Witam,
mam taki problem:
otóż przy takim teście:

@RunWith(SpringRunner.class)
@WebMvcTest
public class ManageUsersControllerTest {
    @Autowired
    private MockMvc mockMvc;

    @MockBean
    private ClientService clientService;

    private User user1;
    private User user2;
    private List<User> users;
    private final String properContentType = "text/html;charset=UTF-8";

    @Before
    public void setUp(){
        user1 = new User();
        user1.setLogin("test1");
        user1.setRole(Role.ROLE_OWNER);
        user2 = new User();
        user2.setLogin("test2");
        user2.setRole(Role.ROLE_EMPLOYEE);
        users = new ArrayList<>();
        users.add(user1);
        users.add(user2);
    }

    @Test
    @WithMockOwnerUser
    public void getPageWithAccountsTest() throws Exception{
        assertNotNull(clientService);
        when(clientService.listAllUsers()).thenReturn(users);
        mockMvc.perform(get("/owner/manageaccounts"))
                .andExpect(status().isOk())
                .andExpect(content().contentType(properContentType))
                .andExpect(view().name("manage_accounts"))
                .andExpect(model().attributeExists("users"))
                .andExpect(model().attribute("users", Matchers.notNullValue()))
                .andDo(print());
        verify(clientService, times(1)).listAllUsers();
        verifyNoMoreInteractions(clientService);
    }
}

zwraca błąd http 403 - Acces Denied.
Próbowałem rozwiązania z adnotacją @WithMockUser, ale też nie pomogło.
Obecna adnotacja pochodzi z reference Spring Security:

@Retention(RetentionPolicy.RUNTIME)
@WithSecurityContext(factory = WithMockCustomUserSecurityContextFactory.class)
public @interface WithMockOwnerUser {
    String login () default "OwnerAcc";
    String password() default "Owner123";
}
public class WithMockCustomUserSecurityContextFactory implements WithSecurityContextFactory<WithMockOwnerUser> {
    @Override
    public SecurityContext createSecurityContext(WithMockOwnerUser annotation) {
        SecurityContext context = SecurityContextHolder.createEmptyContext();
        User user = new User();
        user.setLogin(annotation.login());
        user.setPassword(annotation.password());
        user.setRole(Role.ROLE_OWNER);
        UserDetailsImpl principal = new UserDetailsImpl(user);
        Authentication authentication = new UsernamePasswordAuthenticationToken(principal, annotation.password(), principal.getAuthorities());
        context.setAuthentication(authentication);
        return context;
    }
}

Config security:

@Configuration
@EnableAutoConfiguration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private AuthenticationProvider authenticationProvider;
    private CustomSuccessLoginHandler customSuccessLoginHandler;

    @Autowired
    public SecurityConfiguration(AuthenticationProvider authenticationProvider, CustomSuccessLoginHandler customSuccessLoginHandler) {
        this.authenticationProvider = authenticationProvider;
        this.customSuccessLoginHandler = customSuccessLoginHandler;
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder){
        authenticationManagerBuilder.authenticationProvider(authenticationProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/","/login","/css/**","/js/**", "/images/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().loginPage("/login").permitAll().usernameParameter("login").passwordParameter("password").successHandler(customSuccessLoginHandler)
                .and()
                .logout().logoutUrl("/logout").permitAll().logoutSuccessUrl("/home");
        http.csrf().disable();
        http.headers().frameOptions().disable();
    }
}

Oczywiście przy @WebMvcTest(secure = disabled) test przechodzi. Znalezione na stacku rozwiązania również nie pomogły. Pytanie to jak rozwiązać ten problem? Wydaje mi się, że pomijam coś oczywistego :). Chciałbym przetestować również to, że przy użytkowniku o innej roli zwróci rzeczywiście 403. Z góry dzięki za pomoc.