Fix mockito usage

Issue gh-13810

Author: Steve Riesenberg

config/src/test/resources/org/springframework/security/config/http/CsrfConfigTests-mock-csrf-token-repository.xml

@@ -21,8 +21,8 @@
 		http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<b:bean id="csrfTokenRepository" class="org.mockito.Mockito" factory-method="mock">
-		<b:constructor-arg value="org.springframework.security.web.csrf.CsrfTokenRepository"/>
-		<b:constructor-arg value="csrfTokenRepository"/>
+		<b:constructor-arg value="org.springframework.security.web.csrf.CsrfTokenRepository" type="java.lang.Class"/>
+		<b:constructor-arg value="csrfTokenRepository" type="java.lang.String"/>
 	</b:bean>
 
 </b:beans>

config/src/test/resources/org/springframework/security/config/http/CsrfConfigTests-mock-request-matcher.xml

@@ -21,7 +21,7 @@
 		http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<b:bean id="requestMatcher" class="org.mockito.Mockito" factory-method="mock">
-		<b:constructor-arg value="org.springframework.security.web.util.matcher.RequestMatcher"/>
-		<b:constructor-arg value="requestMatcher"/>
+		<b:constructor-arg value="org.springframework.security.web.util.matcher.RequestMatcher" type="java.lang.Class"/>
+		<b:constructor-arg value="requestMatcher" type="java.lang.String"/>
 	</b:bean>
 </b:beans>

web/src/test/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,7 +19,6 @@
 import java.util.Collections;
 import java.util.EnumSet;
 import java.util.EventListener;
-import java.util.HashSet;
 import java.util.Set;
 
 import jakarta.servlet.DispatcherType;
@@ -316,14 +315,15 @@ public void onStartupWhenDefaultsThenSessionTrackingModes() {
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-		ArgumentCaptor<Set<SessionTrackingMode>> modesCaptor = ArgumentCaptor
-				.forClass(new HashSet<SessionTrackingMode>() {
-				}.getClass());
-		willDoNothing().given(context).setSessionTrackingModes(modesCaptor.capture());
+		given(context.addFilter(eq("springSecurityFilterChain"), any(DelegatingFilterProxy.class)))
+				.willReturn(registration);
+		@SuppressWarnings("unchecked")
+		ArgumentCaptor<Set<SessionTrackingMode>> modesCaptor = ArgumentCaptor.forClass(Set.class);
 		new AbstractSecurityWebApplicationInitializer() {
 		}.onStartup(context);
+		verify(context).addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture());
 		assertProxyDefaults(proxyCaptor.getValue());
+		verify(context).setSessionTrackingModes(modesCaptor.capture());
 		Set<SessionTrackingMode> modes = modesCaptor.getValue();
 		assertThat(modes).hasSize(1);
 		assertThat(modes).containsExactly(SessionTrackingMode.COOKIE);
@@ -334,18 +334,20 @@ public void onStartupWhenSessionTrackingModesConfiguredThenUsed() {
 		ServletContext context = mock(ServletContext.class);
 		FilterRegistration.Dynamic registration = mock(FilterRegistration.Dynamic.class);
 		ArgumentCaptor<DelegatingFilterProxy> proxyCaptor = ArgumentCaptor.forClass(DelegatingFilterProxy.class);
-		given(context.addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture())).willReturn(registration);
-		ArgumentCaptor<Set<SessionTrackingMode>> modesCaptor = ArgumentCaptor
-				.forClass(new HashSet<SessionTrackingMode>() {
-				}.getClass());
-		willDoNothing().given(context).setSessionTrackingModes(modesCaptor.capture());
+		given(context.addFilter(eq("springSecurityFilterChain"), any(DelegatingFilterProxy.class)))
+				.willReturn(registration);
+		@SuppressWarnings("unchecked")
+		ArgumentCaptor<Set<SessionTrackingMode>> modesCaptor = ArgumentCaptor.forClass(Set.class);
+		willDoNothing().given(context).setSessionTrackingModes(any());
 		new AbstractSecurityWebApplicationInitializer() {
 			@Override
 			public Set<SessionTrackingMode> getSessionTrackingModes() {
 				return Collections.singleton(SessionTrackingMode.SSL);
 			}
 		}.onStartup(context);
+		verify(context).addFilter(eq("springSecurityFilterChain"), proxyCaptor.capture());
 		assertProxyDefaults(proxyCaptor.getValue());
+		verify(context).setSessionTrackingModes(modesCaptor.capture());
 		Set<SessionTrackingMode> modes = modesCaptor.getValue();
 		assertThat(modes).hasSize(1);
 		assertThat(modes).containsExactly(SessionTrackingMode.SSL);