Start building against Spring Security 7.0.0-RC1 snapshots

See gh-1681

Author: snicoll

spring-ws-platform/build.gradle

@@ -30,7 +30,7 @@ dependencies {
 	api(platform("org.junit:junit-bom:5.13.3"))
 	api(platform("org.slf4j:slf4j-bom:2.0.17"))
 	api(platform("org.springframework:spring-framework-bom:${springFrameworkVersion}"))
-	api(platform("org.springframework.security:spring-security-bom:7.0.0-M1"))
+	api(platform("org.springframework.security:spring-security-bom:7.0.0-SNAPSHOT"))
 	constraints {
 		api("com.fasterxml.woodstox:woodstox-core:7.1.1")
 		api("com.google.code.findbugs:jsr305:3.0.2")

spring-ws-security/src/main/java/org/springframework/ws/soap/security/wss4j2/callback/SpringSecurityPasswordValidationCallbackHandler.java

@@ -16,7 +16,6 @@
 
 package org.springframework.ws.soap.security.wss4j2.callback;
 
-import java.io.IOException;
 import java.util.Objects;
 
 import javax.security.auth.callback.UnsupportedCallbackException;
@@ -32,7 +31,6 @@
 import org.springframework.security.core.userdetails.UserCache;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.core.userdetails.cache.NullUserCache;
 import org.springframework.util.Assert;
 import org.springframework.ws.soap.security.callback.CleanupCallback;
@@ -80,21 +78,18 @@ public void afterPropertiesSet() throws Exception {
 	 * <p>
 	 * Default implementation throws an {@link UnsupportedCallbackException}.
 	 */
-	protected void handleUsernameToken(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
+	protected void handleUsernameToken(WSPasswordCallback callback) {
 		UserDetails user = loadUserDetails(callback.getIdentifier());
-		if (user != null) {
-			SpringSecurityUtils.checkUserValidity(user);
-			callback.setPassword(user.getPassword());
-		}
+		SpringSecurityUtils.checkUserValidity(user);
+		callback.setPassword(user.getPassword());
 	}
 
 	@Override
-	protected void handleUsernameTokenPrincipal(UsernameTokenPrincipalCallback callback)
-			throws IOException, UnsupportedCallbackException {
+	protected void handleUsernameTokenPrincipal(UsernameTokenPrincipalCallback callback) {
 		UserDetails user = loadUserDetails(callback.getPrincipal().getName());
 		WSUsernameTokenPrincipalImpl principal = callback.getPrincipal();
 		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(principal,
-				principal.getPassword(), (user != null) ? user.getAuthorities() : null);
+				principal.getPassword(), user.getAuthorities());
 		if (this.logger.isDebugEnabled()) {
 			this.logger.debug("Authentication success: " + authRequest);
 		}
@@ -103,23 +98,15 @@ protected void handleUsernameTokenPrincipal(UsernameTokenPrincipalCallback callb
 	}
 
 	@Override
-	protected void handleCleanup(CleanupCallback callback) throws IOException, UnsupportedCallbackException {
+	protected void handleCleanup(CleanupCallback callback) {
 		SecurityContextHolder.clearContext();
 	}
 
-	private @Nullable UserDetails loadUserDetails(String username) throws DataAccessException {
+	private UserDetails loadUserDetails(String username) throws DataAccessException {
 		UserDetails user = this.userCache.getUserFromCache(username);
 
 		if (user == null) {
-			try {
-				user = Objects.requireNonNull(this.userDetailsService).loadUserByUsername(username);
-			}
-			catch (UsernameNotFoundException notFound) {
-				if (this.logger.isDebugEnabled()) {
-					this.logger.debug("Username '" + username + "' not found");
-				}
-				return null;
-			}
+			user = Objects.requireNonNull(this.userDetailsService).loadUserByUsername(username);
 			this.userCache.putUserInCache(user);
 		}
 		return user;

spring-ws-security/src/main/java/org/springframework/ws/soap/security/x509/X509AuthenticationToken.java

@@ -24,6 +24,7 @@
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
 
 /**
  * {@code Authentication} implementation for X.509 client-certificate authentication.
@@ -55,7 +56,7 @@ public class X509AuthenticationToken extends AbstractAuthenticationToken {
 	 * @param credentials the certificate
 	 */
 	public X509AuthenticationToken(X509Certificate credentials) {
-		super(null);
+		super(AuthorityUtils.NO_AUTHORITIES);
 		this.credentials = credentials;
 	}
 

spring-ws-security/src/test/java/org/springframework/ws/soap/security/wss4j2/callback/SpringSecurityPasswordValidationCallbackHandlerTests.java

@@ -35,6 +35,7 @@
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.easymock.EasyMock.createMock;
 import static org.easymock.EasyMock.expect;
 import static org.easymock.EasyMock.replay;
@@ -73,7 +74,7 @@ void setUp() {
 	}
 
 	@Test
-	void testHandleUsernameToken() throws Exception {
+	void testHandleUsernameToken() {
 
 		UserDetailsService userDetailsService = createMock(UserDetailsService.class);
 		this.callbackHandler.setUserDetailsService(userDetailsService);
@@ -90,7 +91,7 @@ void testHandleUsernameToken() throws Exception {
 	}
 
 	@Test
-	void testHandleUsernameTokenUserNotFound() throws Exception {
+	void testHandleUsernameTokenUserNotFound() {
 
 		UserDetailsService userDetailsService = createMock(UserDetailsService.class);
 		this.callbackHandler.setUserDetailsService(userDetailsService);
@@ -100,15 +101,12 @@ void testHandleUsernameTokenUserNotFound() throws Exception {
 
 		replay(userDetailsService);
 
-		this.callbackHandler.handleUsernameToken(this.passwordCallback);
-
-		assertThat(this.passwordCallback.getPassword()).isNull();
-
-		verify(userDetailsService);
+		assertThatExceptionOfType(UsernameNotFoundException.class)
+			.isThrownBy(() -> this.callbackHandler.handleUsernameToken(this.passwordCallback));
 	}
 
 	@Test
-	void testHandleUsernameTokenPrincipal() throws Exception {
+	void testHandleUsernameTokenPrincipal() {
 
 		UserDetailsService userDetailsService = createMock(UserDetailsService.class);
 		this.callbackHandler.setUserDetailsService(userDetailsService);