How to mock AuthenticationManager authenticate method using Spring Security and Mockito

Question

I'm trying to use Mockito to test whether when the user hits the login api, it will respond with a JWT token. However, I keep getting the Bad Credentials error which comes from the authenticationManager.authenticate() method inside Spring Security. I'm now trying to mock this method, but I keep getting a variety of different errors and not sure if my approach is correct. This is my latest implementation, which now fails with You cannot use argument matchers outside of verification or stubbing as it's not liking how I'm using the mocks.

@WebMvcTest(value = UserCommandController.class, includeFilters = {
    // to include JwtUtil in spring context
    @ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, classes = JwtUtil.class)})
class UserCommandControllerTest {

Logger logger = LoggerFactory.getLogger(UserCommandControllerTest.class);

@MockBean
private UserCommandService userCommandService;

@Autowired
private MockMvc mockMvc;

@MockBean
private UserDetailsServiceImpl userDetailsServiceImpl;

@MockBean
private JwtUtil jwtUtil;

@Autowired
private JwtRequestFilter jwtRequestFilter;

@Autowired
AuthenticationManager authenticationManager;

private static UserDetails dummy;
private static String jwtToken;

@BeforeEach
public void setUp() {
    dummy = new User("[email protected]", "123456", new ArrayList<>());
    jwtToken = jwtUtil.generateToken(dummy);
}


@Test
void testLoginReturnsJwt() throws Exception {

    AuthenticationRequest authenticationRequest = new AuthenticationRequest("[email protected]", "123456");
    AuthenticationResponse authenticationResponse = new AuthenticationResponse("anyjwt");

    String jsonRequest = asJsonString(authenticationRequest);
    String jsonResponse = asJsonString(authenticationResponse);

    RequestBuilder request = MockMvcRequestBuilders
            .post("/api/adverts/user/login")
            .content(jsonRequest)
            .contentType(MediaType.APPLICATION_JSON_VALUE)
            .accept(MediaType.APPLICATION_JSON);

    Authentication authentication = mock(Authentication.class);
    authentication.setAuthenticated(true);
    when(authentication.isAuthenticated()).thenReturn(true);

    when(authenticationManager.authenticate(any())).thenReturn(authentication); // Failing here

    when(jwtUtil.generateToken(dummy)).thenReturn("124");
    when(userDetailsServiceImpl.loadUserByUsername(eq("[email protected]"))).thenReturn(dummy);

    MvcResult mvcResult = mockMvc.perform(request)
            .andExpect(status().is2xxSuccessful())
            .andExpect(content().json(jsonResponse, true))
            .andExpect(jsonPath("$.jwt").value(isNotNull()))
            .andReturn();
}

Here is my controller:

@PostMapping(value = "/login", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<Object> loginUser(@Valid @RequestBody AuthenticationRequest authenticationRequest) throws Exception {

    try {
        Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(authenticationRequest.getUsername(), authenticationRequest.getPassword()));
    } catch (BadCredentialsException e) {
        throw new Exception("incorrect username or password", e);
    }

    UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());

    String jwt = jwtTokenUtil.generateToken(userDetails);

    return ResponseEntity.ok(new AuthenticationResponse(jwt));
}

Thank you.

PS: Here is my repo and where AuthenticationManager is set: https://github.com/francislainy/adverts-backend/blob/dev_jwt/src/main/java/com/example/adverts/MyWebSecurity.java#L30

A shot in the dark: your AuthenticationManager is not a mock. Try annotating it with @MockBean instead of @Autowired. — jannis
– jannis, Commented Dec 10, 2021 at 15:32
Thank you. I'd tried that before but I'm afraid I get the same error. — Francislainy Campos
– Francislainy Campos, Commented Dec 10, 2021 at 15:39
Here is my repo: github.com/francislainy/adverts-backend/blob/dev_jwt/src/test/… — Francislainy Campos
– Francislainy Campos, Commented Dec 10, 2021 at 15:42
AuthenticationManager is here: github.com/francislainy/adverts-backend/blob/dev_jwt/src/main/… — Francislainy Campos
– Francislainy Campos, Commented Dec 10, 2021 at 15:46

jannis · Accepted Answer · 2022-07-03 14:10:16Z

2

You need the AuthenticationManager to be a mock and in your code it's not (@Autowired injects a "real" instance). You can mock beans using MockBean annotation:

@MockBean
AuthenticationManager authenticationManager;

Now you can mock authenticationManager all you want.

Another problem with your code is that you are misusing the ArgumentMatchers.isNotNull() matcher in your assertions causing an exception:

org.mockito.exceptions.misusing.InvalidUseOfMatchersException: 
Misplaced or misused argument matcher detected here:

-> at com.example.adverts.controller.user.UserCommandControllerTest.testLoginReturnsJwt(UserCommandControllerTest.java:356)

You cannot use argument matchers outside of verification or stubbing.
Examples of correct usage of argument matchers:
    when(mock.get(anyInt())).thenReturn(null);
    doThrow(new RuntimeException()).when(mock).someVoidMethod(any());
    verify(mock).someMethod(contains("foo"))

This message may appear after an NullPointerException if the last matcher is returning an object 
like any() but the stubbed method signature expect a primitive argument, in this case,
use primitive alternatives.
    when(mock.get(any())); // bad use, will raise NPE
    when(mock.get(anyInt())); // correct usage use

Also, this error might show up because you use argument matchers with methods that cannot be mocked.
Following methods *cannot* be stubbed/verified: final/private/equals()/hashCode().
Mocking methods declared on non-public parent classes is not supported.

ArgumentMatchers provides matchers to be used in method call stubbing and verification. You should use org.hamcrest.CoreMatchers#notNullValue() instead.

With these fixes your test passes all in green.

edited Jul 3, 2022 at 14:10

answered Dec 10, 2021 at 17:30

jannis

5,2881 gold badge26 silver badges57 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

Francislainy Campos Over a year ago

Great! Thank you so much. Yes, using .andExpect(jsonPath("$.jwt").value(is(notNullValue()))) and the @MockBean fixed the problem. And it was not needed to mock the authenticate method so I removed those when related lines. Cheers.

iTchTheRightSpot Over a year ago

A have a similar issue to your question. I wanted to know if the your GrantedAuthorities in the Mocked AuthenticationManager was empty @FrancislainyCampos

Collectives™ on Stack Overflow

How to mock AuthenticationManager authenticate method using Spring Security and Mockito

1 Answer 1

2 Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

2 Comments

Your Answer

Sign up or log in

Post as a guest

Related