Witam,
mam taki problem:
otóż przy takim teście:
@RunWith(SpringRunner.class)
@WebMvcTest
public class ManageUsersControllerTest {
@Autowired
private MockMvc mockMvc;
@MockBean
private ClientService clientService;
private User user1;
private User user2;
private List<User> users;
private final String properContentType = "text/html;charset=UTF-8";
@Before
public void setUp(){
user1 = new User();
user1.setLogin("test1");
user1.setRole(Role.ROLE_OWNER);
user2 = new User();
user2.setLogin("test2");
user2.setRole(Role.ROLE_EMPLOYEE);
users = new ArrayList<>();
users.add(user1);
users.add(user2);
}
@Test
@WithMockOwnerUser
public void getPageWithAccountsTest() throws Exception{
assertNotNull(clientService);
when(clientService.listAllUsers()).thenReturn(users);
mockMvc.perform(get("/owner/manageaccounts"))
.andExpect(status().isOk())
.andExpect(content().contentType(properContentType))
.andExpect(view().name("manage_accounts"))
.andExpect(model().attributeExists("users"))
.andExpect(model().attribute("users", Matchers.notNullValue()))
.andDo(print());
verify(clientService, times(1)).listAllUsers();
verifyNoMoreInteractions(clientService);
}
}
zwraca błąd http 403 - Acces Denied.
Próbowałem rozwiązania z adnotacją @WithMockUser, ale też nie pomogło.
Obecna adnotacja pochodzi z reference Spring Security:
@Retention(RetentionPolicy.RUNTIME)
@WithSecurityContext(factory = WithMockCustomUserSecurityContextFactory.class)
public @interface WithMockOwnerUser {
String login () default "OwnerAcc";
String password() default "Owner123";
}
public class WithMockCustomUserSecurityContextFactory implements WithSecurityContextFactory<WithMockOwnerUser> {
@Override
public SecurityContext createSecurityContext(WithMockOwnerUser annotation) {
SecurityContext context = SecurityContextHolder.createEmptyContext();
User user = new User();
user.setLogin(annotation.login());
user.setPassword(annotation.password());
user.setRole(Role.ROLE_OWNER);
UserDetailsImpl principal = new UserDetailsImpl(user);
Authentication authentication = new UsernamePasswordAuthenticationToken(principal, annotation.password(), principal.getAuthorities());
context.setAuthentication(authentication);
return context;
}
}
Config security:
@Configuration
@EnableAutoConfiguration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private AuthenticationProvider authenticationProvider;
private CustomSuccessLoginHandler customSuccessLoginHandler;
@Autowired
public SecurityConfiguration(AuthenticationProvider authenticationProvider, CustomSuccessLoginHandler customSuccessLoginHandler) {
this.authenticationProvider = authenticationProvider;
this.customSuccessLoginHandler = customSuccessLoginHandler;
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder){
authenticationManagerBuilder.authenticationProvider(authenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/","/login","/css/**","/js/**", "/images/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll().usernameParameter("login").passwordParameter("password").successHandler(customSuccessLoginHandler)
.and()
.logout().logoutUrl("/logout").permitAll().logoutSuccessUrl("/home");
http.csrf().disable();
http.headers().frameOptions().disable();
}
}
Oczywiście przy @WebMvcTest(secure = disabled) test przechodzi. Znalezione na stacku rozwiązania również nie pomogły. Pytanie to jak rozwiązać ten problem? Wydaje mi się, że pomijam coś oczywistego :). Chciałbym przetestować również to, że przy użytkowniku o innej roli zwróci rzeczywiście 403. Z góry dzięki za pomoc.