9

I'm unable to configure correctly the security in my tests. My web security configuration:

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/api/**").hasRole("USER")
                .and()
                .httpBasic()
        ;
    }
}

And my test class:

@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration
@ContextConfiguration(classes = {Application.class, AppConfig.class, WebMvcConfig.class, WebSecurityConfig.class})
@WebAppConfiguration
public class TestControllerTest {

    @Autowired
    private WebApplicationContext wac;

    private MockMvc mockMvc;

    @Before
    public void setUp() {
        MockitoAnnotations.initMocks(this);
        this.mockMvc = webAppContextSetup(wac).dispatchOptions(true).build();
    }

    @Test
    public void getTest() throws Exception {
        mockMvc
                .perform(get("/api/test"))
                .andExpect(status().isForbidden())
        ;
    }
}

I get a 404 status code meaning the security layer is not executed, so it is not configured correctly in my test class. I tried to switch the classes from @ContextConfiguration to @SpringApplicationConfiguration without success.

Improve this question

2 Answers 2

Reset to default
8

Make the following modifications to your code: 

   @Autowired
   private FilterChainProxy filterChainProxy;


    @Before
    public void setUp() {
        MockitoAnnotations.initMocks(this);
        this.mockMvc = webAppContextSetup(wac).dispatchOptions(true).addFilters(filterChainProxy).build();
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you for this answer! I spent a whole day figuring out what I'm doing wrong :)
@jeremija Happens to everyone! Glad to help!
In spring-security 4.x there's a new approach: stackoverflow.com/questions/30536710/…
7

As said in reference for Spring Security 4.0.4:

In order to use Spring Security with Spring MVC Test it is necessary to add the Spring Security FilterChainProxy as a Filter. It is also necessary to add Spring Security’s TestSecurityContextHolderPostProcessor to support Running as a User in Spring MVC Test with Annotations. This can be done using Spring Security’s SecurityMockMvcConfigurers.springSecurity().

Example:

import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*;

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration
@WebAppConfiguration
public class TestControllerTest {

    @Autowired
    private WebApplicationContext wac;

    private MockMvc mockMvc;

    @Before
    public void setup() {
        mockMvc = MockMvcBuilders
                .webAppContextSetup(wac)
                .apply(springSecurity()) //will perform all of the initial setup to integrate Spring Security with Spring MVC Test
                .build();
    }
Improve this answer

1 Comment

Just a note: This is necessary to use e.g. @WickMovkUser.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.