forked from mraible/java-webapp-security-examples
-
Notifications
You must be signed in to change notification settings - Fork 1
/
MockMvcWebSecurityTests.java
152 lines (138 loc) · 5.14 KB
/
MockMvcWebSecurityTests.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
package security;
import static org.hamcrest.CoreMatchers.*;
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.*;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*;
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.*;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.*;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.SpringApplicationConfiguration;
import org.springframework.http.MediaType;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.context.WebApplicationContext;
/**
* Demonstrates some of the integrations with Spring Security's Test support.
* This is not a complete showcase. For additional features and details on what
* is shown refer to the <a href=
* "http://docs.spring.io/spring-security/site/docs/4.0.x/reference/htmlsingle/#test"
* >reference</a>
*
* @author Rob Winch
*/
@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(classes = {Application.class})
@WebAppConfiguration
public class MockMvcWebSecurityTests {
@Autowired
WebApplicationContext context;
MockMvc mockMvc;
@Before
public void setup() {
mockMvc = MockMvcBuilders
.webAppContextSetup(context)
.apply(springSecurity())
.alwaysDo(print())
.build();
}
/**
* Easily make and verify a request to the home page
*/
@Test
public void testHome() throws Exception {
mockMvc
.perform(get("/"))
.andExpect(status().isOk())
.andExpect(content().string(containsString("<title>Spring")));
}
/**
* Demonstrate how to easily make a form based login request.
* <ul>
* <li>Default username is "user"</li>
* <li>Default password is "password"</li>
* <li>Automatically includes a valid CSRF token</li>
* <li>We are able to verify the user we are authenticated with</li>
* </ul>
*/
@Test
public void testLogin() throws Exception {
mockMvc
.perform(formLogin())
.andExpect(status().isFound())
.andExpect(redirectedUrl("/"))
.andExpect(authenticated().withUsername("user"));
}
/**
* Demonstrate how to easily make a form based login request.
*
* <ul>
* <li>Default username is "user"</li>
* <li>Override the default password to "invalid"</li>
* <li>Automatically includes a valid CSRF token</li>
* <li>We are able to verify we are unauthenticated</li>
* </ul>
*/
@Test
public void testDenied() throws Exception {
String loginErrorUrl = "/login?error";
mockMvc
.perform(formLogin().password("invalid"))
.andExpect(status().isFound())
.andExpect(redirectedUrl( loginErrorUrl))
.andExpect(unauthenticated());
mockMvc
.perform(get(loginErrorUrl))
.andExpect(content().string(containsString("Invalid username and password")));
}
/**
* Demonstrates requesting a protected page as an unauthenticated user
*/
@Test
public void testProtected() throws Exception {
mockMvc
.perform(get("/api/health").accept(MediaType.APPLICATION_JSON))
.andExpect(status().isUnauthorized());
}
/**
* Demonstrates requesting a protected page with valid http basic credentials
*/
@Test
public void testAuthorizedAccessHttpBasic() throws Exception {
mockMvc
.perform(get("/api/health").with(httpBasic("user", "password")))
.andExpect(status().isOk());
}
/**
* Demonstrates running a request as a user using {@link WithMockUser}.
*
* <ul>
* <li>The default username is "user"</li>
* <li>The default role is "ROLE_USER"</li>
* <li>The user does NOT need to exist</li>
* </ul>
*/
@WithMockUser
@Test
public void testAuthorizedAccessWithMockUser() throws Exception {
mockMvc
.perform(get("/api/health"))
.andExpect(status().isOk());
}
/**
* Demonstrates requesting a protected page with invalid http basic credentials
*/
@Test
public void testUnauthorizedAccess() throws Exception {
mockMvc
.perform(get("/api/health").with(httpBasic("user", "invalid")))
.andExpect(status().isUnauthorized());
}
}