java.lang.IllegalStateException: SpringJUnit4ClassRunner requires JUnit 4.12 or higher

Development
1

Hello everyone! i am working on an issue in which am trying to prevent attacks through CSRF. I was advised to first implement this in some of the openmrs-modules, there after migrate it to core or any other module.

i have decided to start with openmrs-referenceapplication module since it is the one that manages login and logout. Below is how I wish to attain this…

  1. Add spring security dependencies to the reference module…

  2. Adding a CSRF repository and the corresponding filter

  3. List some configurations in the xml files.

  4. Add a hidden input element containing the csrf token to the login page

However, with step 1 I used spring security bom dependency to manage my spring security dependencies in the pom file

<project xmlns="http://maven.apache.org/POM/4.0.0" ......>
	
	<properties>
		.....
		<spring-security.version>5.5.1</spring-security.version>
        ....
	</properties>

	<dependencyManagement>
        <dependencies>
      .......
			<dependency>
		        <groupId>org.springframework.security</groupId>
			    <artifactId>spring-security-bom</artifactId>
		        <version>${spring-security.version}</version>
			    <type>pom</type>
			    <scope>import</scope>
		    </dependency>
      .......	
        </dependencies>
</dependencyManagement>
......
</project>

and the mood/pom file

<dependencies>
    ......
        <dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>javax.servlet-api</artifactId>
			<version>4.0.1</version>
			<scope>provided</scope>
		</dependency>
			<dependency>
			    <groupId>org.springframework.security</groupId>
				<artifactId>spring-security-core</artifactId>
			</dependency>
			<dependency>
				<groupId>org.springframework.security</groupId>
				<artifactId>spring-security-config</artifactId>
			</dependency>
			<dependency>
				<groupId>org.springframework.security</groupId>
			    <artifactId>spring-security-web</artifactId>
			</dependency>				
			<dependency>
			    <groupId>org.springframework.security</groupId>
			    <artifactId>spring-security-test</artifactId>
			    <scope>test</scope>
			</dependency>
	</dependencies>

However, when i run mvn clean install i get a java.lang.ExceptionInInitializerError Caused by: java.lang.IllegalStateException: SpringJUnit4ClassRunner requires JUnit 4.12 or higher. in the openmrs-module-referenceapplication/HomePageControllerTest.java at master · openmrs/openmrs-module-referenceapplication · GitHub

Even the LoginPageControllerTest.java tests were all failing until I changed the javax.servlet version to 4.0.1 as I showed above.

Does anyone know how I can bigo this blocker? I know the problem is because the version of JUnit used in this module is 4.11(i can see this from eclipse under the maven dependencies). However, am not seeing where this dependency is set because the JUnit version in openmrs-core module is 4.13, and this module has no reference for JUnit. Spring security dependencies are known to distort the class-path of the project. Maybe it is what is happening here.

cc @dkayiwa @mozzy @ibacher @isears @sharif and anyone else

Thank you so much