Spring Boot: Disable security for Spring Boot Unit Test

java spring-boot spring-security spring-boot-test spring-security-test
Jim Eadon picture Jim Eadon · Oct 26, 2018 · Viewed 7.5k times · Source

Spring Boot version: 2.0.4.RELEASE
For the Spring Boot Test below, the test returns an unwanted 401 response:

"401" status, "error": "unauthorized"

What is the best way to disable Spring Security for the tests?
I tried a adding a configuration "security.basic.enabled=false" property like so:

@SpringBootTest(<br>
    webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,<br>
    classes = TestApp.class,<br>
    properties = {
        "security.basic.enabled=false"
})

And also adding this annotation to the class:

@AutoConfigureMockMvc(secure = false)

But unfortunately the test still returns a "401" unauthorized error code.

Original test

@RunWith(SpringRunner.class)
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = App.class
)

public class ExampleTest{

@Autowired
public void setup(@LocalServerPort int port) {
    RestAssured.port = port;
}

@Test
public voidtestMethod() {
// This test code is not important to my question.     
given().log().all().get("/resources").then().log().all().statusCode(HttpURLConnection.HTTP_BAD_REQUEST).body("error", equalTo("invalid_request")).body(not(containsString("error_reason")));
}
}

The class being unit tested is simple:

@SpringBootApplication
@RestController
public class App {
@GetMapping("/resources")
public String[] resources(
        @RequestParam("mandatory_param") String mandatory,
        @RequestParam("valid_param") @NotNull String validParam) {
    return new String[]{"1", "2"};
}
...
}

Does anyone know how to disable spring security for the test? Thank you

Answer

Karthik R picture Karthik R · Oct 26, 2018

Using both @SpringBootTest with a random port and @AutoConfiguration might be an issue. Can you try:

@RunWith(SpringRunner.class)
@WebMvcTest(App.class)
@AutoConfigureMockMvc(secure = false)
public class ExampleTest{}

or

@RunWith(SpringRunner.class)
@SpringBootTest
@EnableAutoConfiguration(exclude = { SecurityAutoConfiguration.class, ManagementSecurityAutoConfiguration.class })
public class ExampleTest{}

You can event add a custom profile(integration_test) and make:

security:
      basic:
        enabled: false

@RunWith(SpringRunner.class)
@SpringBootTest
@ActiveProfiles(value="integration_test")
public class ExampleTest{}

Update: Just found similar answer already in another SO question : Disable security for unit tests with spring boot

Related questions

disabling spring security in spring boot app

I have a spring boot web app with spring security configured. I want to disable authentication for a while (until needed). I add this to the application.properties: security.basic.enable: false management.security.enabled: false Here is some part …

Read More
How to disable 'X-Frame-Options' response header in Spring Security?

I have CKeditor on my jsp and whenever I upload something, the following error pops out: Refused to display 'http://localhost:8080/xxx/xxx/upload-image?CKEditor=text&CKEditorFuncNum=1&langCode=ru' in a frame because it set 'X-Frame-Options' to 'DENY'. …

Read More
Remove "Using default security password" on Spring Boot

I added one custom Security Config in my application on Spring Boot, but the message about "Using default security password" is still there in LOG file. Is there any to remove it? I do not need this default password. It …

Read More