9

I'm unable to configure correctly the security in my tests. My web security configuration:

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/api/**").hasRole("USER")
                .and()
                .httpBasic()
        ;
    }
}

And my test class:

@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration
@ContextConfiguration(classes = {Application.class, AppConfig.class, WebMvcConfig.class, WebSecurityConfig.class})
@WebAppConfiguration
public class TestControllerTest {

    @Autowired
    private WebApplicationContext wac;

    private MockMvc mockMvc;

    @Before
    public void setUp() {
        MockitoAnnotations.initMocks(this);
        this.mockMvc = webAppContextSetup(wac).dispatchOptions(true).build();
    }

    @Test
    public void getTest() throws Exception {
        mockMvc
                .perform(get("/api/test"))
                .andExpect(status().isForbidden())
        ;
    }
}

I get a 404 status code meaning the security layer is not executed, so it is not configured correctly in my test class. I tried to switch the classes from @ContextConfiguration to @SpringApplicationConfiguration without success.

Improve this question

2 Answers 2

Reset to default
8

Make the following modifications to your code: 

   @Autowired
   private FilterChainProxy filterChainProxy;


    @Before
    public void setUp() {
        MockitoAnnotations.initMocks(this);
        this.mockMvc = webAppContextSetup(wac).dispatchOptions(true).addFilters(filterChainProxy).build();
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you for this answer! I spent a whole day figuring out what I'm doing wrong :)
@jeremija Happens to everyone! Glad to help!
In spring-security 4.x there's a new approach: stackoverflow.com/questions/30536710/…
7

As said in reference for Spring Security 4.0.4:

In order to use Spring Security with Spring MVC Test it is necessary to add the Spring Security FilterChainProxy as a Filter. It is also necessary to add Spring Security’s TestSecurityContextHolderPostProcessor to support Running as a User in Spring MVC Test with Annotations. This can be done using Spring Security’s SecurityMockMvcConfigurers.springSecurity().

Example:

import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*;

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration
@WebAppConfiguration
public class TestControllerTest {

    @Autowired
    private WebApplicationContext wac;

    private MockMvc mockMvc;

    @Before
    public void setup() {
        mockMvc = MockMvcBuilders
                .webAppContextSetup(wac)
                .apply(springSecurity()) //will perform all of the initial setup to integrate Spring Security with Spring MVC Test
                .build();
    }
Improve this answer

1 Comment

Just a note: This is necessary to use e.g. @WickMovkUser.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.