Menu
I have created custom login form for my spring boot app. In my form integration test, I want to check that received cookies contain JSESSIONID and XSRF-TOKEN.
But, I received only XSRF-TOKEN.
Here is my test:
@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(classes = Application.class)
@WebAppConfiguration
@IntegrationTest("server.port:0")
public class UserIT {
@Autowired
private WebApplicationContext context;
@Autowired
private FilterChainProxy springSecurityFilterChain;
@Value("${local.server.port}")
private Integer port;
private MockMvc mockMvc;
@Before
public void setup() {
mockMvc =
MockMvcBuilders.webAppContextSetup(context).addFilters(springSecurityFilterChain)
.build();
}
@Test
public void getUserInfoTest() throws Exception {
disableSslVerification();
MvcResult result =
mockMvc.perform(formLogin("/login").user("roy").password("spring")).andExpect(authenticated())
.andReturn();
Cookie sessionId = result.getResponse().getCookie("JSESSIONID");
Cookie token = result.getResponse().getCookie("XSRF-TOKEN");
}
Security conf:
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
//.httpBasic()
//.and()
.headers().frameOptions().disable()
.and()
.antMatcher("/**").authorizeRequests()
.antMatchers("/actuator/health").permitAll()
.antMatchers("/actuator/**").hasAuthority(Authority.Type.ROLE_ADMIN.getName())
.antMatchers("/login**", "/index.html", "/home.html").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login.jsp")
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/login")
.permitAll()
.and()
.logout().logoutSuccessUrl("/login.jsp").permitAll()
.and()
.csrf().csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
// @formatter:on
}
Please, help me to obtain the required result.
412
Integration testing plays an important role in the application development cycle by verifying the end-to-end behavior of a system. In this tutorial, we'll learn how to leverage the Spring MVC test framework in order to write and run integration tests that test controllers without explicitly starting a Servlet container. 2. Preparation
1. Introduction The ability to execute integration tests without the need for a standalone integration environment is a valuable feature for any software stack. The seamless integration of Spring Boot with Spring Security makes it simple to test components that interact with a security layer.
To use the Spring Security test support, you must include spring-security-test-5.6.3.jar as a dependency of your project. At a high level Spring Security’s test support provides integration for:
@SpringBootTest doesn't require any additional configuration to test secured methods. We can simply call the methods directly and use @WithMockUser as needed: 8. Testing With @SpringBootTest and TestRestTemplate TestRestTemplate is a convenient option when writing integration tests for secured REST endpoints.
You also don't see Set-Cookie header. For me it's a big limitation of MockMVC. For a workaround see Why does Spring MockMvc result not contain a cookie?.
160
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
