Update components.

Flash, Paginator, RequestHandler, Security components updated to not
rely on controller's or their own request and response properties.

src/Controller/Component.php

@@ -64,24 +64,6 @@ class Component implements EventListenerInterface
     use LogTrait;
 
     /**
-     * Request object
-     *
-     * @var \Cake\Http\ServerRequest
-     * @deprecated 3.4.0 Storing references to the request is deprecated. Use Component::getController()
-     *   or callback $event->getSubject() to access the controller & request instead.
-     */
-    public $request;
-
-    /**
-     * Response object
-     *
-     * @var \Cake\Http\Response
-     * @deprecated 3.4.0 Storing references to the response is deprecated. Use Component::getController()
-     *   or callback $event->getSubject() to access the controller & response instead.
-     */
-    public $response;
-
-    /**
      * Component registry class used to lazy load components.
      *
      * @var \Cake\Controller\ComponentRegistry
@@ -120,11 +102,6 @@ class Component implements EventListenerInterface
     public function __construct(ComponentRegistry $registry, array $config = [])
     {
         $this->_registry = $registry;
-        $controller = $registry->getController();
-        if ($controller) {
-            $this->request =& $controller->request;
-            $this->response =& $controller->response;
-        }
 
         $this->setConfig($config);
 

src/Controller/Component/FlashComponent.php

@@ -60,7 +60,7 @@ class FlashComponent extends Component
     public function __construct(ComponentRegistry $registry, array $config = [])
     {
         parent::__construct($registry, $config);
-        $this->_session = $registry->getController()->request->getSession();
+        $this->_session = $registry->getController()->getRequest()->getSession();
     }
 
     /**

src/Controller/Component/PaginatorComponent.php

@@ -191,7 +191,7 @@ class PaginatorComponent extends Component
      */
     public function paginate($object, array $settings = [])
     {
-        $request = $this->_registry->getController()->request;
+        $request = $this->_registry->getController()->getRequest();
 
         try {
             $results = $this->_paginator->paginate(
@@ -228,7 +228,7 @@ class PaginatorComponent extends Component
      */
     public function mergeOptions($alias, $settings)
     {
-        $request = $this->_registry->getController()->request;
+        $request = $this->_registry->getController()->getRequest();
 
         return $this->_paginator->mergeOptions(
             $request->getQueryParams(),

src/Controller/Component/RequestHandlerComponent.php

@@ -71,8 +71,6 @@ class RequestHandlerComponent extends Component
      *   json, xml, and ajax will be mapped. Defining any types will omit the defaults.
      * - `inputTypeMap` - A mapping between types and deserializers for request bodies.
      *   If undefined json & xml will be mapped. Defining any types will omit the defaults.
-     * - `enableBeforeRedirect` - Set to false to disable the `beforeRedirect` callback. The
-     *   `beforeRedirect` functionality has been deprecated.
      *
      * @var array
      */
@@ -80,7 +78,6 @@ class RequestHandlerComponent extends Component
         'checkHttpCache' => true,
         'viewClassMap' => [],
         'inputTypeMap' => [],
-        'enableBeforeRedirect' => true
     ];
 
     /**
@@ -191,8 +188,8 @@ class RequestHandlerComponent extends Component
     {
         /** @var \Cake\Controller\Controller $controller */
         $controller = $event->getSubject();
-        $request = $controller->request;
-        $response = $controller->response;
+        $request = $controller->getRequest();
+        $response = $controller->getResponse();
 
         if ($request->getParam('_ext')) {
             $this->ext = $request->getParam('_ext');
@@ -202,7 +199,7 @@ class RequestHandlerComponent extends Component
         }
 
         $isAjax = $request->is('ajax');
-        $controller->request = $request->withParam('isAjax', $isAjax);
+        $controller->setRequest($request->withParam('isAjax', $isAjax));
 
         if (!$this->ext && $isAjax) {
             $this->ext = 'ajax';
@@ -221,7 +218,7 @@ class RequestHandlerComponent extends Component
             }
             if ($this->requestedWith($type)) {
                 $input = $request->input(...$handler);
-                $controller->request = $request->withParsedBody((array)$input);
+                $controller->setRequest($request->withParsedBody((array)$input));
             }
         }
     }
@@ -249,56 +246,6 @@ class RequestHandlerComponent extends Component
     }
 
     /**
-     * Handles (fakes) redirects for AJAX requests using requestAction()
-     *
-     * @param \Cake\Event\Event $event The Controller.beforeRedirect event.
-     * @param string|array $url A string or array containing the redirect location
-     * @param \Cake\Http\Response $response The response object.
-     * @return \Cake\Http\Response|null The response object if the redirect is caught.
-     * @deprecated 3.3.5 This functionality will be removed in 4.0.0. You can disable this function
-     *   now by setting the `enableBeforeRedirect` config option to false.
-     */
-    public function beforeRedirect(Event $event, $url, Response $response)
-    {
-        if (!$this->getConfig('enableBeforeRedirect')) {
-            return null;
-        }
-        deprecationWarning(
-            'RequestHandlerComponent::beforeRedirect() is deprecated. ' .
-            'This functionality will be removed in 4.0.0. Set the `enableBeforeRedirect` ' .
-            'option to `false` to disable this warning.'
-        );
-        $request = $this->request;
-        if (!$request->is('ajax')) {
-            return null;
-        }
-        if (empty($url)) {
-            return null;
-        }
-        if (is_array($url)) {
-            $url = Router::url($url + ['_base' => false]);
-        }
-        $query = [];
-        if (strpos($url, '?') !== false) {
-            list($url, $querystr) = explode('?', $url, 2);
-            parse_str($querystr, $query);
-        }
-        /** @var \Cake\Controller\Controller $controller */
-        $controller = $event->getSubject();
-        $response->body($controller->requestAction($url, [
-            'return',
-            'bare' => false,
-            'environment' => [
-                'REQUEST_METHOD' => 'GET'
-            ],
-            'query' => $query,
-            'cookies' => $request->getCookieParams()
-        ]));
-
-        return $response->withStatus(200);
-    }
-
-    /**
      * Checks if the response can be considered different according to the request
      * headers, and the caching response headers. If it was not modified, then the
      * render process is skipped. And the client will get a blank response with a
@@ -325,8 +272,8 @@ class RequestHandlerComponent extends Component
     {
         /** @var \Cake\Controller\Controller $controller */
         $controller = $event->getSubject();
-        $response = $controller->response;
-        $request = $controller->request;
+        $response = $controller->getResponse();
+        $request = $controller->getRequest();
 
         $isRecognized = (
             !in_array($this->ext, ['html', 'htm']) &&
@@ -335,7 +282,7 @@ class RequestHandlerComponent extends Component
 
         if ($this->ext && $isRecognized) {
             $this->renderAs($controller, $this->ext);
-            $response = $controller->response;
+            $response = $controller->getResponse();
         } else {
             $response = $response->withCharset(Configure::read('App.encoding'));
         }
@@ -343,11 +290,12 @@ class RequestHandlerComponent extends Component
         if ($this->_config['checkHttpCache'] &&
             $response->checkNotModified($request)
         ) {
-            $controller->response = $response;
+            $controller->setResponse($response);
 
             return false;
         }
-        $controller->response = $response;
+
+        $controller->setResponse($response);
     }
 
     /**
@@ -388,7 +336,7 @@ class RequestHandlerComponent extends Component
      */
     public function isMobile()
     {
-        $request = $this->request;
+        $request = $this->getController()->getRequest();
 
         return $request->is('mobile') || $this->accepts('wap');
     }
@@ -432,8 +380,8 @@ class RequestHandlerComponent extends Component
     public function accepts($type = null)
     {
         $controller = $this->getController();
-        $request = $controller->request;
-        $response = $controller->response;
+        $request = $controller->getRequest();
+        $response = $controller->getResponse();
         $accepted = $request->accepts();
 
         if (!$type) {
@@ -467,8 +415,8 @@ class RequestHandlerComponent extends Component
     public function requestedWith($type = null)
     {
         $controller = $this->getController();
-        $request = $controller->request;
-        $response = $controller->response;
+        $request = $controller->getRequest();
+        $response = $controller->getResponse();
 
         if (!$request->is('post') &&
             !$request->is('put') &&
@@ -515,8 +463,8 @@ class RequestHandlerComponent extends Component
     public function prefers($type = null)
     {
         $controller = $this->getController();
-        $request = $controller->request;
-        $response = $controller->response;
+        $request = $controller->getRequest();
+        $response = $controller->getResponse();
         $acceptRaw = $request->parseAccept();
 
         if (empty($acceptRaw)) {
@@ -614,8 +562,7 @@ class RequestHandlerComponent extends Component
             $builder->setLayoutPath($type);
         }
 
-        $response = $controller->response;
-        if ($response->getMimeType($type)) {
+        if ($controller->getResponse()->getMimeType($type)) {
             $this->respondAs($type, $options);
         }
     }
@@ -639,8 +586,8 @@ class RequestHandlerComponent extends Component
 
         $cType = $type;
         $controller = $this->getController();
-        $response = $controller->response;
-        $request = $controller->request;
+        $response = $controller->getResponse();
+        $request = $controller->getRequest();
 
         if (strpos($type, '/') === false) {
             $cType = $response->getMimeType($type);
@@ -669,7 +616,7 @@ class RequestHandlerComponent extends Component
         if (!empty($options['attachment'])) {
             $response = $response->withDownload($options['attachment']);
         }
-        $controller->response = $response;
+        $controller->setResponse($response);
 
         return true;
     }
@@ -682,7 +629,7 @@ class RequestHandlerComponent extends Component
      */
     public function responseType()
     {
-        $response = $this->getController()->response;
+        $response = $this->getController()->getResponse();
 
         return $response->mapType($response->getType());
     }
@@ -700,7 +647,7 @@ class RequestHandlerComponent extends Component
         if (is_array($alias)) {
             return array_map([$this, 'mapAlias'], $alias);
         }
-        $response = $this->getController()->response;
+        $response = $this->getController()->getResponse();
         $type = $response->getMimeType($alias);
         if ($type) {
             if (is_array($type)) {

src/Controller/Component/SecurityComponent.php

@@ -86,13 +86,6 @@ class SecurityComponent extends Component
     protected $_action;
 
     /**
-     * The Session object
-     *
-     * @var \Cake\Http\Session
-     */
-    public $session;
-
-    /**
      * Component startup. All security checking happens here.
      *
      * @param \Cake\Event\Event $event An Event instance
@@ -102,8 +95,7 @@ class SecurityComponent extends Component
     {
         /** @var \Cake\Controller\Controller $controller */
         $controller = $event->getSubject();
-        $request = $controller->request;
-        $this->session = $request->getSession();
+        $request = $controller->getRequest();
         $this->_action = $request->getParam('action');
         $hasData = ($request->getData() || $request->is(['put', 'post', 'delete', 'patch']));
         try {
@@ -128,10 +120,10 @@ class SecurityComponent extends Component
         }
 
         $request = $this->generateToken($request);
-        if ($hasData && is_array($controller->request->getData())) {
+        if ($hasData && is_array($controller->getRequest()->getData())) {
             $request = $request->withoutData('_Token');
         }
-        $controller->request = $request;
+        $controller->setRequest($request);
     }
 
     /**
@@ -243,7 +235,7 @@ class SecurityComponent extends Component
             $requireSecure = $this->_config['requireSecure'];
 
             if (in_array($this->_action, $requireSecure) || $requireSecure === ['*']) {
-                if (!$this->request->is('ssl')) {
+                if (!$controller->getRequest()->is('ssl')) {
                     throw new SecurityException(
                         'Request is not SSL and the action is required to be secure'
                     );
@@ -263,7 +255,7 @@ class SecurityComponent extends Component
      */
     protected function _authRequired(Controller $controller)
     {
-        $request = $controller->request;
+        $request = $controller->getRequest();
         if (is_array($this->_config['requireAuth']) &&
             !empty($this->_config['requireAuth']) &&
             $request->getData()
@@ -276,8 +268,8 @@ class SecurityComponent extends Component
                     throw new AuthSecurityException('\'_Token\' was not found in request data.');
                 }
 
-                if ($this->session->check('_Token')) {
-                    $tData = $this->session->read('_Token');
+                if ($request->getSession()->check('_Token')) {
+                    $tData = $request->getSession()->read('_Token');
 
                     if (!empty($tData['allowedControllers']) &&
                         !in_array($request->getParam('controller'), $tData['allowedControllers'])) {
@@ -344,7 +336,7 @@ class SecurityComponent extends Component
      */
     protected function _validToken(Controller $controller)
     {
-        $check = $controller->request->getData();
+        $check = $controller->getRequest()->getData();
 
         $message = '\'%s\' was not found in request data.';
         if (!isset($check['_Token'])) {
@@ -502,7 +494,7 @@ class SecurityComponent extends Component
     protected function _debugPostTokenNotMatching(Controller $controller, $hashParts)
     {
         $messages = [];
-        $expectedParts = json_decode(urldecode($controller->request->getData('_Token.debug')), true);
+        $expectedParts = json_decode(urldecode($controller->getRequest()->getData('_Token.debug')), true);
         if (!is_array($expectedParts) || count($expectedParts) !== 3) {
             return 'Invalid security debug token.';
         }
@@ -572,8 +564,8 @@ class SecurityComponent extends Component
     public function generateToken(ServerRequest $request)
     {
         if ($request->is('requested')) {
-            if ($this->session->check('_Token')) {
-                $request = $request->withParam('_Token', $this->session->read('_Token'));
+            if ($request->getSession()->check('_Token')) {
+                $request = $request->withParam('_Token', $request->getSession()->read('_Token'));
             }
 
             return $request;
@@ -584,7 +576,7 @@ class SecurityComponent extends Component
             'unlockedFields' => $this->_config['unlockedFields'],
         ];
 
-        $this->session->write('_Token', $token);
+        $request->getSession()->write('_Token', $token);
 
         return $request->withParam('_Token', [
             'unlockedFields' => $token['unlockedFields']

tests/TestCase/Controller/Component/PaginatorComponentTest.php

@@ -149,10 +149,10 @@ class PaginatorComponentTest extends TestCase
             ->method('find')
             ->will($this->returnValue($query));
 
-        $this->controller->request = $this->controller->request->withQueryParams(['page' => '1 " onclick="alert(\'xss\');">']);
+        $this->controller->request = $this->controller->getRequest()->withQueryParams(['page' => '1 " onclick="alert(\'xss\');">']);
         $settings = ['limit' => 1, 'maxLimit' => 10];
         $this->Paginator->paginate($this->Post, $settings);
-        $this->assertSame(1, $this->controller->request->getParam('paging.Posts.page'), 'XSS exploit opened');
+        $this->assertSame(1, $this->controller->getRequest()->getParam('paging.Posts.page'), 'XSS exploit opened');
     }
 
     /**
@@ -163,7 +163,7 @@ class PaginatorComponentTest extends TestCase
      */
     public function testPaginateExtraParams()
     {
-        $this->controller->request = $this->controller->request->withQueryParams(['page' => '-1']);
+        $this->controller->request = $this->controller->getRequest()->withQueryParams(['page' => '-1']);
         $settings = [
             'PaginatorPosts' => [
                 'contain' => ['PaginatorAuthor'],
@@ -240,8 +240,8 @@ class PaginatorComponentTest extends TestCase
         $table = $this->getTableLocator()->get('PaginatorPosts');
 
         $this->Paginator->paginate($table, $settings);
-        $this->assertArrayHasKey('PaginatorPosts', $this->controller->request->getParam('paging'));
-        $this->assertArrayNotHasKey(0, $this->controller->request->getParam('paging'));
+        $this->assertArrayHasKey('PaginatorPosts', $this->controller->getRequest()->getParam('paging'));
+        $this->assertArrayNotHasKey(0, $this->controller->getRequest()->getParam('paging'));
     }
 
     /**
@@ -267,7 +267,7 @@ class PaginatorComponentTest extends TestCase
             ->will($this->returnValue($query));
 
         $this->Paginator->paginate($table, $settings);
-        $this->assertEquals('popular', $this->controller->request->getParam('paging.PaginatorPosts.finder'));
+        $this->assertEquals('popular', $this->controller->getRequest()->getParam('paging.PaginatorPosts.finder'));
     }
 
     /**
@@ -362,8 +362,8 @@ class PaginatorComponentTest extends TestCase
             ]);
 
         $this->Paginator->paginate($table, $settings);
-        $this->assertEquals('PaginatorPosts.id', $this->controller->request->getParam('paging.PaginatorPosts.sortDefault'));
-        $this->assertEquals('DESC', $this->controller->request->getParam('paging.PaginatorPosts.directionDefault'));
+        $this->assertEquals('PaginatorPosts.id', $this->controller->getRequest()->getParam('paging.PaginatorPosts.sortDefault'));
+        $this->assertEquals('DESC', $this->controller->getRequest()->getParam('paging.PaginatorPosts.directionDefault'));
     }
 
     /**
@@ -399,7 +399,7 @@ class PaginatorComponentTest extends TestCase
      */
     public function testMergeOptionsCustomScope()
     {
-        $this->controller->request = $this->controller->request->withQueryParams([
+        $this->controller->request = $this->controller->getRequest()->withQueryParams([
             'page' => 10,
             'limit' => 10,
             'scope' => [
@@ -468,7 +468,7 @@ class PaginatorComponentTest extends TestCase
      */
     public function testMergeOptionsCustomFindKey()
     {
-        $this->controller->request = $this->controller->request->withQueryParams([
+        $this->controller->request = $this->controller->getRequest()->withQueryParams([
             'page' => 10,
             'limit' => 10
         ]);
@@ -496,7 +496,7 @@ class PaginatorComponentTest extends TestCase
      */
     public function testMergeOptionsQueryString()
     {
-        $this->controller->request = $this->controller->request->withQueryParams([
+        $this->controller->request = $this->controller->getRequest()->withQueryParams([
             'page' => 99,
             'limit' => 75
         ]);
@@ -517,7 +517,7 @@ class PaginatorComponentTest extends TestCase
      */
     public function testMergeOptionsDefaultWhiteList()
     {
-        $this->controller->request = $this->controller->request->withQueryParams([
+        $this->controller->request = $this->controller->getRequest()->withQueryParams([
             'page' => 10,
             'limit' => 10,
             'fields' => ['bad.stuff'],
@@ -542,7 +542,7 @@ class PaginatorComponentTest extends TestCase
      */
     public function testMergeOptionsExtraWhitelist()
     {
-        $this->controller->request = $this->controller->request->withQueryParams([
+        $this->controller->request = $this->controller->getRequest()->withQueryParams([
             'page' => 10,
             'limit' => 10,
             'fields' => ['bad.stuff'],
@@ -671,14 +671,14 @@ class PaginatorComponentTest extends TestCase
                 'sort' => 'id',
             ]);
 
-        $this->controller->request = $this->controller->request->withQueryParams([
+        $this->controller->request = $this->controller->getRequest()->withQueryParams([
             'page' => 1,
             'sort' => 'id',
             'direction' => 'herp'
         ]);
         $this->Paginator->paginate($table);
-        $this->assertEquals('id', $this->controller->request->getParam('paging.PaginatorPosts.sort'));
-        $this->assertEquals('asc', $this->controller->request->getParam('paging.PaginatorPosts.direction'));
+        $this->assertEquals('id', $this->controller->getRequest()->getParam('paging.PaginatorPosts.sort'));
+        $this->assertEquals('asc', $this->controller->getRequest()->getParam('paging.PaginatorPosts.direction'));
     }
 
     /**
@@ -718,17 +718,17 @@ class PaginatorComponentTest extends TestCase
 
         $this->assertSame(
             0,
-            $this->controller->request->getParam('paging.PaginatorPosts.count'),
+            $this->controller->getRequest()->getParam('paging.PaginatorPosts.count'),
             'Count should be 0'
         );
         $this->assertSame(
             1,
-            $this->controller->request->getParam('paging.PaginatorPosts.page'),
+            $this->controller->getRequest()->getParam('paging.PaginatorPosts.page'),
             'Page number should not be 0'
         );
         $this->assertSame(
             1,
-            $this->controller->request->getParam('paging.PaginatorPosts.pageCount'),
+            $this->controller->getRequest()->getParam('paging.PaginatorPosts.pageCount'),
             'Page count number should not be 0'
         );
     }
@@ -741,7 +741,7 @@ class PaginatorComponentTest extends TestCase
     public function testOutOfRangePageNumberGetsClamped()
     {
         $this->loadFixtures('Posts');
-        $this->controller->request = $this->controller->request->withQueryParams(['page' => 3000]);
+        $this->controller->request = $this->controller->getRequest()->withQueryParams(['page' => 3000]);
 
         $table = $this->getTableLocator()->get('PaginatorPosts');
 
@@ -753,7 +753,7 @@ class PaginatorComponentTest extends TestCase
 
         $this->assertEquals(
             1,
-            $this->controller->request->getParam('paging.PaginatorPosts.page'),
+            $this->controller->getRequest()->getParam('paging.PaginatorPosts.page'),
             'Page number should not be 0'
         );
 
@@ -769,7 +769,7 @@ class PaginatorComponentTest extends TestCase
     public function testOutOfRangePageNumberStillProvidesPageCount()
     {
         $this->loadFixtures('Posts');
-        $this->controller->request = $this->controller->request->withQueryParams([
+        $this->controller->request = $this->controller->getRequest()->withQueryParams([
             'limit' => 1,
             'page' => '4',
         ]);
@@ -784,7 +784,7 @@ class PaginatorComponentTest extends TestCase
 
         $this->assertEquals(
             3,
-            $this->controller->request->getParam('paging.PaginatorPosts.pageCount'),
+            $this->controller->getRequest()->getParam('paging.PaginatorPosts.pageCount'),
             'Page count number should not be 0'
         );
 
@@ -801,9 +801,9 @@ class PaginatorComponentTest extends TestCase
     {
         $this->expectException(\Cake\Http\Exception\NotFoundException::class);
         $this->loadFixtures('Posts');
-        $this->controller->request = $this->controller->request->withQueryParams([
+        $this->controller->setRequest($this->controller->getRequest()->withQueryParams([
             'page' => '3000000000000000000000000',
-        ]);
+        ]));
 
         $table = $this->getTableLocator()->get('PaginatorPosts');
         $this->Paginator->paginate($table);
@@ -1111,19 +1111,19 @@ class PaginatorComponentTest extends TestCase
         $settings = [
             'maxLimit' => 100,
         ];
-        $this->controller->request = $this->controller->request->withQueryParams([
+        $this->controller->request = $this->controller->getRequest()->withQueryParams([
             'limit' => '1000'
         ]);
         $this->Paginator->paginate($table, $settings);
-        $this->assertEquals(100, $this->controller->request->getParam('paging.PaginatorPosts.limit'));
-        $this->assertEquals(100, $this->controller->request->getParam('paging.PaginatorPosts.perPage'));
+        $this->assertEquals(100, $this->controller->getRequest()->getParam('paging.PaginatorPosts.limit'));
+        $this->assertEquals(100, $this->controller->getRequest()->getParam('paging.PaginatorPosts.perPage'));
 
-        $this->controller->request = $this->controller->request->withQueryParams([
+        $this->controller->request = $this->controller->getRequest()->withQueryParams([
             'limit' => '10'
         ]);
         $this->Paginator->paginate($table, $settings);
-        $this->assertEquals(10, $this->controller->request->getParam('paging.PaginatorPosts.limit'));
-        $this->assertEquals(10, $this->controller->request->getParam('paging.PaginatorPosts.perPage'));
+        $this->assertEquals(10, $this->controller->getRequest()->getParam('paging.PaginatorPosts.limit'));
+        $this->assertEquals(10, $this->controller->getRequest()->getParam('paging.PaginatorPosts.perPage'));
     }
 
     /**
@@ -1152,7 +1152,7 @@ class PaginatorComponentTest extends TestCase
         $this->assertCount(4, $result, '4 rows should come back');
         $this->assertEquals(['First Post', 'Second Post', 'Third Post', 'Fourth Post'], $titleExtractor($result));
 
-        $result = $this->controller->request->getParam('paging.PaginatorPosts');
+        $result = $this->controller->getRequest()->getParam('paging.PaginatorPosts');
         $this->assertEquals(4, $result['current']);
         $this->assertEquals(4, $result['count']);
 
@@ -1161,7 +1161,7 @@ class PaginatorComponentTest extends TestCase
         $this->assertCount(3, $result, '3 rows should come back');
         $this->assertEquals(['First Post', 'Second Post', 'Third Post'], $titleExtractor($result));
 
-        $result = $this->controller->request->getParam('paging.PaginatorPosts');
+        $result = $this->controller->getRequest()->getParam('paging.PaginatorPosts');
         $this->assertEquals(3, $result['current']);
         $this->assertEquals(3, $result['count']);
 
@@ -1170,7 +1170,7 @@ class PaginatorComponentTest extends TestCase
         $this->assertCount(1, $result, '1 rows should come back');
         $this->assertEquals(['Third Post'], $titleExtractor($result));
 
-        $result = $this->controller->request->getParam('paging.PaginatorPosts');
+        $result = $this->controller->getRequest()->getParam('paging.PaginatorPosts');
         $this->assertEquals(1, $result['current']);
         $this->assertEquals(3, $result['count']);
         $this->assertEquals(2, $result['pageCount']);
@@ -1180,7 +1180,7 @@ class PaginatorComponentTest extends TestCase
         $this->assertCount(2, $result, '2 rows should come back');
         $this->assertEquals(['First Post', 'Second Post'], $titleExtractor($result));
 
-        $result = $this->controller->request->getParam('paging.PaginatorPosts');
+        $result = $this->controller->getRequest()->getParam('paging.PaginatorPosts');
         $this->assertEquals(2, $result['current']);
         $this->assertEquals(3, $result['count']);
         $this->assertEquals(2, $result['pageCount']);
@@ -1216,7 +1216,7 @@ class PaginatorComponentTest extends TestCase
         ];
         $this->assertEquals($expected, $result);
 
-        $result = $this->controller->request->getParam('paging.PaginatorPosts');
+        $result = $this->controller->getRequest()->getParam('paging.PaginatorPosts');
         $this->assertEquals(2, $result['current']);
         $this->assertEquals(3, $result['count']);
         $this->assertEquals(2, $result['pageCount']);
@@ -1263,7 +1263,9 @@ class PaginatorComponentTest extends TestCase
      */
     public function testPaginateQuery()
     {
-        $this->controller->request = $this->controller->request->withQueryParams(['page' => '-1']);
+        $this->controller->setRequest(
+            $this->controller->getRequest()->withQueryParams(['page' => '-1'])
+        );
         $settings = [
             'PaginatorPosts' => [
                 'contain' => ['PaginatorAuthor'],
@@ -1322,7 +1324,9 @@ class PaginatorComponentTest extends TestCase
      */
     public function testPaginateQueryWithLimit()
     {
-        $this->controller->request = $this->controller->request->withQueryParams(['page' => '-1']);
+        $this->controller->setRequest(
+            $this->controller->getRequest()->withQueryParams(['page' => '-1'])
+        );
         $settings = [
             'PaginatorPosts' => [
                 'contain' => ['PaginatorAuthor'],

tests/TestCase/Controller/Component/RequestHandlerComponentTest.php

@@ -134,7 +134,7 @@ class RequestHandlerComponentTest extends TestCase
     public function testInitializeCallback()
     {
         $this->assertNull($this->RequestHandler->ext);
-        $this->Controller->request = $this->Controller->request->withParam('_ext', 'rss');
+        $this->Controller->request = $this->Controller->getRequest()->withParam('_ext', 'rss');
         $this->RequestHandler->startup(new Event('Controller.startup', $this->Controller));
         $this->assertEquals('rss', $this->RequestHandler->ext);
     }
@@ -316,7 +316,7 @@ class RequestHandlerComponentTest extends TestCase
         $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
             ->setMethods(['accepts'])
             ->getMock();
-        $this->Controller->request->expects($this->any())
+        $this->Controller->getRequest()->expects($this->any())
             ->method('accepts')
             ->will($this->returnValue(['application/json']));
 
@@ -416,7 +416,7 @@ class RequestHandlerComponentTest extends TestCase
         $this->RequestHandler->initialize([]);
         $this->Controller->beforeFilter($event);
         $this->RequestHandler->startup($event);
-        $this->assertTrue($this->Controller->request->getParam('isAjax'));
+        $this->assertTrue($this->Controller->getRequest()->getParam('isAjax'));
     }
 
     /**
@@ -439,7 +439,7 @@ class RequestHandlerComponentTest extends TestCase
         $this->assertEquals('ajax', $view->getLayout());
 
         $this->_init();
-        $this->Controller->request = $this->Controller->request->withParam('_ext', 'js');
+        $this->Controller->request = $this->Controller->getRequest()->withParam('_ext', 'js');
         $this->RequestHandler->initialize([]);
         $this->RequestHandler->startup($event);
         $this->assertNotEquals($this->Controller->viewClass, 'Cake\View\AjaxView');
@@ -454,7 +454,7 @@ class RequestHandlerComponentTest extends TestCase
     public function testJsonViewLoaded()
     {
         Router::extensions(['json', 'xml', 'ajax'], false);
-        $this->Controller->request = $this->Controller->request->withParam('_ext', 'json');
+        $this->Controller->request = $this->Controller->getRequest()->withParam('_ext', 'json');
         $event = new Event('Controller.startup', $this->Controller);
         $this->RequestHandler->initialize([]);
         $this->RequestHandler->startup($event);
@@ -475,7 +475,7 @@ class RequestHandlerComponentTest extends TestCase
     public function testXmlViewLoaded()
     {
         Router::extensions(['json', 'xml', 'ajax'], false);
-        $this->Controller->request = $this->Controller->request->withParam('_ext', 'xml');
+        $this->Controller->request = $this->Controller->getRequest()->withParam('_ext', 'xml');
         $event = new Event('Controller.startup', $this->Controller);
         $this->RequestHandler->initialize([]);
         $this->RequestHandler->startup($event);
@@ -496,7 +496,7 @@ class RequestHandlerComponentTest extends TestCase
     public function testAjaxViewLoaded()
     {
         Router::extensions(['json', 'xml', 'ajax'], false);
-        $this->Controller->request = $this->Controller->request->withParam('_ext', 'ajax');
+        $this->Controller->request = $this->Controller->getRequest()->withParam('_ext', 'ajax');
         $event = new Event('Controller.startup', $this->Controller);
         $this->RequestHandler->initialize([]);
         $this->RequestHandler->startup($event);
@@ -516,7 +516,7 @@ class RequestHandlerComponentTest extends TestCase
     public function testNoViewClassExtension()
     {
         Router::extensions(['json', 'xml', 'ajax', 'csv'], false);
-        $this->Controller->request = $this->Controller->request->withParam('_ext', 'csv');
+        $this->Controller->request = $this->Controller->getRequest()->withParam('_ext', 'csv');
         $event = new Event('Controller.startup', $this->Controller);
         $this->RequestHandler->initialize([]);
         $this->RequestHandler->startup($event);
@@ -541,8 +541,8 @@ class RequestHandlerComponentTest extends TestCase
         $_SERVER['CONTENT_TYPE'] = 'application/xml';
         $this->Controller->request = new ServerRequest();
         $this->RequestHandler->beforeRender($event);
-        $this->assertInternalType('array', $this->Controller->request->getData());
-        $this->assertNotInternalType('object', $this->Controller->request->getData());
+        $this->assertInternalType('array', $this->Controller->getRequest()->getData());
+        $this->assertNotInternalType('object', $this->Controller->getRequest()->getData());
     }
 
     /**
@@ -558,8 +558,8 @@ class RequestHandlerComponentTest extends TestCase
         $_SERVER['CONTENT_TYPE'] = 'application/xml; charset=UTF-8';
         $this->Controller->request = new ServerRequest();
         $this->RequestHandler->startup($event);
-        $this->assertInternalType('array', $this->Controller->request->getData());
-        $this->assertNotInternalType('object', $this->Controller->request->getData());
+        $this->assertInternalType('array', $this->Controller->getRequest()->getData());
+        $this->assertNotInternalType('object', $this->Controller->getRequest()->getData());
     }
 
     /**
@@ -579,13 +579,13 @@ class RequestHandlerComponentTest extends TestCase
 
         $event = new Event('Controller.startup', $this->Controller);
         $this->RequestHandler->startup($event);
-        $this->assertEquals([], $this->Controller->request->getData());
+        $this->assertEquals([], $this->Controller->getRequest()->getData());
 
         $stream = new Stream('php://memory', 'w');
         $stream->write('"invalid"');
-        $this->Controller->request = $this->Controller->request->withBody($stream);
+        $this->Controller->request = $this->Controller->getRequest()->withBody($stream);
         $this->RequestHandler->startup($event);
-        $this->assertEquals(['invalid'], $this->Controller->request->getData());
+        $this->assertEquals(['invalid'], $this->Controller->getRequest()->getData());
     }
 
     /**
@@ -596,20 +596,20 @@ class RequestHandlerComponentTest extends TestCase
      */
     public function testStartupProcessData()
     {
-        $this->Controller->request = new ServerRequest([
+        $this->Controller->setRequest(new ServerRequest([
             'environment' => [
                 'REQUEST_METHOD' => 'POST',
                 'CONTENT_TYPE' => 'application/json'
             ]
-        ]);
+        ]));
 
         $stream = new Stream('php://memory', 'w');
         $stream->write('{"valid":true}');
-        $this->Controller->request = $this->Controller->request->withBody($stream);
+        $this->Controller->setRequest($this->Controller->getRequest()->withBody($stream));
         $event = new Event('Controller.startup', $this->Controller);
 
         $this->RequestHandler->startup($event);
-        $this->assertEquals(['valid' => true], $this->Controller->request->getData());
+        $this->assertEquals(['valid' => true], $this->Controller->getRequest()->getData());
     }
 
     /**
@@ -620,17 +620,17 @@ class RequestHandlerComponentTest extends TestCase
      */
     public function testStartupIgnoreFileAsXml()
     {
-        $this->Controller->request = new ServerRequest([
+        $this->Controller->setRequest(new ServerRequest([
             'input' => '/dev/random',
             'environment' => [
                 'REQUEST_METHOD' => 'POST',
                 'CONTENT_TYPE' => 'application/xml'
             ]
-        ]);
+        ]));
 
         $event = new Event('Controller.startup', $this->Controller);
         $this->RequestHandler->startup($event);
-        $this->assertEquals([], $this->Controller->request->getData());
+        $this->assertEquals([], $this->Controller->getRequest()->getData());
     }
 
     /**
@@ -646,10 +646,9 @@ class RequestHandlerComponentTest extends TestCase
 <article id="1" title="first"></article>
 </data>
 XML;
-        $this->Controller->request = new ServerRequest(['input' => $xml]);
-        $this->Controller->request = $this->Controller->request
+        $this->Controller->setRequest((new ServerRequest(['input' => $xml]))
             ->withEnv('REQUEST_METHOD', 'POST')
-            ->withEnv('CONTENT_TYPE', 'application/xml');
+            ->withEnv('CONTENT_TYPE', 'application/xml'));
 
         $event = new Event('Controller.startup', $this->Controller);
         $this->RequestHandler->startup($event);
@@ -661,7 +660,7 @@ XML;
                 ]
             ]
         ];
-        $this->assertEquals($expected, $this->Controller->request->getData());
+        $this->assertEquals($expected, $this->Controller->getRequest()->getData());
     }
 
     /**
@@ -678,8 +677,7 @@ XML;
     <title><![CDATA[first]]></title>
 </article>
 XML;
-        $this->Controller->request = new ServerRequest(['input' => $xml]);
-        $this->Controller->request = $this->Controller->request
+        $this->Controller->request = (new ServerRequest(['input' => $xml]))
             ->withEnv('REQUEST_METHOD', 'POST')
             ->withEnv('CONTENT_TYPE', 'application/xml');
 
@@ -691,7 +689,7 @@ XML;
                 'title' => 'first'
             ]
         ];
-        $this->assertEquals($expected, $this->Controller->request->getData());
+        $this->assertEquals($expected, $this->Controller->getRequest()->getData());
     }
 
     /**
@@ -718,14 +716,13 @@ XML;
   <description>&item8;</description>
 </item>
 XML;
-        $this->Controller->request = new ServerRequest(['input' => $xml]);
-        $this->Controller->request = $this->Controller->request
+        $this->Controller->request = (new ServerRequest(['input' => $xml]))
             ->withEnv('REQUEST_METHOD', 'POST')
             ->withEnv('CONTENT_TYPE', 'application/xml');
 
         $event = new Event('Controller.startup', $this->Controller);
         $this->RequestHandler->startup($event);
-        $this->assertEquals([], $this->Controller->request->getData());
+        $this->assertEquals([], $this->Controller->getRequest()->getData());
     }
 
     /**
@@ -738,20 +735,20 @@ XML;
     public function testStartupCustomTypeProcess()
     {
         $this->deprecated(function () {
-            $this->Controller->request = new ServerRequest([
+            $this->Controller->setRequest(new ServerRequest([
                 'input' => '"A","csv","string"',
                 'environment' => [
                     'REQUEST_METHOD' => 'POST',
                     'CONTENT_TYPE' => 'text/csv'
                 ]
-            ]);
+            ]));
             $this->RequestHandler->addInputType('csv', ['str_getcsv']);
             $event = new Event('Controller.startup', $this->Controller);
             $this->RequestHandler->startup($event);
             $expected = [
                 'A', 'csv', 'string'
             ];
-            $this->assertEquals($expected, $this->Controller->request->getData());
+            $this->assertEquals($expected, $this->Controller->getRequest()->getData());
         });
     }
 
@@ -763,83 +760,24 @@ XML;
      */
     public function testStartupSkipDataProcess()
     {
-        $this->Controller->request = new ServerRequest([
+        $this->Controller->setRequest(new ServerRequest([
             'environment' => [
                 'REQUEST_METHOD' => 'POST',
                 'CONTENT_TYPE' => 'application/json'
             ]
-        ]);
+        ]));
 
         $event = new Event('Controller.startup', $this->Controller);
         $this->RequestHandler->startup($event);
-        $this->assertEquals([], $this->Controller->request->getData());
+        $this->assertEquals([], $this->Controller->getRequest()->getData());
 
         $stream = new Stream('php://memory', 'w');
         $stream->write('{"new": "data"}');
-        $this->Controller->request = $this->Controller->request
+        $this->Controller->setRequest($this->Controller->getRequest()
             ->withBody($stream)
-            ->withParsedBody(['old' => 'news']);
+            ->withParsedBody(['old' => 'news']));
         $this->RequestHandler->startup($event);
-        $this->assertEquals(['old' => 'news'], $this->Controller->request->getData());
-    }
-
-    /**
-     * test beforeRedirect when disabled.
-     *
-     * @return void
-     * @triggers Controller.startup $this->Controller
-     */
-    public function testBeforeRedirectDisabled()
-    {
-        static::setAppNamespace();
-        Router::connect('/:controller/:action');
-        $this->Controller->request = $this->Controller->request->withHeader('X-Requested-With', 'XMLHttpRequest');
-
-        $event = new Event('Controller.startup', $this->Controller);
-        $this->RequestHandler->initialize([]);
-        $this->RequestHandler->setConfig('enableBeforeRedirect', false);
-        $this->RequestHandler->startup($event);
-        $this->assertNull($this->RequestHandler->beforeRedirect($event, '/posts/index', $this->Controller->response));
-    }
-
-    /**
-     * testNonAjaxRedirect method
-     *
-     * @group deprecated
-     * @return void
-     * @triggers Controller.startup $this->Controller
-     */
-    public function testNonAjaxRedirect()
-    {
-        $this->deprecated(function () {
-            $event = new Event('Controller.startup', $this->Controller);
-            $this->RequestHandler->initialize([]);
-            $this->RequestHandler->startup($event);
-            $this->assertNull($this->RequestHandler->beforeRedirect($event, '/', $this->Controller->response));
-        });
-    }
-
-    /**
-     * test that redirects with ajax and no URL don't do anything.
-     *
-     * @group deprecated
-     * @return void
-     * @triggers Controller.startup $this->Controller
-     */
-    public function testAjaxRedirectWithNoUrl()
-    {
-        $this->deprecated(function () {
-            $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest';
-            $event = new Event('Controller.startup', $this->Controller);
-            $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')->getMock();
-
-            $this->Controller->response->expects($this->never())
-                ->method('body');
-
-            $this->RequestHandler->initialize([]);
-            $this->RequestHandler->startup($event);
-            $this->assertNull($this->RequestHandler->beforeRedirect($event, null, $this->Controller->response));
-        });
+        $this->assertEquals(['old' => 'news'], $this->Controller->getRequest()->getData());
     }
 
     /**
@@ -867,9 +805,9 @@ XML;
 
         $this->RequestHandler->renderAs($this->Controller, 'xml', ['attachment' => 'myfile.xml']);
         $this->assertEquals('Cake\View\XmlView', $this->Controller->viewClass);
-        $this->assertEquals('application/xml', $this->Controller->response->getType());
-        $this->assertEquals('UTF-8', $this->Controller->response->getCharset());
-        $this->assertContains('myfile.xml', $this->Controller->response->getHeaderLine('Content-Disposition'));
+        $this->assertEquals('application/xml', $this->Controller->getResponse()->getType());
+        $this->assertEquals('UTF-8', $this->Controller->getResponse()->getCharset());
+        $this->assertContains('myfile.xml', $this->Controller->getResponse()->getHeaderLine('Content-Disposition'));
     }
 
     /**
@@ -881,11 +819,11 @@ XML;
     {
         $result = $this->RequestHandler->respondAs('json');
         $this->assertTrue($result);
-        $this->assertEquals('application/json', $this->Controller->response->getType());
+        $this->assertEquals('application/json', $this->Controller->getResponse()->getType());
 
         $result = $this->RequestHandler->respondAs('text/xml');
         $this->assertTrue($result);
-        $this->assertEquals('text/xml', $this->Controller->response->getType());
+        $this->assertEquals('text/xml', $this->Controller->getResponse()->getType());
     }
 
     /**
@@ -897,7 +835,7 @@ XML;
     {
         $result = $this->RequestHandler->respondAs('xml', ['attachment' => 'myfile.xml']);
         $this->assertTrue($result);
-        $response = $this->Controller->response;
+        $response = $this->Controller->getResponse();
         $this->assertContains('myfile.xml', $response->getHeaderLine('Content-Disposition'));
         $this->assertContains('application/xml', $response->getType());
     }
@@ -1019,7 +957,7 @@ XML;
             ->with('mobile')
             ->will($this->returnValue(true));
 
-        $this->Controller->request = $request;
+        $this->Controller->setRequest($request);
         $this->assertTrue($this->RequestHandler->isMobile());
     }
 
@@ -1051,14 +989,14 @@ XML;
      */
     public function testAccepts()
     {
-        $this->Controller->request = $this->request->withHeader(
+        $this->Controller->setRequest($this->request->withHeader(
             'Accept',
             'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5'
-        );
+        ));
         $this->assertTrue($this->RequestHandler->accepts(['js', 'xml', 'html']));
         $this->assertFalse($this->RequestHandler->accepts(['gif', 'jpeg', 'foo']));
 
-        $this->Controller->request = $this->request->withHeader('Accept', '*/*;q=0.5');
+        $this->Controller->setRequest($this->request->withHeader('Accept', '*/*;q=0.5'));
         $this->assertFalse($this->RequestHandler->accepts('rss'));
     }
 
@@ -1101,226 +1039,6 @@ XML;
     }
 
     /**
-     * test that AJAX requests involving redirects trigger requestAction instead.
-     *
-     * @group deprecated
-     * @return void
-     * @triggers Controller.beforeRedirect $this->Controller
-     */
-    public function testAjaxRedirectAsRequestAction()
-    {
-        $this->deprecated(function () {
-            static::setAppNamespace();
-            Router::connect('/:controller/:action');
-            $event = new Event('Controller.beforeRedirect', $this->Controller);
-
-            $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
-            $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
-                ->setMethods(['is'])
-                ->getMock();
-            $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
-                ->setMethods(['_sendHeader', 'stop'])
-                ->getMock();
-            $this->Controller->request->expects($this->any())
-                ->method('is')
-                ->will($this->returnValue(true));
-
-            $response = $this->RequestHandler->beforeRedirect(
-                $event,
-                ['controller' => 'RequestHandlerTest', 'action' => 'destination'],
-                $this->Controller->response
-            );
-            $this->assertRegExp('/posts index/', $response->body(), 'RequestAction redirect failed.');
-        });
-    }
-
-    /**
-     * Test that AJAX requests involving redirects handle querystrings
-     *
-     * @group deprecated
-     * @return void
-     * @triggers Controller.beforeRedirect $this->Controller
-     */
-    public function testAjaxRedirectAsRequestActionWithQueryString()
-    {
-        $this->deprecated(function () {
-            static::setAppNamespace();
-            Router::connect('/:controller/:action');
-
-            $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
-            $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
-                ->setMethods(['is'])
-                ->getMock();
-            $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
-                ->setMethods(['_sendHeader', 'stop'])
-                ->getMock();
-            $this->Controller->request->expects($this->any())
-                ->method('is')
-                ->with('ajax')
-                ->will($this->returnValue(true));
-            $event = new Event('Controller.beforeRedirect', $this->Controller);
-
-            $response = $this->RequestHandler->beforeRedirect(
-                $event,
-                '/request_action/params_pass?a=b&x=y?ish',
-                $this->Controller->response
-            );
-            $data = json_decode($response, true);
-            $this->assertEquals('/request_action/params_pass', $data['here']);
-
-            $response = $this->RequestHandler->beforeRedirect(
-                $event,
-                '/request_action/query_pass?a=b&x=y?ish',
-                $this->Controller->response
-            );
-            $data = json_decode($response, true);
-            $this->assertEquals('y?ish', $data['x']);
-        });
-    }
-
-    /**
-     * Test that AJAX requests involving redirects handle cookie data
-     *
-     * @group deprecated
-     * @return void
-     * @triggers Controller.beforeRedirect $this->Controller
-     */
-    public function testAjaxRedirectAsRequestActionWithCookieData()
-    {
-        $this->deprecated(function () {
-            static::setAppNamespace();
-            Router::connect('/:controller/:action');
-            $event = new Event('Controller.beforeRedirect', $this->Controller);
-
-            $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
-            $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
-                ->setMethods(['is'])
-                ->getMock();
-            $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
-                ->setMethods(['_sendHeader', 'stop'])
-                ->getMock();
-            $this->Controller->request->expects($this->any())->method('is')->will($this->returnValue(true));
-
-            $cookies = [
-                'foo' => 'bar'
-            ];
-            $this->Controller->request->cookies = $cookies;
-
-            $response = $this->RequestHandler->beforeRedirect(
-                $event,
-                '/request_action/cookie_pass',
-                $this->Controller->response
-            );
-            $data = json_decode($response, true);
-            $this->assertEquals($cookies, $data);
-        });
-    }
-
-    /**
-     * Tests that AJAX requests involving redirects don't let the status code bleed through.
-     *
-     * @group deprecated
-     * @return void
-     * @triggers Controller.beforeRedirect $this->Controller
-     */
-    public function testAjaxRedirectAsRequestActionStatusCode()
-    {
-        $this->deprecated(function () {
-            static::setAppNamespace();
-            Router::connect('/:controller/:action');
-            $event = new Event('Controller.beforeRedirect', $this->Controller);
-
-            $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
-            $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
-                ->setMethods(['is'])
-                ->getMock();
-            $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
-                ->setMethods(['_sendHeader', 'stop'])
-                ->getMock();
-            $this->Controller->response->statusCode(302);
-            $this->Controller->request->expects($this->any())->method('is')->will($this->returnValue(true));
-
-            $response = $this->RequestHandler->beforeRedirect(
-                $event,
-                ['controller' => 'RequestHandlerTest', 'action' => 'destination'],
-                $this->Controller->response
-            );
-            $this->assertRegExp('/posts index/', $response->body(), 'RequestAction redirect failed.');
-            $this->assertSame(200, $response->statusCode());
-        });
-    }
-
-    /**
-     * test that ajax requests involving redirects don't force no layout
-     * this would cause the ajax layout to not be rendered.
-     *
-     * @group deprecated
-     * @return void
-     * @triggers Controller.beforeRedirect $this->Controller
-     */
-    public function testAjaxRedirectAsRequestActionStillRenderingLayout()
-    {
-        $this->deprecated(function () {
-            static::setAppNamespace();
-            Router::connect('/:controller/:action');
-            $event = new Event('Controller.beforeRedirect', $this->Controller);
-
-            $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
-            $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
-                ->setMethods(['is'])
-                ->getMock();
-            $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
-                ->setMethods(['_sendHeader', 'stop'])
-                ->getMock();
-            $this->Controller->request->expects($this->any())->method('is')->will($this->returnValue(true));
-
-            $response = $this->RequestHandler->beforeRedirect(
-                $event,
-                ['controller' => 'RequestHandlerTest', 'action' => 'ajax2_layout'],
-                $this->Controller->response
-            );
-            $this->assertRegExp('/posts index/', $response->body(), 'RequestAction redirect failed.');
-            $this->assertRegExp('/Ajax!/', $response->body(), 'Layout was not rendered.');
-        });
-    }
-
-    /**
-     * test that the beforeRedirect callback properly converts
-     * array URLs into their correct string ones, and adds base => false so
-     * the correct URLs are generated.
-     *
-     * @group deprecated
-     * @return void
-     * @triggers Controller.beforeRender $this->Controller
-     */
-    public function testBeforeRedirectCallbackWithArrayUrl()
-    {
-        $this->deprecated(function () {
-            static::setAppNamespace();
-            Router::connect('/:controller/:action/*');
-            $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest';
-            $event = new Event('Controller.beforeRender', $this->Controller);
-
-            Router::setRequestInfo([
-                ['plugin' => null, 'controller' => 'accounts', 'action' => 'index', 'pass' => []],
-                ['base' => '', 'here' => '/accounts/', 'webroot' => '/']
-            ]);
-
-            $RequestHandler = new RequestHandlerComponent($this->Controller->components());
-            $this->Controller->request = new ServerRequest('posts/index');
-
-            ob_start();
-            $RequestHandler->beforeRedirect(
-                $event,
-                ['controller' => 'RequestHandlerTest', 'action' => 'param_method', 'first', 'second'],
-                $this->Controller->response
-            );
-            $result = ob_get_clean();
-            $this->assertEquals('one: first two: second', $result);
-        });
-    }
-
-    /**
      * testAddInputTypeException method
      *
      * @group deprecated
@@ -1352,9 +1070,9 @@ XML;
         $event = new Event('Controller.beforeRender', $this->Controller);
         $requestHandler = new RequestHandlerComponent($this->Controller->components());
         $this->assertFalse($requestHandler->beforeRender($event));
-        $this->assertEquals(304, $this->Controller->response->getStatusCode());
-        $this->assertEquals('', (string)$this->Controller->response->getBody());
-        $this->assertFalse($this->Controller->response->hasHeader('Content-Type'), 'header should not be removed.');
+        $this->assertEquals(304, $this->Controller->getResponse()->getStatusCode());
+        $this->assertEquals('', (string)$this->Controller->getResponse()->getBody());
+        $this->assertFalse($this->Controller->getResponse()->hasHeader('Content-Type'), 'header should not be removed.');
     }
 
     /**
@@ -1376,9 +1094,9 @@ XML;
 
         $requestHandler = new RequestHandlerComponent($this->Controller->components());
         $this->assertFalse($requestHandler->beforeRender($event));
-        $this->assertEquals(304, $this->Controller->response->getStatusCode());
-        $this->assertEquals('', (string)$this->Controller->response->getBody());
-        $this->assertFalse($this->Controller->response->hasHeader('Content-Type'));
+        $this->assertEquals(304, $this->Controller->getResponse()->getStatusCode());
+        $this->assertEquals('', (string)$this->Controller->getResponse()->getBody());
+        $this->assertFalse($this->Controller->getResponse()->hasHeader('Content-Type'));
     }
 
     /**
@@ -1404,9 +1122,9 @@ XML;
         $requestHandler = new RequestHandlerComponent($this->Controller->components());
         $this->assertFalse($requestHandler->beforeRender($event));
 
-        $this->assertEquals(304, $this->Controller->response->getStatusCode());
-        $this->assertEquals('', (string)$this->Controller->response->getBody());
-        $this->assertFalse($this->Controller->response->hasHeader('Content-type'));
+        $this->assertEquals(304, $this->Controller->getResponse()->getStatusCode());
+        $this->assertEquals('', (string)$this->Controller->getResponse()->getBody());
+        $this->assertFalse($this->Controller->getResponse()->hasHeader('Content-type'));
     }
 
     /**
@@ -1484,7 +1202,7 @@ XML;
         $this->Controller->set_response_type();
         $event = new Event('Controller.beforeRender', $this->Controller);
         $this->RequestHandler->beforeRender($event);
-        $this->assertEquals('text/plain', $this->Controller->response->getType());
+        $this->assertEquals('text/plain', $this->Controller->getResponse()->getType());
     }
 
     /**
@@ -1499,6 +1217,6 @@ XML;
 
         $event = new Event('Controller.beforeRender', $this->Controller);
         $this->RequestHandler->beforeRender($event);
-        $this->assertEquals('text/csv', $this->Controller->response->getType());
+        $this->assertEquals('text/csv', $this->Controller->getResponse()->getType());
     }
 }

tests/TestCase/Controller/Component/SecurityComponentTest.php

@@ -170,7 +170,6 @@ class SecurityComponentTest extends TestCase
         $this->Controller->Security = $this->Controller->TestSecurity;
         $this->Controller->Security->setConfig('blackHoleCallback', 'fail');
         $this->Security = $this->Controller->Security;
-        $this->Security->session = $session;
         Security::setSalt('foo!');
     }
 
@@ -184,7 +183,6 @@ class SecurityComponentTest extends TestCase
     {
         parent::tearDown();
         $_SERVER = $this->server;
-        $this->Security->session->delete('_Token');
         unset($this->Controller->Security);
         unset($this->Controller->Component);
         unset($this->Controller);
@@ -216,7 +214,7 @@ class SecurityComponentTest extends TestCase
         $this->expectException(\Cake\Http\Exception\BadRequestException::class);
         $request = new ServerRequest([
             'url' => 'posts/index',
-            'session' => $this->Security->session,
+            'session' => new Session(),
             'params' => [
                 'controller' => 'posts',
                 'action' => 'index'
@@ -241,9 +239,9 @@ class SecurityComponentTest extends TestCase
      */
     public function testExceptionWhenActionIsBlackholeCallback()
     {
-        $this->Controller->request = $this->Controller->request
+        $this->Controller->setRequest($this->Controller->getRequest()
             ->withParam('controller', 'posts')
-            ->withParam('action', 'fail');
+            ->withParam('action', 'fail'));
 
         $event = new Event('Controller.startup', $this->Controller);
         $this->assertFalse($this->Controller->failed);
@@ -278,7 +276,7 @@ class SecurityComponentTest extends TestCase
     {
         $event = new Event('Controller.startup', $this->Controller);
         $this->Controller->Security->startup($event);
-        $this->assertTrue($this->Security->session->check('_Token'));
+        $this->assertTrue($this->Controller->getRequest()->getSession()->check('_Token'));
     }
 
     /**
@@ -289,10 +287,10 @@ class SecurityComponentTest extends TestCase
      */
     public function testRequireSecureFail()
     {
-        $this->Controller->request = $this->Controller->request
+        $this->Controller->setRequest($this->Controller->getRequest()
             ->withParam('action', 'posted')
             ->withEnv('HTTPS', 'off')
-            ->withEnv('REQUEST_METHOD', 'POST');
+            ->withEnv('REQUEST_METHOD', 'POST'));
 
         $event = new Event('Controller.startup', $this->Controller);
         $this->Controller->Security->requireSecure(['posted']);
@@ -308,10 +306,10 @@ class SecurityComponentTest extends TestCase
      */
     public function testRequireSecureSucceed()
     {
-        $this->Controller->request = $this->Controller->request
+        $this->Controller->setRequest($this->Controller->getRequest()
             ->withParam('action', 'posted')
             ->withEnv('HTTPS', 'on')
-            ->withEnv('REQUEST_METHOD', 'Secure');
+            ->withEnv('REQUEST_METHOD', 'Secure'));
         $event = new Event('Controller.startup', $this->Controller);
         $this->Controller->Security->requireSecure('posted');
         $this->Controller->Security->startup($event);
@@ -326,10 +324,10 @@ class SecurityComponentTest extends TestCase
      */
     public function testRequireSecureEmptyFail()
     {
-        $this->Controller->request = $this->Controller->request
+        $this->Controller->setRequest($this->Controller->getRequest()
             ->withParam('action', 'posted')
             ->withEnv('HTTPS', 'off')
-            ->withEnv('REQUEST_METHOD', 'POST');
+            ->withEnv('REQUEST_METHOD', 'POST'));
         $event = new Event('Controller.startup', $this->Controller);
         $this->Controller->Security->requireSecure();
         $this->Controller->Security->startup($event);
@@ -344,10 +342,10 @@ class SecurityComponentTest extends TestCase
      */
     public function testRequireSecureEmptySucceed()
     {
-        $this->Controller->request = $this->Controller->request
+        $this->Controller->setRequest($this->Controller->getRequest()
             ->withParam('action', 'posted')
             ->withEnv('HTTPS', 'on')
-            ->withEnv('REQUEST_METHOD', 'Secure');
+            ->withEnv('REQUEST_METHOD', 'Secure'));
         $event = new Event('Controller.startup', $this->Controller);
         $this->Controller->Security->requireSecure();
         $this->Controller->Security->startup($event);
@@ -365,21 +363,21 @@ class SecurityComponentTest extends TestCase
     {
         $this->deprecated(function () {
             $event = new Event('Controller.startup', $this->Controller);
-            $this->Controller->request = $this->Controller->request
+            $this->Controller->setRequest($this->Controller->getRequest()
                 ->withParam('action', 'posted')
                 ->withData('username', 'willy')
                 ->withData('password', 'somePass')
-                ->withEnv('REQUEST_METHOD', 'AUTH');
+                ->withEnv('REQUEST_METHOD', 'AUTH'));
             $this->Security->requireAuth(['posted']);
             $this->Security->startup($event);
             $this->assertTrue($this->Controller->failed);
 
-            $this->Controller->request->getSession()->write('_Token', ['allowedControllers' => []]);
+            $this->Controller->getRequest()->getSession()->write('_Token', ['allowedControllers' => []]);
             $this->Security->requireAuth('posted');
             $this->Security->startup($event);
             $this->assertTrue($this->Controller->failed);
 
-            $this->Controller->request->getSession()->write('_Token', [
+            $this->Controller->getRequest()->getSession()->write('_Token', [
                 'allowedControllers' => ['SecurityTest'], 'allowedActions' => ['posted2']
             ]);
             $this->Security->requireAuth('posted');
@@ -402,27 +400,28 @@ class SecurityComponentTest extends TestCase
             $this->Controller->Security->setConfig('validatePost', false);
 
             $event = new Event('Controller.startup', $this->Controller);
-            $this->Controller->request->addParams([
+            $this->Controller->getRequest()->addParams([
                 'action' => 'posted'
             ]);
             $this->Security->requireAuth('posted');
             $this->Security->startup($event);
             $this->assertFalse($this->Controller->failed);
 
-            $this->Controller->Security->session->write('_Token', [
+            $this->Controller->getRequest()->getSession()->write('_Token', [
                 'allowedControllers' => ['SecurityTest'],
                 'allowedActions' => ['posted'],
             ]);
-            $this->Controller->request->addParams([
+            $this->Controller->getRequest()->addParams([
                 'controller' => 'SecurityTest',
                 'action' => 'posted'
             ]);
 
-            $this->Controller->request->data = [
-                'username' => 'willy',
-                'password' => 'somePass',
-                '_Token' => ''
-            ];
+            $request = $this->Controller->getRequest()
+                ->withData('username', 'willy')
+                ->withData('password', 'somePass')
+                ->withData('_Token', '');
+            $this->Controller->setRequest($request);
+
             $this->Controller->action = 'posted';
             $this->Controller->Security->requireAuth('posted');
             $this->Controller->Security->startup($event);
@@ -447,10 +446,10 @@ class SecurityComponentTest extends TestCase
         $unlocked = '';
         $debug = '';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->setRequest($this->Controller->getRequest()->withParsedBody([
             'Model' => ['username' => 'nate', 'password' => 'foo', 'valid' => '0'],
             '_Token' => compact('fields', 'unlocked', 'debug'),
-        ]);
+        ]));
         $this->assertTrue($this->validatePost());
     }
 
@@ -476,10 +475,10 @@ class SecurityComponentTest extends TestCase
             []
         ]));
 
-        $this->Controller->request = $this->Controller->request
+        $this->Controller->setRequest($this->Controller->getRequest()
             ->withEnv('REQUEST_METHOD', 'GET')
             ->withData('Model', ['username' => 'nate', 'password' => 'foo', 'valid' => '0'])
-            ->withData('_Token', compact('fields', 'unlocked', 'debug'));
+            ->withData('_Token', compact('fields', 'unlocked', 'debug')));
 
         $this->Security->startup($event);
         $this->assertTrue($this->Controller->failed);
@@ -497,7 +496,7 @@ class SecurityComponentTest extends TestCase
     {
         $event = new Event('Controller.startup', $this->Controller);
         $this->Security->startup($event);
-        $this->Security->session->delete('_Token');
+        $this->Controller->getRequest()->getSession()->delete('_Token');
         $unlocked = '';
         $debug = urlencode(json_encode([
             '/articles/index',
@@ -507,10 +506,10 @@ class SecurityComponentTest extends TestCase
 
         $fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3AModel.valid';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->setRequest($this->Controller->getRequest()->withParsedBody([
             'Model' => ['username' => 'nate', 'password' => 'foo', 'valid' => '0'],
             '_Token' => compact('fields', 'unlocked', 'debug')
-        ]);
+        ]));
         $this->assertFalse($this->validatePost('AuthSecurityException', 'Unexpected field \'Model.password\' in POST data, Unexpected field \'Model.username\' in POST data'));
     }
 
@@ -526,14 +525,14 @@ class SecurityComponentTest extends TestCase
     {
         $event = new Event('Controller.startup', $this->Controller);
         $this->Security->startup($event);
-        $this->Security->session->delete('_Token');
+        $this->Controller->getRequest()->getSession()->delete('_Token');
 
         $fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3AModel.valid';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->setRequest($this->Controller->getRequest()->withParsedBody([
             'Model' => ['username' => 'nate', 'password' => 'foo', 'valid' => '0'],
             '_Token' => compact('fields')
-        ]);
+        ]));
         $this->assertFalse($this->validatePost('AuthSecurityException', '\'_Token.unlocked\' was not found in request data.'));
     }
 
@@ -551,7 +550,7 @@ class SecurityComponentTest extends TestCase
         $this->Security->startup($event);
         $unlocked = '';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => ['username' => 'nate', 'password' => 'foo', 'valid' => '0'],
             '_Token' => compact('unlocked')
         ]);
@@ -569,9 +568,9 @@ class SecurityComponentTest extends TestCase
      */
     public function testValidatePostEmptyForm()
     {
-        $this->Controller->request = $this->Controller->request
+        $this->Controller->setRequest($this->Controller->getRequest()
             ->withEnv('REQUEST_METHOD', 'POST')
-            ->withParsedBody([]);
+            ->withParsedBody([]));
         $event = new Event('Controller.startup', $this->Controller);
         $this->Security->startup($event);
         $result = $this->validatePost('AuthSecurityException', '\'_Token\' was not found in request data.');
@@ -603,7 +602,7 @@ class SecurityComponentTest extends TestCase
         $attack = 'O:3:"App":1:{s:5:"__map";a:1:{s:3:"foo";s:7:"Hacked!";s:1:"fail"}}';
         $fields .= urlencode(':' . str_rot13($attack));
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => ['username' => 'mark', 'password' => 'foo', 'valid' => '0'],
             '_Token' => compact('fields', 'unlocked', 'debug')
         ]);
@@ -628,7 +627,7 @@ class SecurityComponentTest extends TestCase
         $unlocked = '';
         $debug = 'not used';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             '_csrfToken' => 'abc123',
             'Model' => ['multi_field' => ['1', '3']],
             '_Token' => compact('fields', 'unlocked', 'debug')
@@ -657,13 +656,13 @@ class SecurityComponentTest extends TestCase
             []
         ]));
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => ['multi_field' => ['1', '3']],
             '_Token' => compact('fields', 'unlocked', 'debug')
         ]);
         $this->assertTrue($this->validatePost());
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => ['multi_field' => [12 => '1', 20 => '3']],
             '_Token' => compact('fields', 'unlocked', 'debug')
         ]);
@@ -690,7 +689,7 @@ class SecurityComponentTest extends TestCase
             []
         ]));
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             1 => 'value,',
             '_Token' => compact('fields', 'unlocked', 'debug')
         ]);
@@ -712,7 +711,7 @@ class SecurityComponentTest extends TestCase
         $unlocked = '';
         $debug = 'not used';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'anything' => 'some_data',
             '_Token' => compact('fields', 'unlocked', 'debug')
         ]);
@@ -736,7 +735,7 @@ class SecurityComponentTest extends TestCase
         $unlocked = '';
         $debug = 'not used';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => ['username' => '', 'password' => ''],
             '_Token' => compact('fields', 'unlocked', 'debug')
         ]);
@@ -754,10 +753,10 @@ class SecurityComponentTest extends TestCase
     public function testValidatePostSubdirectory()
     {
         // set the base path.
-        $this->Controller->request = $this->Controller->request
+        $this->Controller->setRequest($this->Controller->getRequest()
             ->withAttribute('base', 'subdir')
-            ->withAttributE('webroot', 'subdir/');
-        Router::pushRequest($this->Controller->request);
+            ->withAttributE('webroot', 'subdir/'));
+        Router::pushRequest($this->Controller->getRequest());
 
         $event = new Event('Controller.startup', $this->Controller);
         $this->Security->startup($event);
@@ -767,7 +766,7 @@ class SecurityComponentTest extends TestCase
         $unlocked = '';
         $debug = '';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => ['username' => '', 'password' => ''],
             '_Token' => compact('fields', 'unlocked', 'debug')
         ]);
@@ -793,7 +792,7 @@ class SecurityComponentTest extends TestCase
         $unlocked = '';
         $debug = 'not used';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Addresses' => [
                 '0' => [
                     'id' => '123456', 'title' => '', 'first_name' => '', 'last_name' => '',
@@ -827,21 +826,21 @@ class SecurityComponentTest extends TestCase
         $unlocked = '';
         $debug = 'not used';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Tag' => ['Tag' => [1, 2]],
             '_Token' => compact('fields', 'unlocked', 'debug'),
         ]);
         $result = $this->validatePost();
         $this->assertTrue($result);
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Tag' => ['Tag' => [1, 2, 3]],
             '_Token' => compact('fields', 'unlocked', 'debug'),
         ]);
         $result = $this->validatePost();
         $this->assertTrue($result);
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Tag' => ['Tag' => [1, 2, 3, 4]],
             '_Token' => compact('fields', 'unlocked', 'debug'),
         ]);
@@ -849,7 +848,7 @@ class SecurityComponentTest extends TestCase
         $this->assertTrue($result);
 
         $fields = '1e4c9269b64756e9b141d364497c5f037b428a37%3A';
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'User.password' => 'bar', 'User.name' => 'foo', 'User.is_valid' => '1',
             'Tag' => ['Tag' => [1]],
             '_Token' => compact('fields', 'unlocked', 'debug'),
@@ -875,7 +874,7 @@ class SecurityComponentTest extends TestCase
         $unlocked = '';
         $debug = 'not used';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => ['username' => '', 'password' => '', 'valid' => '0'],
             '_Token' => compact('fields', 'unlocked', 'debug'),
         ]);
@@ -885,7 +884,7 @@ class SecurityComponentTest extends TestCase
 
         $fields = '3f368401f9a8610bcace7746039651066cdcdc38%3A';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => ['username' => '', 'password' => '', 'valid' => '0'],
             '_Token' => compact('fields', 'unlocked', 'debug'),
         ]);
@@ -893,10 +892,10 @@ class SecurityComponentTest extends TestCase
         $result = $this->validatePost();
         $this->assertTrue($result);
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([]);
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([]);
         $this->Security->startup($event);
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => ['username' => '', 'password' => '', 'valid' => '0'],
             '_Token' => compact('fields', 'unlocked', 'debug'),
         ]);
@@ -919,7 +918,7 @@ class SecurityComponentTest extends TestCase
         $unlocked = '';
         $debug = 'not used';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => [
                 'username' => '', 'password' => '', 'hidden' => '0',
                 'other_hidden' => 'some hidden value'
@@ -945,7 +944,7 @@ class SecurityComponentTest extends TestCase
         $unlocked = '';
         $debug = 'not used';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => [
                 'username' => '', 'password' => '', 'hidden' => '0'
             ],
@@ -975,7 +974,7 @@ class SecurityComponentTest extends TestCase
         );
         $debug = 'not used';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => [
                 'username' => 'mark',
                 'password' => 'sekret',
@@ -1003,7 +1002,7 @@ class SecurityComponentTest extends TestCase
         $fields = ['Model.hidden', 'Model.password', 'Model.username'];
         $fields = urlencode(Security::hash(serialize($fields) . Security::getSalt()));
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => [
                 'username' => 'mark',
                 'password' => 'sekret',
@@ -1032,7 +1031,7 @@ class SecurityComponentTest extends TestCase
         $fields = urlencode(Security::hash(serialize($fields) . Security::getSalt()));
         $unlocked = '';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => [
                 'username' => 'mark',
                 'password' => 'sekret',
@@ -1061,7 +1060,7 @@ class SecurityComponentTest extends TestCase
         $fields = urlencode(Security::hash(serialize($fields) . Security::getSalt()));
         $unlocked = '';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => [
                 'username' => 'mark',
                 'password' => 'sekret',
@@ -1097,7 +1096,7 @@ class SecurityComponentTest extends TestCase
         // Tamper the values.
         $unlocked = 'Model.username|Model.password';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => [
                 'username' => 'mark',
                 'password' => 'sekret',
@@ -1124,7 +1123,7 @@ class SecurityComponentTest extends TestCase
         $unlocked = '';
         $debug = 'not used';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => ['username' => '', 'password' => '', 'valid' => '0'],
             'Model2' => ['valid' => '0'],
             'Model3' => ['valid' => '0'],
@@ -1149,7 +1148,7 @@ class SecurityComponentTest extends TestCase
         $unlocked = '';
         $debug = 'not used';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => [
                 [
                     'username' => 'username', 'password' => 'password',
@@ -1182,7 +1181,7 @@ class SecurityComponentTest extends TestCase
         $unlocked = '';
         $debug = 'not used';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Address' => [
                 0 => [
                     'id' => '123',
@@ -1231,7 +1230,7 @@ class SecurityComponentTest extends TestCase
         );
         $debug = 'not used';
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'TaxonomyData' => [
                 1 => [[2]],
                 2 => [[3]]
@@ -1280,7 +1279,7 @@ class SecurityComponentTest extends TestCase
             []
         ]));
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Address' => [
                 0 => [
                     'id' => '123',
@@ -1328,7 +1327,7 @@ class SecurityComponentTest extends TestCase
             []
         ]));
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'MyModel' => ['name' => 'some data'],
             '_Token' => compact('fields', 'unlocked', 'debug'),
         ]);
@@ -1338,7 +1337,7 @@ class SecurityComponentTest extends TestCase
         $this->Security->startup($event);
         $this->Security->setConfig('disabledFields', ['MyModel.name']);
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'MyModel' => ['name' => 'some data'],
             '_Token' => compact('fields', 'unlocked', 'debug'),
         ]);
@@ -1367,27 +1366,27 @@ class SecurityComponentTest extends TestCase
             []
         ]));
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             '_Token' => compact('fields', 'unlocked', 'debug'),
         ]);
         $result = $this->validatePost('SecurityException', 'Bad Request');
         $this->assertFalse($result);
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             '_Token' => compact('fields', 'unlocked', 'debug'),
             'Test' => ['test' => '']
         ]);
         $result = $this->validatePost();
         $this->assertTrue($result);
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             '_Token' => compact('fields', 'unlocked', 'debug'),
             'Test' => ['test' => '1']
         ]);
         $result = $this->validatePost();
         $this->assertTrue($result);
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             '_Token' => compact('fields', 'unlocked', 'debug'),
             'Test' => ['test' => '2']
         ]);
@@ -1416,20 +1415,20 @@ class SecurityComponentTest extends TestCase
             []
         ]));
 
-        $this->Controller->request = $this->Controller->request
+        $this->Controller->setRequest($this->Controller->getRequest()
             ->withData('Model', ['username' => '', 'password' => ''])
-            ->withData('_Token', compact('fields', 'unlocked', 'debug'));
+            ->withData('_Token', compact('fields', 'unlocked', 'debug')));
         $this->assertTrue($this->validatePost());
 
-        $this->Controller->request = $this->Controller->request
-            ->withRequestTarget('/posts/index?page=1');
+        $this->Controller->setRequest($this->Controller->getRequest()
+            ->withRequestTarget('/posts/index?page=1'));
         $this->assertFalse($this->validatePost(
             'SecurityException',
             'URL mismatch in POST data (expected \'another-url\' but found \'/posts/index?page=1\')'
         ));
 
-        $this->Controller->request = $this->Controller->request
-            ->withRequestTarget('/posts/edit/1');
+        $this->Controller->setRequest($this->Controller->getRequest()
+            ->withRequestTarget('/posts/edit/1'));
         $this->assertFalse($this->validatePost(
             'SecurityException',
             'URL mismatch in POST data (expected \'another-url\' but found \'/posts/edit/1\')'
@@ -1451,7 +1450,10 @@ class SecurityComponentTest extends TestCase
         $this->Security->startup($event);
 
         $this->Security->blackHole($this->Controller, 'auth');
-        $this->assertTrue($this->Controller->Security->session->check('_Token'), '_Token was deleted by blackHole %s');
+        $this->assertTrue(
+            $this->Controller->getRequest()->getSession()->check('_Token'),
+            '_Token was deleted by blackHole %s'
+        );
     }
 
     /**
@@ -1463,7 +1465,7 @@ class SecurityComponentTest extends TestCase
      */
     public function testGenerateToken()
     {
-        $request = $this->Controller->request;
+        $request = $this->Controller->getRequest();
         $request = $this->Security->generateToken($request);
 
         $this->assertNotEmpty($request->getParam('_Token'));
@@ -1482,7 +1484,7 @@ class SecurityComponentTest extends TestCase
     {
         $_SERVER['REQUEST_METHOD'] = 'POST';
         $event = new Event('Controller.startup', $this->Controller);
-        $this->Controller->request = $this->Controller->request->withParsedBody(['data']);
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody(['data']);
         $this->Security->unlockedActions = 'index';
         $this->Security->blackHoleCallback = null;
         $result = $this->Controller->Security->startup($event);
@@ -1511,7 +1513,7 @@ class SecurityComponentTest extends TestCase
             ['not expected']
         ]));
 
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => [
                 'username' => 'mark',
                 'password' => 'sekret',
@@ -1587,7 +1589,7 @@ class SecurityComponentTest extends TestCase
         ]));
         $fields = urlencode(Security::hash(serialize($fields) . $unlocked . Security::getSalt()));
         $fields .= urlencode(':Model.hidden|Model.id');
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->request = $this->Controller->getRequest()->withParsedBody([
             'Model' => [
                 'hidden' => 'tampered',
                 'id' => '1',
@@ -1620,7 +1622,7 @@ class SecurityComponentTest extends TestCase
         ]));
         $fields = urlencode(Security::hash(serialize($fields) . $unlocked . Security::getSalt()));
         $fields .= urlencode(':Model.hidden|Model.id');
-        $this->Controller->request = $this->Controller->request->withData('Model', [
+        $this->Controller->request = $this->Controller->getRequest()->withData('Model', [
             'hidden' => ['some-key' => 'some-value'],
             'id' => '1',
         ])->withData('_Token', compact('fields', 'unlocked', 'debug'));
@@ -1653,129 +1655,15 @@ class SecurityComponentTest extends TestCase
         ]));
         $fields = urlencode(Security::hash(serialize($fields) . $unlocked . Security::getSalt()));
         $fields .= urlencode(':Model.hidden|Model.id');
-        $this->Controller->request = $this->Controller->request->withParsedBody([
+        $this->Controller->setRequest($this->Controller->getRequest()->withParsedBody([
             'Model' => [
                 'hidden' => ['some-key' => 'some-value'],
                 'id' => '1',
             ],
             '_Token' => compact('fields', 'unlocked', 'debug')
-        ]);
+        ]));
         Configure::write('debug', false);
         $result = $this->validatePost('SecurityException', 'Unexpected \'_Token.debug\' found in request data');
         $this->assertFalse($result);
     }
-
-    /**
-     * testAuthRequiredThrowsExceptionTokenNotFoundPost method
-     *
-     * Auth required throws exception token not found.
-     *
-     * @group deprecated
-     * @return void
-     * @triggers Controller.startup $this->Controller
-     */
-    public function testAuthRequiredThrowsExceptionTokenNotFoundPost()
-    {
-        $this->expectException(\Cake\Controller\Exception\AuthSecurityException::class);
-        $this->expectExceptionMessage('\'_Token\' was not found in request data.');
-        $this->deprecated(function () {
-            $this->Security->setConfig('requireAuth', ['protected']);
-            $this->Controller->request->params['action'] = 'protected';
-            $this->Controller->request->data = 'notEmpty';
-            $this->Security->authRequired($this->Controller);
-        });
-    }
-
-    /**
-     * testAuthRequiredThrowsExceptionTokenNotFoundSession method
-     *
-     * Auth required throws exception token not found in Session.
-     *
-     * @group deprecated
-     * @return void
-     * @triggers Controller.startup $this->Controller
-     */
-    public function testAuthRequiredThrowsExceptionTokenNotFoundSession()
-    {
-        $this->expectException(\Cake\Controller\Exception\AuthSecurityException::class);
-        $this->expectExceptionMessage('\'_Token\' was not found in session.');
-        $this->deprecated(function () {
-            $this->Security->setConfig('requireAuth', ['protected']);
-            $this->Controller->request->params['action'] = 'protected';
-            $this->Controller->request->data = ['_Token' => 'not empty'];
-            $this->Security->authRequired($this->Controller);
-        });
-    }
-
-    /**
-     * testAuthRequiredThrowsExceptionControllerNotAllowed method
-     *
-     * Auth required throws exception controller not allowed.
-     *
-     * @group deprecated
-     * @return void
-     * @triggers Controller.startup $this->Controller
-     */
-    public function testAuthRequiredThrowsExceptionControllerNotAllowed()
-    {
-        $this->expectException(\Cake\Controller\Exception\AuthSecurityException::class);
-        $this->expectExceptionMessage('Controller \'NotAllowed\' was not found in allowed controllers: \'Allowed, AnotherAllowed\'.');
-        $this->deprecated(function () {
-            $this->Security->setConfig('requireAuth', ['protected']);
-            $this->Controller->request->params['controller'] = 'NotAllowed';
-            $this->Controller->request->params['action'] = 'protected';
-            $this->Controller->request->data = ['_Token' => 'not empty'];
-            $this->Controller->request->session()->write('_Token', [
-                'allowedControllers' => ['Allowed', 'AnotherAllowed']
-            ]);
-            $this->Security->authRequired($this->Controller);
-        });
-    }
-
-    /**
-     * testAuthRequiredThrowsExceptionActionNotAllowed method
-     *
-     * Auth required throws exception controller not allowed.
-     *
-     * @return void
-     * @triggers Controller.startup $this->Controller
-     */
-    public function testAuthRequiredThrowsExceptionActionNotAllowed()
-    {
-        $this->expectException(\Cake\Controller\Exception\AuthSecurityException::class);
-        $this->expectExceptionMessage('Action \'NotAllowed::protected\' was not found in allowed actions: \'index, view\'.');
-        $this->deprecated(function () {
-            $this->Security->setConfig('requireAuth', ['protected']);
-            $this->Controller->request->params['controller'] = 'NotAllowed';
-            $this->Controller->request->params['action'] = 'protected';
-            $this->Controller->request->data = ['_Token' => 'not empty'];
-            $this->Controller->request->session()->write('_Token', [
-                'allowedActions' => ['index', 'view']
-            ]);
-            $this->Security->authRequired($this->Controller);
-        });
-    }
-
-    /**
-     * testAuthRequired method
-     *
-     * Auth required throws exception controller not allowed.
-     *
-     * @return void
-     * @triggers Controller.startup $this->Controller
-     */
-    public function testAuthRequired()
-    {
-        $this->deprecated(function () {
-            $this->Security->setConfig('requireAuth', ['protected']);
-            $this->Controller->request->params['controller'] = 'Allowed';
-            $this->Controller->request->params['action'] = 'protected';
-            $this->Controller->request->data = ['_Token' => 'not empty'];
-            $this->Controller->request->session()->write('_Token', [
-                'allowedActions' => ['protected'],
-                'allowedControllers' => ['Allowed'],
-            ]);
-            $this->assertTrue($this->Security->authRequired($this->Controller));
-        });
-    }
 }