Spring Boot version: 2.0.4.RELEASE
For the Spring Boot Test below, the test returns an unwanted 401 response:
"401" status, "error": "unauthorized"
What is the best way to disable Spring Security for the tests?
I tried a adding a configuration "security.basic.enabled=false" property like so:
@SpringBootTest(<br>
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,<br>
classes = TestApp.class,<br>
properties = {
"security.basic.enabled=false"
})
And also adding this annotation to the class:
@AutoConfigureMockMvc(secure = false)
But unfortunately the test still returns a "401" unauthorized error code.
Original test
@RunWith(SpringRunner.class)
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = App.class
)
public class ExampleTest{
@Autowired
public void setup(@LocalServerPort int port) {
RestAssured.port = port;
}
@Test
public voidtestMethod() {
// This test code is not important to my question.
given().log().all().get("/resources").then().log().all().statusCode(HttpURLConnection.HTTP_BAD_REQUEST).body("error", equalTo("invalid_request")).body(not(containsString("error_reason")));
}
}
The class being unit tested is simple:
@SpringBootApplication
@RestController
public class App {
@GetMapping("/resources")
public String[] resources(
@RequestParam("mandatory_param") String mandatory,
@RequestParam("valid_param") @NotNull String validParam) {
return new String[]{"1", "2"};
}
...
}
Does anyone know how to disable spring security for the test? Thank you
To use Spring Security in your unit tests, you need to add spring-security-test to your Spring Boot project. This way the contextual configuration of the tests can be combined with Spring Security, and the next few tricks will teach you. All tests are done under Spring Boot Test, which is supported by the @SpringBootTest annotation.
1. Introduction The ability to execute integration tests without the need for a standalone integration environment is a valuable feature for any software stack. The seamless integration of Spring Boot with Spring Security makes it simple to test components that interact with a security layer.
The following methods falls under this category: Disable Security with Test Security Configuration Execute the tests with Spring Security using Mock Authentication. In this approch, we will not actually disable the security. Instead, we will be running the tests with mock user and roles.
This tutorial provides you with these mechanics and goes into the technical details that are necessary to write good unit tests with a focus on Spring Boot applications.
Using both @SpringBootTest
with a random port and @AutoConfiguration
might be an issue.
Can you try:
@RunWith(SpringRunner.class)
@WebMvcTest(App.class)
@AutoConfigureMockMvc(secure = false)
public class ExampleTest{}
or
@RunWith(SpringRunner.class)
@SpringBootTest
@EnableAutoConfiguration(exclude = { SecurityAutoConfiguration.class, ManagementSecurityAutoConfiguration.class })
public class ExampleTest{}
You can event add a custom profile(integration_test) and make:
security:
basic:
enabled: false
@RunWith(SpringRunner.class)
@SpringBootTest
@ActiveProfiles(value="integration_test")
public class ExampleTest{}
Update: Just found similar answer already in another SO question : Disable security for unit tests with spring boot
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With