Menu
I have a spring rest mvc controller which has the url "/public/rest/vehicle/get". In my security configuration, I have defined that any requests for /public/rest should not require authentication.
http.
csrf().disable()
.authorizeRequests()
.antMatchers("/home/**", "/**", "/css/**", "/js/**", "/fonts/**", "/images/**", "/public/rest/**","/login*","/signin/**","/signup/**").permitAll()
.antMatchers("/property/**").authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.and().httpBasic().disable();
This configuration works fine when I start my application and submit request using browser or any other mean. Now, I have a test class which looks like this,
@RunWith(SpringRunner.class)
@WebMvcTest(VehicleController.class)
public class VehicleControllerTest {
@Autowired
private MockMvc mockMvc;
@MockBean
private VehicleService vehicleService;
@Test
public void getVehicle() throws Exception {
given(this.vehicleService.get(0)).
willReturn(new VehicleEquipmentDTO());
this.mockMvc.perform(get("/public/rest/vehicle/get").param("id","0"))
.andDo(print())
.andExpect(status().isOk());//.andExpect(content().string("Honda Civic"));
}}
Now, when I run this test, it says
java.lang.AssertionError: Status
Expected :200
Actual :401
When I print the request response, I see it is complaining because of security. "Error message = Full authentication is required to access this resource" Any ideas why it is not working with the security config that I have, and what is the work around to force it to use the correct configurations? Thanks in advance
375
For adding a Spring Boot Security to your Spring Boot application, we need to add the Spring Boot Starter Security dependency in our build configuration file. Maven users can add the following dependency in the pom. xml file. Gradle users can add the following dependency in the build.
One of the ways you can disable Spring Security filters in your tests, is to use the @AutoConfigureMockMvc annotation. @AutoConfigureMockMvc annotation can be applied to a test class to enable and configure auto-configuration of MockMvc.
The Spring Security framework is a reliable way for Java developers to secure applications. However, proper implementation is critical to prevent the most common vulnerabilities.
Finally found the reason. Since WebMvcTest is only sliced testing, it would not take the security configurations. The work around is to explicitly import it like,
@Import(WebSecurityConfig.class)
I had the same issue and after searching for a while, I found the following solution.
Because, you have Spring Security enabled in your application, along with other annotations, you can specify the secure=false parameter in @AutoConfigureMockMvc annotation like this:
@AutoConfigureMockMvc(secure=false)
public class YourControllerTest {
//All your test methods here
}
Explanation:
To disable the Spring Security auto-configuration, we can use the MockMvc instance to disable security with @AutoConfigureMockMvc(secure=false)
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
