Update tests & docs to match new behavior

AB-xdev · AB-xdev · commit 8c459a1513e9 · 2026-01-27T15:26:14.000+01:00
diff --git a/demo/integration-tests/webapp-vaadin-it/src/test/java/software/xdev/sse/demo/vaadin/cases/urlmapping/BaseUrlMappingTest.java b/demo/integration-tests/webapp-vaadin-it/src/test/java/software/xdev/sse/demo/vaadin/cases/urlmapping/BaseUrlMappingTest.java
@@ -1,8 +1,13 @@
 package software.xdev.sse.demo.vaadin.cases.urlmapping;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
 import java.io.IOException;
 import java.net.URI;
 import java.util.Collection;
+import java.util.List;
 
 import org.apache.hc.client5.http.classic.methods.HttpUriRequestBase;
 import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
@@ -53,5 +58,16 @@ void check() throws IOException
 		}
 	}
 	
-	protected abstract Collection<Executable> checkResponse(final ClassicHttpResponse response);
+	// As of Spring Boot 7.x the underlying problem is fixed out-of-the-box and both responses should now be identical
+	protected Collection<Executable> checkResponse(final ClassicHttpResponse response)
+	{
+		return List.of(
+			() -> assertEquals(302, response.getCode()),
+			() -> assertNull(response.getHeader("Set-Cookie")),
+			() -> assertTrue(response.getHeader("Location")
+				.getValue()
+				.endsWith("/oauth2/authorization/local")),
+			() -> assertEquals("1", response.getHeader("X-Force-Reload").getValue())
+		);
+	}
 }
diff --git a/demo/integration-tests/webapp-vaadin-it/src/test/java/software/xdev/sse/demo/vaadin/cases/urlmapping/UrlMappingBeforePatchTest.java b/demo/integration-tests/webapp-vaadin-it/src/test/java/software/xdev/sse/demo/vaadin/cases/urlmapping/UrlMappingBeforePatchTest.java
@@ -1,14 +1,5 @@
 package software.xdev.sse.demo.vaadin.cases.urlmapping;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNull;
-
-import java.util.Collection;
-import java.util.List;
-
-import org.apache.hc.core5.http.ClassicHttpResponse;
-import org.junit.jupiter.api.function.Executable;
-
 import software.xdev.sse.demo.tci.webapp.containers.VaadinWebAppContainer;
 
 
@@ -20,14 +11,4 @@ protected void customizeWebAppContainer(final VaadinWebAppContainer c)
 		super.customizeWebAppContainer(c);
 		c.withEnv("SSE_SIDECAR_HTTP-SECURITY-MATCHER_DEFAULT_CREATOR_ENABLED", "false");
 	}
-	
-	@Override
-	protected Collection<Executable> checkResponse(final ClassicHttpResponse response)
-	{
-		return List.of(
-			() -> assertEquals(401, response.getCode()),
-			() -> assertNull(response.getHeader("Set-Cookie")),
-			() -> assertEquals("Basic realm=\"Realm\"", response.getHeader("WWW-Authenticate").getValue())
-		);
-	}
 }
diff --git a/demo/integration-tests/webapp-vaadin-it/src/test/java/software/xdev/sse/demo/vaadin/cases/urlmapping/UrlMappingPatchedTest.java b/demo/integration-tests/webapp-vaadin-it/src/test/java/software/xdev/sse/demo/vaadin/cases/urlmapping/UrlMappingPatchedTest.java
@@ -1,28 +1,5 @@
 package software.xdev.sse.demo.vaadin.cases.urlmapping;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-
-import java.util.Collection;
-import java.util.List;
-
-import org.apache.hc.core5.http.ClassicHttpResponse;
-import org.junit.jupiter.api.function.Executable;
-
-
 class UrlMappingPatchedTest extends BaseUrlMappingTest
 {
-	@Override
-	protected Collection<Executable> checkResponse(final ClassicHttpResponse response)
-	{
-		return List.of(
-			() -> assertEquals(302, response.getCode()),
-			() -> assertNull(response.getHeader("Set-Cookie")),
-			() -> assertTrue(response.getHeader("Location")
-				.getValue()
-				.endsWith("/oauth2/authorization/local")),
-			() -> assertEquals("1", response.getHeader("X-Force-Reload").getValue())
-		);
-	}
 }
diff --git a/web-sidecar-common/src/main/java/software/xdev/sse/web/sidecar/httpsecurity/package-info.java b/web-sidecar-common/src/main/java/software/xdev/sse/web/sidecar/httpsecurity/package-info.java
@@ -14,6 +14,15 @@
  * limitations under the License.
  */
 /**
+ * <h4>Spring 7.x Update</h4>
+ * With Spring 7 the underlying root issue has been fixed - Spring now always uses a PathPatternRequestMatcher.
+ * <p>
+ * However, it's still possible for frameworks or applications to use a custom implementation in
+ * {@link org.springframework.security.config.annotation.web.builders.HttpSecurity#securityMatcher(java.lang.String...)}
+ * so for now this implementation will stay available.
+ * </p>
+ *
+ * <h4>Original behavior - Spring 6.x</h4>
  * Controls how
  * {@link org.springframework.security.config.annotation.web.builders.HttpSecurity
  * #securityMatcher(org.springframework.security.web.util.matcher.RequestMatcher)} is applied for sidecars.
@@ -27,6 +36,7 @@
  * <p>
  * <i>This package is only designed to be used in Sidecars and not in the main application!</i>
  * </p>
+ *
  * @see <a href="https://github.com/xdev-software/spring-security-extras/issues/221">#221</a>
  */
 package software.xdev.sse.web.sidecar.httpsecurity;
