Integration tests with spring security

java spring-mvc spring-security integration-testing
Daniela Morais picture Daniela Morais · May 29, 2015 · Viewed 15k times · Source

I need to send a get request to the API, but despite having placed the administrator annotation get error @WithMockUser(roles="ADMINISTRADOR").
How do I send a request?

API

@RequestMapping(value = "/{id}", method = RequestMethod.GET)
@PostAuthorize("returnObject.instancia == principal.instancia.instancia")
public Validacao retrieve(@PathVariable("id") String id) {
    return validacaoService.retrieve(id);
}

Test

@Test
@WithMockUser(roles = "ADMINISTRADOR")
public void testCRetrieve() throws Exception {
        this.mockMvc
                .perform(get("/api/validacao/" + id).with(user("[email protected]")))
                .andExpect(status().isOk())
                .andReturn();
}

Log

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext

Test Class

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(classes = {ValidacaoAPITest.TestConfiguration.class, WithSecurityConfig.class})
@WebAppConfiguration
public class ValidacaoAPITest {
    @EnableWebMvc
    @Configuration
    public static class TestConfiguration {
        Fongo fongo = new Fongo("new server 1");
        DB db = fongo.getDB("oknok");

        @Bean
        ValidacaoAPI getValidacaoAPI() {
            return new ValidacaoAPI();
        }

        @Bean
        ActiveUser getActiveUser() {
            ActiveUser mock = Mockito.mock(ActiveUser.class);

            when(mock.getUser()).thenReturn(new User().setEmail("[email protected]"));
            when(mock.getInstancia()).thenReturn(new Instancia().setInstancia("instancia"));
            return mock;
        }

        @Bean
        ValidacaoService getValidacaoService() {
            return new ValidacaoService();
        }

        @Bean
        MatchService getMatchService() {
            return new MatchService();
        }

        @Bean
        PlanilhaReader getPlanilhaReader() {
            return new PlanilhaReader();
        }


        @Bean
        AtributoReader getAtributoReader() {
            return new AtributoReader();
        }

        @Bean
        AtributoDAO getAtributoDAO() {
            return new AtributoDAO();
        }

        @Bean
        UploadService getUploadService() {
            return new UploadService();
        }


        @Bean
        ValidacaoResultadoDAO getValidacaoResultadoDAO() {
            return new ValidacaoResultadoDAO(db);
        }


        @Bean
        Mapper getMapper() {
            return new Mapper(db);
        }

        @Bean
        UploadDAO getUploadDAO() {
            return new UploadDAO(db);
        }

        @Bean
        MatchDAO getMatchDAO() {
            return new MatchDAO(db);
        }

        @Bean
        ValidacaoDAO getValidacaoDAO() {
            return new ValidacaoDAO(db);
        }

        @Bean
        UploadOriginalsDAO getUploadOriginalsDAO() {
            return new UploadOriginalsDAO(db);
        }

        @Bean
        AtributoValidator getAtributoValidator() {
            return new AtributoValidator();
        }

    }

    @Autowired
    MatchService matchService;

    @Autowired
    private WebApplicationContext context;

    private MockMvc mockMvc;

    private static String id;

    @Before
    public void setup() {
        mockMvc = MockMvcBuilders.webAppContextSetup(context).build();
    }

    @Test
    public void testACreateValidation() throws Exception {
        MvcResult result = this.mockMvc
                .perform(post("/api/validacao"))
                .andExpect(status().isOk())
                .andExpect(jsonPath("$.id", notNullValue()))
                .andReturn();
        this.id = ((BasicDBObject) JSON.parse(result.getResponse().getContentAsString())).getString("id");
    }

    @Test
    public void testBRetrieveAll() throws Exception {
        MvcResult result = this.mockMvc
                .perform(get("/api/validacao"))
                .andExpect(status().isOk())
                .andExpect(jsonPath("$.[0].id", notNullValue()))
                .andReturn();

        BasicDBList list = (BasicDBList) JSON.parse(result.getResponse().getContentAsString());
        this.id = (String) ((BasicDBObject) JSON.parse(list.get(0).toString())).get("id");
    }

    //FIXME
    @Test
    @WithMockUser(roles = "ADMINISTRADOR")
    public void testCRetrieve() throws Exception {
            this.mockMvc
                    .perform(get("/api/validacao/" + id).with(user("[email protected]")))
                    .andExpect(status().isOk())
                    .andReturn();
    }

}

Answer

saljuama picture saljuama · Jun 4, 2015

In the Spring security Reference, section 10.1 states that in order to be able to test the spring security features, you need to integrate the security filter chain in your MockMvc object, as shown in this example in the @Before setup method.

import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*;

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration
@WebAppConfiguration
public class CsrfShowcaseTests {

    @Autowired
    private WebApplicationContext context;
    private MockMvc mvc;

    @Before
    public void setup() {
        mvc = MockMvcBuilders
            .webAppContextSetup(context)
            .apply(springSecurity())
            .build();
    }

...

}

Related questions

How to fix Hibernate LazyInitializationException: failed to lazily initialize a collection of roles, could not initialize proxy - no Session

In the custom AuthenticationProvider from my spring project, I am trying read the list of authorities of the logged user, but I am facing the following error: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.horariolivre.…

Read More
When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?

I have a Spring MVC web app which uses Spring Security. I want to know the username of the currently logged in user. I'm using the code snippet given below . Is this the accepted way? I don't like having a …

Read More
How to manually set an authenticated user in Spring Security / SpringMVC

After a new user submits a 'New account' form, I want to manually log that user in so they don't have to login on the subsequent page. The normal form login page going through the spring security interceptor works just …

Read More