Test
    public void supportsExternallyDefinedSecurityContextRepository() throws Exception {
        setContext("<b:bean id='repo' class='" + HttpSessionSecurityContextRepository.class.getName() + "'/><http create-session='always' security-context-repository-ref='repo'>    <http-basic /></http>" + ConfigTestUtils.AUTH_PROVIDER_XML);
        SecurityContextPersistenceFilter securityContextPersistenceFilter = (SecurityContextPersistenceFilter) getFilter(SecurityContextPersistenceFilter.class);
        Assert.assertSame((HttpSessionSecurityContextRepository) this.appContext.getBean("repo"), FieldUtils.getFieldValue(securityContextPersistenceFilter, "repo"));
        Assert.assertTrue(((Boolean) FieldUtils.getFieldValue(securityContextPersistenceFilter, "forceEagerSessionCreation")).booleanValue());
    }

    @Test(expected = BeanDefinitionParsingException.class)
    public void cantUseUnsupportedSessionCreationAttributeWithExternallyDefinedSecurityContextRepository() throws Exception {
        setContext("<b:bean id='repo' class='" + HttpSessionSecurityContextRepository.class.getName() + "'/><http create-session='never' security-context-repository-ref='repo'>    <http-basic /></http>" + ConfigTestUtils.AUTH_PROVIDER_XML);
    }

    @Test
    public void expressionBasedAccessAllowsAndDeniesAccessAsExpected() throws Exception {
        setContext("    <http auto-config='true' use-expressions='true'>        <intercept-url pattern='/secure*' access=\"hasRole('ROLE_A')\" />        <intercept-url pattern='/**' access='permitAll()' />    </http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        FilterSecurityInterceptor filterSecurityInterceptor = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
        Assert.assertEquals(1L, filterSecurityInterceptor.getSecurityMetadataSource().getAttributes(createFilterinvocation("/secure", null)).size());
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("joe", "", new String[]{"ROLE_A"}));
        filterSecurityInterceptor.invoke(createFilterinvocation("/permitallurl", null));
        filterSecurityInterceptor.invoke(createFilterinvocation("/securex", null));
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("joe", "", new String[]{"ROLE_B"}));
        try {
            filterSecurityInterceptor.invoke(createFilterinvocation("/securex", null));
            Assert.fail("Expected AccessDeniedInvocation");
        } catch (AccessDeniedException e) {
        }
    }

    @Test
    public void customSuccessAndFailureHandlersCanBeSetThroughTheNamespace() throws Exception {
        setContext("<http>   <form-login authentication-success-handler-ref='sh' authentication-failure-handler-ref='fh'/></http><b:bean id='sh' class='" + SavedRequestAwareAuthenticationSuccessHandler.class.getName() + "'/><b:bean id='fh' class='" + SimpleUrlAuthenticationFailureHandler.class.getName() + "'/>" + ConfigTestUtils.AUTH_PROVIDER_XML);
        UsernamePasswordAuthenticationProcessingFilter usernamePasswordAuthenticationProcessingFilter = (UsernamePasswordAuthenticationProcessingFilter) getFilter(UsernamePasswordAuthenticationProcessingFilter.class);
        AuthenticationSuccessHandler authenticationSuccessHandler = (AuthenticationSuccessHandler) this.appContext.getBean("sh");
        AuthenticationFailureHandler authenticationFailureHandler = (AuthenticationFailureHandler) this.appContext.getBean("fh");
        Assert.assertSame(authenticationSuccessHandler, FieldUtils.getFieldValue(usernamePasswordAuthenticationProcessingFilter, "successHandler"));
        Assert.assertSame(authenticationFailureHandler, FieldUtils.getFieldValue(usernamePasswordAuthenticationProcessingFilter, "failureHandler"));
    }

    @Test
    public void disablingUrlRewritingThroughTheNamespaceSetsCorrectPropertyOnContextRepo() throws Exception {
        setContext("<http auto-config='true' disable-url-rewriting='true'/><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        Assert.assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(getFilter(SecurityContextPersistenceFilter.class), "repo.disableUrlRewriting"));
    }

    @Test
    public void userDetailsServiceInParentContextIsLocatedSuccessfully() throws Exception {
        this.appContext = new InMemoryXmlApplicationContext(ConfigTestUtils.AUTH_PROVIDER_XML);
        this.appContext = new InMemoryXmlApplicationContext("<http auto-config='true'>    <remember-me /></http>", this.appContext);
    }

    @Test
    public void openIDWithAttributeExchangeConfigurationIsParsedCorrectly() throws Exception {
        setContext("<http>   <openid-login>      <attribute-exchange>          <openid-attribute name='nickname' type='http://schema.openid.net/namePerson/friendly'/>          <openid-attribute name='email' type='http://schema.openid.net/contact/email' required='true' count='2'/>      </attribute-exchange>   </openid-login></http><authentication-manager alias='authManager'>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider></authentication-manager>");
        List list = (List) FieldUtils.getFieldValue((OpenID4JavaConsumer) FieldUtils.getFieldValue((OpenIDAuthenticationProcessingFilter) getFilter(OpenIDAuthenticationProcessingFilter.class), "consumer"), "attributesToFetch");
        Assert.assertEquals(2L, list.size());
        Assert.assertEquals("nickname", ((OpenIDAttribute) list.get(0)).getName());
        Assert.assertEquals("http://schema.openid.net/namePerson/friendly", ((OpenIDAttribute) list.get(0)).getType());
        Assert.assertFalse(((OpenIDAttribute) list.get(0)).isRequired());
        Assert.assertTrue(((OpenIDAttribute) list.get(1)).isRequired());
        Assert.assertEquals(2L, ((OpenIDAttribute) list.get(1)).getCount());
    }

    private void setContext(String str) {
        this.appContext = new InMemoryXmlApplicationContext(str);
    }

    private List<Filter> getFilters(String str) throws Exception {
        FilterChainProxy filterChainProxy = (FilterChainProxy) this.appContext.getBean("_filterChainProxy");
        Method declaredMethod = filterChainProxy.getClass().getDeclaredMethod("getFilters", String.class);
        declaredMethod.setAccessible(true);
        return (List) ReflectionUtils.invokeMethod(declaredMethod, filterChainProxy, new Object[]{str});
    }

    private FilterInvocation createFilterinvocation(String str, String str2) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setMethod(str2);
        mockHttpServletRequest.setRequestURI((String) null);
        mockHttpServletRequest.setServletPath(str);
        return new FilterInvocation(mockHttpServletRequest, new MockHttpServletResponse(), new MockFilterChain());
    }

    private Object getFilter(Class<? extends Filter> cls) throws Exception {
        for (Filter filter : getFilters("/any")) {
            if (filter.getClass().isAssignableFrom(cls)) {
                return filter;
            }
        }
        throw new Exception("Filter not found");
    }

    private RememberMeServices getRememberMeServices() throws Exception {
        return ((RememberMeProcessingFilter) getFilter(RememberMeProcessingFilter.class)).getRememberMeServices();
    }

    private ConcurrentSessionController getConcurrentSessionController() {
        Map beansOfType = this.appContext.getBeansOfType(ConcurrentSessionController.class);
        if (beansOfType.size() == 0) {
            return null;
        }
        return (ConcurrentSessionController) new ArrayList(beansOfType.values()).get(0);
    }
}
