I have this:
@Secured(['ROLE_USER', 'ROLE_HELPDESK', 'ROLE_ADMIN'])
class MyController {
def edit = {
}
@Secured(['ROLE_ADMIN'])
def uploadForUser = {
params.userId = params.id
forward(controller: 'someController', action: 'someAction', params: params)
}
}
and an integration test I think should fail:
public void test_uploadForUser_unauthenticated(){
myController.params.id = "testUser"
myController.uploadForUser()
}
And yet the tests pass. Is there any way to test controllers annotated with the spring security plugin?
These annotations are analyzed by SpringSecurityFilter
, so they don't work if you don't have an actual HTTP request performed.
Thus, you need either to switch to checking the roles by conditionals inside the actions, like being done here, or test it with WebDriver/Geb or some simpler framework -- very nice approach is presented in Grails Security Plugin itself.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With