Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring Boot: Disable security for Spring Boot Unit Test [duplicate]

Spring Boot version: 2.0.4.RELEASE
For the Spring Boot Test below, the test returns an unwanted 401 response:

"401" status, "error": "unauthorized"

What is the best way to disable Spring Security for the tests?
I tried a adding a configuration "security.basic.enabled=false" property like so:

@SpringBootTest(<br>
    webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,<br>
    classes = TestApp.class,<br>
    properties = {
        "security.basic.enabled=false"
})

And also adding this annotation to the class:

@AutoConfigureMockMvc(secure = false)

But unfortunately the test still returns a "401" unauthorized error code.

Original test

@RunWith(SpringRunner.class)
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = App.class
)

public class ExampleTest{

@Autowired
public void setup(@LocalServerPort int port) {
    RestAssured.port = port;
}

@Test
public voidtestMethod() {
// This test code is not important to my question.     
given().log().all().get("/resources").then().log().all().statusCode(HttpURLConnection.HTTP_BAD_REQUEST).body("error", equalTo("invalid_request")).body(not(containsString("error_reason")));
}
}

The class being unit tested is simple:

@SpringBootApplication
@RestController
public class App {
@GetMapping("/resources")
public String[] resources(
        @RequestParam("mandatory_param") String mandatory,
        @RequestParam("valid_param") @NotNull String validParam) {
    return new String[]{"1", "2"};
}
...
}

Does anyone know how to disable spring security for the test? Thank you

like image 584
Jim Eadon Avatar asked Oct 26 '18 08:10

Jim Eadon


People also ask

How to use Spring Security in your unit tests?

To use Spring Security in your unit tests, you need to add spring-security-test to your Spring Boot project. This way the contextual configuration of the tests can be combined with Spring Security, and the next few tricks will teach you. All tests are done under Spring Boot Test, which is supported by the @SpringBootTest annotation.

Why integrate Spring Boot with Spring Security?

1. Introduction The ability to execute integration tests without the need for a standalone integration environment is a valuable feature for any software stack. The seamless integration of Spring Boot with Spring Security makes it simple to test components that interact with a security layer.

How to disable security with test security configuration in spring?

The following methods falls under this category: Disable Security with Test Security Configuration Execute the tests with Spring Security using Mock Authentication. In this approch, we will not actually disable the security. Instead, we will be running the tests with mock user and roles.

What is this Spring Boot unit test tutorial about?

This tutorial provides you with these mechanics and goes into the technical details that are necessary to write good unit tests with a focus on Spring Boot applications.


1 Answers

Using both @SpringBootTest with a random port and @AutoConfiguration might be an issue. Can you try:

@RunWith(SpringRunner.class)
@WebMvcTest(App.class)
@AutoConfigureMockMvc(secure = false)
public class ExampleTest{}

or

@RunWith(SpringRunner.class)
@SpringBootTest
@EnableAutoConfiguration(exclude = { SecurityAutoConfiguration.class, ManagementSecurityAutoConfiguration.class })
public class ExampleTest{}

You can event add a custom profile(integration_test) and make:

security:
      basic:
        enabled: false

@RunWith(SpringRunner.class)
@SpringBootTest
@ActiveProfiles(value="integration_test")
public class ExampleTest{}

Update: Just found similar answer already in another SO question : Disable security for unit tests with spring boot

like image 143
Karthik R Avatar answered Sep 24 '22 14:09

Karthik R