Permalink
Browse files

Add MockMvc Test for Spring Security

- Demonstrate how nice MockMvc is
- Demonstrates Spring Security integration See Javadoc of MockMvcWebSecurity
  Tests for the integration.
  • Loading branch information...
rwinch committed Jul 15, 2015
1 parent d6846ee commit 5357d7ae94f24e18e7641f9f2b98a36132a016d4
Showing with 152 additions and 0 deletions.
  1. +152 −0 spring-security/src/test/java/security/MockMvcWebSecurityTests.java
@@ -0,0 +1,152 @@
+package security;
+
+import static org.hamcrest.CoreMatchers.*;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.*;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.*;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.*;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.http.MediaType;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+/**
+ * Demonstrates some of the integrations with Spring Security's Test support.
+ * This is not a complete showcase. For additional features and details on what
+ * is shown refer to the <a href=
+ * "http://docs.spring.io/spring-security/site/docs/4.0.x/reference/htmlsingle/#test"
+ * >reference</a>
+ *
+ * @author Rob Winch
+ */
+@RunWith(SpringJUnit4ClassRunner.class)
+@SpringApplicationConfiguration(classes = {Application.class})
+@WebAppConfiguration
+public class MockMvcWebSecurityTests {
+ @Autowired
+ WebApplicationContext context;
+
+ MockMvc mockMvc;
+
+ @Before
+ public void setup() {
+ mockMvc = MockMvcBuilders
+ .webAppContextSetup(context)
+ .apply(springSecurity())
+ .alwaysDo(print())
+ .build();
+ }
+
+ /**
+ * Easily make and verify a request to the home page
+ */
+ @Test
+ public void testHome() throws Exception {
+ mockMvc
+ .perform(get("/"))
+ .andExpect(status().isOk())
+ .andExpect(content().string(containsString("<title>Spring")));
+ }
+
+ /**
+ * Demonstrate how to easily make a form based login request.
+ * <ul>
+ * <li>Default username is "user"</li>
+ * <li>Default password is "password"</li>
+ * <li>Automatically includes a valid CSRF token</li>
+ * <li>We are able to verify the user we are authenticated with</li>
+ * </ul>
+ */
+ @Test
+ public void testLogin() throws Exception {
+ mockMvc
+ .perform(formLogin())
+ .andExpect(status().isFound())
+ .andExpect(redirectedUrl("/"))
+ .andExpect(authenticated().withUsername("user"));
+ }
+
+ /**
+ * Demonstrate how to easily make a form based login request.
+ *
+ * <ul>
+ * <li>Default username is "user"</li>
+ * <li>Override the default password to "invalid"</li>
+ * <li>Automatically includes a valid CSRF token</li>
+ * <li>We are able to verify we are unauthenticated</li>
+ * </ul>
+ */
+ @Test
+ public void testDenied() throws Exception {
+ String loginErrorUrl = "/login?error";
+ mockMvc
+ .perform(formLogin().password("invalid"))
+ .andExpect(status().isFound())
+ .andExpect(redirectedUrl( loginErrorUrl))
+ .andExpect(unauthenticated());
+
+ mockMvc
+ .perform(get(loginErrorUrl))
+ .andExpect(content().string(containsString("Invalid username and password")));
+ }
+
+ /**
+ * Demonstrates requesting a protected page as an unauthenticated user
+ */
+ @Test
+ public void testProtected() throws Exception {
+ mockMvc
+ .perform(get("/api/health").accept(MediaType.APPLICATION_JSON))
+ .andExpect(status().isUnauthorized());
+ }
+
+ /**
+ * Demonstrates requesting a protected page with valid http basic credentials
+ */
+ @Test
+ public void testAuthorizedAccessHttpBasic() throws Exception {
+ mockMvc
+ .perform(get("/api/health").with(httpBasic("user", "password")))
+ .andExpect(status().isOk());
+ }
+
+ /**
+ * Demonstrates running a request as a user using {@link WithMockUser}.
+ *
+ * <ul>
+ * <li>The default username is "user"</li>
+ * <li>The default role is "ROLE_USER"</li>
+ * <li>The user does NOT need to exist</li>
+ * </ul>
+ */
+ @WithMockUser
+ @Test
+ public void testAuthorizedAccessWithMockUser() throws Exception {
+ mockMvc
+ .perform(get("/api/health"))
+ .andExpect(status().isOk());
+ }
+
+ /**
+ * Demonstrates requesting a protected page with invalid http basic credentials
+ */
+ @Test
+ public void testUnauthorizedAccess() throws Exception {
+ mockMvc
+ .perform(get("/api/health").with(httpBasic("user", "invalid")))
+ .andExpect(status().isUnauthorized());
+ }
+
+}

0 comments on commit 5357d7a

Please sign in to comment.