diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
index 723f66404..528a0da95 100644
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -30,8 +30,8 @@ wrongsecrets/
## Technology Stack
-- **Framework**: Spring Boot 3.5.x
-- **Java Version**: 23 (configured in pom.xml)
+- **Framework**: Spring Boot 4.0.x
+- **Java Version**: 25 (configured in pom.xml)
- **Build Tool**: Maven (use `./mvnw`)
- **Testing**: JUnit 5, Spring Boot Test
- **Container**: Docker + Kubernetes
diff --git a/HELP.md b/HELP.md
index 327afd1e1..d0744d3df 100644
--- a/HELP.md
+++ b/HELP.md
@@ -6,5 +6,5 @@ Please consult the [readme](./README.md), [Contributing](./CONTRIBUTING.md), [Co
For further reference, please consider the following sections:
* [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
-* [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.3.4.RELEASE/maven-plugin/reference/html/)
-* [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.3.4.RELEASE/maven-plugin/reference/html/#build-image)
+* [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/4.0.3/maven-plugin/reference/html/)
+* [Create an OCI image](https://docs.spring.io/spring-boot/docs/4.0.3/maven-plugin/reference/html/#build-image)
diff --git a/docs/ARCHITECTURE_OVERVIEW.md b/docs/ARCHITECTURE_OVERVIEW.md
index fee4287cc..b8b3611bc 100644
--- a/docs/ARCHITECTURE_OVERVIEW.md
+++ b/docs/ARCHITECTURE_OVERVIEW.md
@@ -63,7 +63,7 @@ src/test/java/org/owasp/wrongsecrets/
### Maven → Docker Workflow
1. **Maven Build** (`pom.xml`)
- - Spring Boot 3.x application
+ - Spring Boot 4.x application
- Dependencies managed through Spring Boot parent POM
- Plugins: AsciiDoctor, Checkstyle, PMD, SpotBugs
@@ -137,7 +137,7 @@ src/test/java/org/owasp/wrongsecrets/
### Prerequisites
-- Java 21+
+- Java 25+
- Maven 3.8+
- Docker
- Node.js (for frontend dependencies)
diff --git a/package-lock.json b/package-lock.json
index b48e0cd56..2cad0003a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -25,6 +25,7 @@
"integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==",
"dev": true,
"license": "Apache-2.0",
+ "peer": true,
"dependencies": {
"@jridgewell/gen-mapping": "^0.3.5",
"@jridgewell/trace-mapping": "^0.3.24"
@@ -393,6 +394,7 @@
"integrity": "sha512-muE8Tt8M22638HU31A3CgfSUciwz1fhATfoVai05aPXGor//CdWDCbnlY1yvBPo07njuVOCNGCSp/GTt12lIug==",
"dev": true,
"license": "MIT",
+ "peer": true,
"dependencies": {
"@babel/template": "^7.27.2",
"@babel/types": "^7.27.6"
@@ -1887,7 +1889,6 @@
"integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
"dev": true,
"license": "MIT",
- "peer": true,
"bin": {
"acorn": "bin/acorn"
},
@@ -2042,7 +2043,6 @@
}
],
"license": "MIT",
- "peer": true,
"dependencies": {
"baseline-browser-mapping": "^2.9.0",
"caniuse-lite": "^1.0.30001759",
@@ -2177,7 +2177,8 @@
"resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz",
"integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==",
"dev": true,
- "license": "MIT"
+ "license": "MIT",
+ "peer": true
},
"node_modules/core-js-compat": {
"version": "3.48.0",
@@ -2282,7 +2283,6 @@
"integrity": "sha512-VmQ+sifHUbI/IcSopBCF/HO3YiHQx/AVd3UVyYL6weuwW+HvON9VYn5l6Zl1WZzPWXPNZrSQpxwkkZ/VuvJZzg==",
"dev": true,
"license": "MIT",
- "peer": true,
"dependencies": {
"@eslint-community/eslint-utils": "^4.8.0",
"@eslint-community/regexpp": "^4.12.1",
@@ -2639,6 +2639,7 @@
"integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==",
"dev": true,
"license": "MIT",
+ "peer": true,
"engines": {
"node": ">=6.9.0"
}
@@ -2845,6 +2846,7 @@
"integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==",
"dev": true,
"license": "MIT",
+ "peer": true,
"bin": {
"json5": "lib/cli.js"
},
diff --git a/pom.xml b/pom.xml
index 41f046b64..69011f2dc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
org.springframework.boot
spring-boot-starter-parent
- 3.5.10
+ 4.0.3
@@ -48,7 +48,7 @@
3.0.1
2.40.9
5.3.8
- 6.0.0
+ 7.0.0
11.0.1
2.3.7
12.1.9
@@ -64,9 +64,9 @@
3.15.0
full
25
- 2025.0.0
- 6.2.3
+ 2025.1.1
2.1.8
+ 1.21.4
3.1.3.RELEASE
3.4.0
@@ -147,17 +147,14 @@
org.springframework.security
spring-security-config
- ${spring-security.version}
org.springframework.security
spring-security-web
- ${spring-security.version}
org.springframework.security
spring-security-test
- ${spring-security.version}
test
@@ -264,7 +261,7 @@
org.springdoc
springdoc-openapi-starter-webmvc-ui
- 2.8.15
+ 3.0.1
com.azure.spring
@@ -277,6 +274,12 @@
test
+
+ org.springframework.boot
+ spring-boot-test-autoconfigure
+ test
+
+
uk.org.webcompere
system-stubs-jupiter
@@ -323,7 +326,7 @@
org.springframework.vault
spring-vault-core
- 3.2.0
+ 4.0.1
@@ -543,8 +546,8 @@
maven-compiler-plugin
${maven-compiler-plugin.version}
- 23
- 23
+ 25
+ 25
diff --git a/src/main/java/org/owasp/wrongsecrets/SecretsErrorController.java b/src/main/java/org/owasp/wrongsecrets/SecretsErrorController.java
index c12b516f5..a9777b8f1 100644
--- a/src/main/java/org/owasp/wrongsecrets/SecretsErrorController.java
+++ b/src/main/java/org/owasp/wrongsecrets/SecretsErrorController.java
@@ -1,13 +1,12 @@
package org.owasp.wrongsecrets;
import io.swagger.v3.oas.annotations.Operation;
-import org.springframework.boot.web.servlet.error.ErrorController;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
/** Controller used to generate content for the error page. */
@Controller
-public class SecretsErrorController implements ErrorController {
+public class SecretsErrorController {
@GetMapping("/error")
@Operation(summary = "Returns data for the error page")
diff --git a/src/main/resources/templates/about.html b/src/main/resources/templates/about.html
index d25df671b..fa915d0dc 100644
--- a/src/main/resources/templates/about.html
+++ b/src/main/resources/templates/about.html
@@ -59,11 +59,11 @@ 🎯 Learning Objectives
(The MIT License (MIT)) Microsoft Azure Java JSON Library (com.azure:azure-json:1.5.0 - https://github.com/Azure/azure-sdk-for-java)
(The MIT License (MIT)) Microsoft Azure client library for KeyVault Secrets (com.azure:azure-security-keyvault-secrets:4.10.2 - https://github.com/Azure/azure-sdk-for-java)
(The MIT License (MIT)) Microsoft Azure Java XML Library (com.azure:azure-xml:1.2.0 - https://github.com/Azure/azure-sdk-for-java)
- (The MIT License (MIT)) Spring Cloud Azure AutoConfigure (com.azure.spring:spring-cloud-azure-autoconfigure:6.0.0 - https://microsoft.github.io/spring-cloud-azure)
- (The MIT License (MIT)) Spring Cloud Azure Core (com.azure.spring:spring-cloud-azure-core:6.0.0 - https://microsoft.github.io/spring-cloud-azure)
- (The MIT License (MIT)) Spring Cloud Azure Service (com.azure.spring:spring-cloud-azure-service:6.0.0 - https://microsoft.github.io/spring-cloud-azure)
- (The MIT License (MIT)) Spring Cloud Azure Starter (com.azure.spring:spring-cloud-azure-starter:6.0.0 - https://microsoft.github.io/spring-cloud-azure)
- (The MIT License (MIT)) Spring Cloud Azure Starter Key Vault Secrets (com.azure.spring:spring-cloud-azure-starter-keyvault-secrets:6.0.0 - https://microsoft.github.io/spring-cloud-azure)
+ (The MIT License (MIT)) Spring Cloud Azure AutoConfigure (com.azure.spring:spring-cloud-azure-autoconfigure:7.0.0 - https://microsoft.github.io/spring-cloud-azure)
+ (The MIT License (MIT)) Spring Cloud Azure Core (com.azure.spring:spring-cloud-azure-core:7.0.0 - https://microsoft.github.io/spring-cloud-azure)
+ (The MIT License (MIT)) Spring Cloud Azure Service (com.azure.spring:spring-cloud-azure-service:7.0.0 - https://microsoft.github.io/spring-cloud-azure)
+ (The MIT License (MIT)) Spring Cloud Azure Starter (com.azure.spring:spring-cloud-azure-starter:7.0.0 - https://microsoft.github.io/spring-cloud-azure)
+ (The MIT License (MIT)) Spring Cloud Azure Starter Key Vault Secrets (com.azure.spring:spring-cloud-azure-starter-keyvault-secrets:7.0.0 - https://microsoft.github.io/spring-cloud-azure)
(The Apache Software License, Version 2.0) Simple XML (safe) (com.carrotsearch.thirdparty:simple-xml-safe:2.7.1 - https://github.com/dweiss/simplexml)
(3-Clause BSD License) MinLog (com.esotericsoftware:minlog:1.3.1 - https://github.com/EsotericSoftware/minlog)
(Apache License, Version 2.0) Internet Time Utility (com.ethlo.time:itu:1.14.0 - https://github.com/ethlo/itu)
diff --git a/src/test/java/org/owasp/wrongsecrets/AboutControllerTests.java b/src/test/java/org/owasp/wrongsecrets/AboutControllerTests.java
index 9f29e786d..5948d12e3 100644
--- a/src/test/java/org/owasp/wrongsecrets/AboutControllerTests.java
+++ b/src/test/java/org/owasp/wrongsecrets/AboutControllerTests.java
@@ -6,15 +6,11 @@
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.junit.jupiter.api.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest
-@AutoConfigureMockMvc
-class AboutControllerTests {
- @Autowired private MockMvc mvc;
+class AboutControllerTests extends MockMvcTestSupport {
@Test
void shouldGetAbout() throws Exception {
diff --git a/src/test/java/org/owasp/wrongsecrets/ChallengeAPiControllerTest.java b/src/test/java/org/owasp/wrongsecrets/ChallengeAPiControllerTest.java
index ec09aaf9c..0547ceb7b 100644
--- a/src/test/java/org/owasp/wrongsecrets/ChallengeAPiControllerTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/ChallengeAPiControllerTest.java
@@ -6,16 +6,11 @@
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.junit.jupiter.api.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest
-@AutoConfigureMockMvc
-class ChallengeAPiControllerTest {
-
- @Autowired private MockMvc mvc;
+class ChallengeAPiControllerTest extends MockMvcTestSupport {
public ChallengeAPiControllerTest() {}
diff --git a/src/test/java/org/owasp/wrongsecrets/ChallengesControllerTest.java b/src/test/java/org/owasp/wrongsecrets/ChallengesControllerTest.java
index b5c4fd031..7cacd7cf0 100644
--- a/src/test/java/org/owasp/wrongsecrets/ChallengesControllerTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/ChallengesControllerTest.java
@@ -8,18 +8,13 @@
import org.junit.jupiter.api.Test;
import org.owasp.wrongsecrets.challenges.Spoiler;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest(
properties = {"K8S_ENV=DOCKER"},
classes = WrongSecretsApplication.class)
-@AutoConfigureMockMvc
-class ChallengesControllerTest {
-
- @Autowired private MockMvc mvc;
+class ChallengesControllerTest extends MockMvcTestSupport {
@Test
void startingChallengeShouldClearCorrectOrIncorrectMessage() throws Exception {
diff --git a/src/test/java/org/owasp/wrongsecrets/CodingRuleTest.java b/src/test/java/org/owasp/wrongsecrets/CodingRuleTest.java
index d0eca1441..f85703c14 100644
--- a/src/test/java/org/owasp/wrongsecrets/CodingRuleTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/CodingRuleTest.java
@@ -28,5 +28,5 @@ public class CodingRuleTest {
.areNotDeclaredIn(CypressIntegrationTest.class)
.should()
.beAnnotatedWith(LocalServerPort.class)
- .because("we use AutoConfigureMockMvc for testing");
+ .because("we use MockMvcTestSupport for testing");
}
diff --git a/src/test/java/org/owasp/wrongsecrets/SecretLeakageControllerTest.java b/src/test/java/org/owasp/wrongsecrets/SecretLeakageControllerTest.java
index 1bf3b9b37..0a50f99fa 100644
--- a/src/test/java/org/owasp/wrongsecrets/SecretLeakageControllerTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/SecretLeakageControllerTest.java
@@ -7,17 +7,12 @@
import org.junit.jupiter.api.Test;
import org.owasp.wrongsecrets.challenges.docker.WrongSecretsConstants;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@SpringBootTest(properties = {"K8S_ENV=docker"})
-@AutoConfigureMockMvc
-class SecretLeakageControllerTest {
-
- @Autowired private MockMvc mockMvc;
+class SecretLeakageControllerTest extends MockMvcTestSupport {
@Test
void spoil1() throws Exception {
@@ -30,7 +25,7 @@ void solveChallenge1() throws Exception {
}
private void solveChallenge(String endpoint, String solution) throws Exception {
- this.mockMvc
+ this.mvc
.perform(
MockMvcRequestBuilders.post(endpoint)
.param("solution", solution)
@@ -41,7 +36,7 @@ private void solveChallenge(String endpoint, String solution) throws Exception {
}
private void testSpoil(String endpoint, String solution) throws Exception {
- this.mockMvc
+ this.mvc
.perform(MockMvcRequestBuilders.get(endpoint))
.andExpect(status().isOk())
.andExpect(content().string(containsString(solution)));
diff --git a/src/test/java/org/owasp/wrongsecrets/SecretsErrorControllerTest.java b/src/test/java/org/owasp/wrongsecrets/SecretsErrorControllerTest.java
index a469aeba5..a0de50279 100644
--- a/src/test/java/org/owasp/wrongsecrets/SecretsErrorControllerTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/SecretsErrorControllerTest.java
@@ -6,16 +6,11 @@
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.junit.jupiter.api.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest
-@AutoConfigureMockMvc
-class SecretsErrorControllerTest {
-
- @Autowired private MockMvc mvc;
+class SecretsErrorControllerTest extends MockMvcTestSupport {
@Test
void shouldReturnErrorPage() throws Exception {
diff --git a/src/test/java/org/owasp/wrongsecrets/SecurityConfigTest.java b/src/test/java/org/owasp/wrongsecrets/SecurityConfigTest.java
index 9664a94b0..3253c8082 100644
--- a/src/test/java/org/owasp/wrongsecrets/SecurityConfigTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/SecurityConfigTest.java
@@ -7,21 +7,18 @@
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.junit.jupiter.api.Test;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.annotation.Import;
import org.springframework.http.MediaType;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
properties = {"K8S_ENV=k8s"})
@Import(ConventionPortMapper.class)
-@AutoConfigureMockMvc
-class SecurityConfigTest {
+class SecurityConfigTest extends MockMvcTestSupport {
- @Autowired private MockMvc mvc;
@Autowired private BasicAuthentication challenge37BasicAuth;
@Test
diff --git a/src/test/java/org/owasp/wrongsecrets/SpringDocTest.java b/src/test/java/org/owasp/wrongsecrets/SpringDocTest.java
index fe96cc0aa..f43783b6f 100644
--- a/src/test/java/org/owasp/wrongsecrets/SpringDocTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/SpringDocTest.java
@@ -16,41 +16,34 @@
import lombok.extern.slf4j.Slf4j;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.MediaType;
-import org.springframework.test.web.servlet.MockMvc;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
@SpringBootTest
-@AutoConfigureMockMvc
@Slf4j
-class SpringDocTest {
-
- @Autowired protected MockMvc mockMvc;
+class SpringDocTest extends MockMvcTestSupport {
@Autowired RequestMappingHandlerMapping requestMappingHandlerMapping;
@Test
void shouldRedirectToSwaggerUiPage() throws Exception {
- mockMvc
- .perform(get("/swagger-ui.html"))
+ mvc.perform(get("/swagger-ui.html"))
.andExpect(status().is3xxRedirection())
.andExpect(redirectedUrl("/swagger-ui/index.html"));
}
@Test
void shouldDisplaySwaggerUiPage() throws Exception {
- mockMvc
- .perform(get("/swagger-ui/index.html"))
+ mvc.perform(get("/swagger-ui/index.html"))
.andExpect(status().isOk())
.andExpect(content().string(containsString("Swagger UI")));
}
@Test
void getApiDocs() throws Exception {
- mockMvc
- .perform(get("/v3/api-docs"))
+ mvc.perform(get("/v3/api-docs"))
.andExpect(status().isOk())
.andExpect(content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.openapi", is("3.1.0")))
@@ -64,8 +57,7 @@ void getApiDocs() throws Exception {
@Test
void endpointsPresent() throws Exception {
String json =
- mockMvc
- .perform(get("/v3/api-docs"))
+ mvc.perform(get("/v3/api-docs"))
.andExpect(status().isOk())
.andReturn()
.getResponse()
diff --git a/src/test/java/org/owasp/wrongsecrets/StatsControllerTests.java b/src/test/java/org/owasp/wrongsecrets/StatsControllerTests.java
index 06b0a75e7..8c8e3558a 100644
--- a/src/test/java/org/owasp/wrongsecrets/StatsControllerTests.java
+++ b/src/test/java/org/owasp/wrongsecrets/StatsControllerTests.java
@@ -6,15 +6,11 @@
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.junit.jupiter.api.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest
-@AutoConfigureMockMvc
-class StatsControllerTests {
- @Autowired private MockMvc mvc;
+class StatsControllerTests extends MockMvcTestSupport {
@Test
void shouldGetStats() throws Exception {
diff --git a/src/test/java/org/owasp/wrongsecrets/canaries/CanaryCallbackTest.java b/src/test/java/org/owasp/wrongsecrets/canaries/CanaryCallbackTest.java
index ceedf3911..73020bcb7 100644
--- a/src/test/java/org/owasp/wrongsecrets/canaries/CanaryCallbackTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/canaries/CanaryCallbackTest.java
@@ -5,15 +5,12 @@
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.jupiter.api.Test;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest
-@AutoConfigureMockMvc
-class CanaryCallbackTest {
- @Autowired private MockMvc mvc;
+class CanaryCallbackTest extends MockMvcTestSupport {
@Autowired private ObjectMapper objectMapper;
@Test
diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/cloud/ChallengesControllerWithPresetCloudValuesTest.java b/src/test/java/org/owasp/wrongsecrets/challenges/cloud/ChallengesControllerWithPresetCloudValuesTest.java
index 2cc74c07f..c259f91cb 100644
--- a/src/test/java/org/owasp/wrongsecrets/challenges/cloud/ChallengesControllerWithPresetCloudValuesTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/challenges/cloud/ChallengesControllerWithPresetCloudValuesTest.java
@@ -9,10 +9,9 @@
import org.junit.jupiter.api.Test;
import org.owasp.wrongsecrets.Challenges;
import org.owasp.wrongsecrets.WrongSecretsApplication;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest(
properties = {
@@ -28,10 +27,7 @@
"default_aws_value_challenge_11=ACTUAL_ANSWER_CHALLENGE_11"
},
classes = WrongSecretsApplication.class)
-@AutoConfigureMockMvc
-class ChallengesControllerWithPresetCloudValuesTest {
-
- @Autowired private MockMvc mvc;
+class ChallengesControllerWithPresetCloudValuesTest extends MockMvcTestSupport {
@Autowired private Challenges challenges;
@Test
diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java
index 322151411..3058eaffc 100644
--- a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java
@@ -9,10 +9,9 @@
import org.junit.jupiter.api.Test;
import org.owasp.wrongsecrets.Challenges;
import org.owasp.wrongsecrets.WrongSecretsApplication;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest(
properties = {
@@ -25,10 +24,7 @@
"secretmountpath=nothere"
},
classes = WrongSecretsApplication.class)
-@AutoConfigureMockMvc
-class ChallengesControllerWithPresetKubernetesValuesTest {
-
- @Autowired private MockMvc mvc;
+class ChallengesControllerWithPresetKubernetesValuesTest extends MockMvcTestSupport {
@Autowired private Challenges challenges;
@Test
diff --git a/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFClientModeTest.java b/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFClientModeTest.java
index b672ddace..8d84037a7 100644
--- a/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFClientModeTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFClientModeTest.java
@@ -12,11 +12,10 @@
import org.owasp.wrongsecrets.Challenges;
import org.owasp.wrongsecrets.WrongSecretsApplication;
import org.owasp.wrongsecrets.challenges.docker.Challenge1;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.MediaType;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest(
properties = {
@@ -28,10 +27,7 @@
"challenge_acht_ctf_to_provide_to_host_value=workit"
},
classes = WrongSecretsApplication.class)
-@AutoConfigureMockMvc
-class ChallengesControllerCTFClientModeTest {
-
- @Autowired private MockMvc mvc;
+class ChallengesControllerCTFClientModeTest extends MockMvcTestSupport {
@Autowired private Challenges challenges;
@Test
diff --git a/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeTest.java b/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeTest.java
index ea42dd987..5eb1ecc2f 100644
--- a/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeTest.java
@@ -11,19 +11,14 @@
import org.junit.jupiter.api.Test;
import org.owasp.wrongsecrets.WrongSecretsApplication;
import org.owasp.wrongsecrets.challenges.docker.Challenge1;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.MediaType;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest(
properties = {"K8S_ENV=docker", "ctf_enabled=true", "ctf_key=randomtextforkey"},
classes = WrongSecretsApplication.class)
-@AutoConfigureMockMvc
-class ChallengesControllerCTFModeTest {
-
- @Autowired private MockMvc mvc;
+class ChallengesControllerCTFModeTest extends MockMvcTestSupport {
@Test
void shouldNotSpoilWhenInCTFMode() throws Exception {
diff --git a/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeWithPresetCloudValuesTest.java b/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeWithPresetCloudValuesTest.java
index 7ca677902..02d2e0691 100644
--- a/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeWithPresetCloudValuesTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeWithPresetCloudValuesTest.java
@@ -13,11 +13,10 @@
import org.owasp.wrongsecrets.WrongSecretsApplication;
import org.owasp.wrongsecrets.challenges.cloud.Challenge10;
import org.owasp.wrongsecrets.challenges.cloud.challenge11.Challenge11Aws;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.MediaType;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest(
properties = {
@@ -33,10 +32,7 @@
"default_aws_value_challenge_11=ACTUAL_ANSWER_CHALLENGE_11"
},
classes = WrongSecretsApplication.class)
-@AutoConfigureMockMvc
-class ChallengesControllerCTFModeWithPresetCloudValuesTest {
-
- @Autowired private MockMvc mvc;
+class ChallengesControllerCTFModeWithPresetCloudValuesTest extends MockMvcTestSupport {
@Autowired private Challenges challenges;
@Autowired private Challenge11Aws challenge11;
diff --git a/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeWithPresetK8sAndVaultValuesTest.java b/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeWithPresetK8sAndVaultValuesTest.java
index f9a1ea16f..f7ed2dded 100644
--- a/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeWithPresetK8sAndVaultValuesTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeWithPresetK8sAndVaultValuesTest.java
@@ -13,11 +13,10 @@
import org.owasp.wrongsecrets.challenges.kubernetes.Challenge5;
import org.owasp.wrongsecrets.challenges.kubernetes.Challenge6;
import org.owasp.wrongsecrets.challenges.kubernetes.Challenge7;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.MediaType;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest(
properties = {
@@ -29,10 +28,7 @@
"vaultpassword=test7"
},
classes = WrongSecretsApplication.class)
-@AutoConfigureMockMvc
-class ChallengesControllerCTFModeWithPresetK8sAndVaultValuesTest {
-
- @Autowired private MockMvc mvc;
+class ChallengesControllerCTFModeWithPresetK8sAndVaultValuesTest extends MockMvcTestSupport {
@Autowired private Challenge5 challenge5;
@Autowired private Challenge6 challenge6;
@Autowired private Challenge7 challenge7;
diff --git a/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeWithPresetK8sNoVaultValuesTest.java b/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeWithPresetK8sNoVaultValuesTest.java
index 3c756a93a..acb005a42 100644
--- a/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeWithPresetK8sNoVaultValuesTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFModeWithPresetK8sNoVaultValuesTest.java
@@ -13,11 +13,10 @@
import org.owasp.wrongsecrets.challenges.kubernetes.Challenge5;
import org.owasp.wrongsecrets.challenges.kubernetes.Challenge6;
import org.owasp.wrongsecrets.challenges.kubernetes.Challenge7;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.MediaType;
-import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest(
properties = {
@@ -28,10 +27,7 @@
"SPECIAL_SPECIAL_K8S_SECRET=test6"
},
classes = WrongSecretsApplication.class)
-@AutoConfigureMockMvc
-class ChallengesControllerCTFModeWithPresetK8sNoVaultValuesTest {
-
- @Autowired private MockMvc mvc;
+class ChallengesControllerCTFModeWithPresetK8sNoVaultValuesTest extends MockMvcTestSupport {
@Autowired private Challenge5 challenge5;
@Autowired private Challenge6 challenge6;
@Autowired private Challenge7 challenge7;
diff --git a/src/test/java/org/owasp/wrongsecrets/oauth/TokenControllerTest.java b/src/test/java/org/owasp/wrongsecrets/oauth/TokenControllerTest.java
index e524f2088..3280c1299 100644
--- a/src/test/java/org/owasp/wrongsecrets/oauth/TokenControllerTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/oauth/TokenControllerTest.java
@@ -6,17 +6,12 @@
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.junit.jupiter.api.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.owasp.wrongsecrets.testutil.MockMvcTestSupport;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.MediaType;
-import org.springframework.test.web.servlet.MockMvc;
-@AutoConfigureMockMvc
@SpringBootTest
-class TokenControllerTest {
-
- @Autowired MockMvc mvc;
+class TokenControllerTest extends MockMvcTestSupport {
@Test
void shouldGetToken() throws Exception {
diff --git a/src/test/java/org/owasp/wrongsecrets/testutil/MockMvcTestSupport.java b/src/test/java/org/owasp/wrongsecrets/testutil/MockMvcTestSupport.java
new file mode 100644
index 000000000..f6fe5f7f9
--- /dev/null
+++ b/src/test/java/org/owasp/wrongsecrets/testutil/MockMvcTestSupport.java
@@ -0,0 +1,19 @@
+package org.owasp.wrongsecrets.testutil;
+
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+public abstract class MockMvcTestSupport {
+ @Autowired private WebApplicationContext context;
+ protected MockMvc mvc;
+
+ @BeforeEach
+ void setUpMockMvc() {
+ this.mvc = MockMvcBuilders.webAppContextSetup(this.context).apply(springSecurity()).build();
+ }
+}