New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WebMcvTest no longer auto-configures Spring Security when Using SecurityFilterChain Instead of WebSecurityConfigurerAdapter #31162
Comments
Thanks for the report. Unfortunately, there are too many unknowns for us to be able to diagnose the problem from your description alone. If we pieced together a sample, there's no guarantee that it would reproduce the exact same problem that you are seeing. |
I can confirm that this problems exists. Implementations of
|
Having looked at #31165 and the sample provided there, I believe I now understand what's happening here too.
Unlike a class that extends
Other than using |
I think this might be a noteworthy point for the release notes. The migration experience can be quite puzzling when analyzing the failing |
I've added a section to the release notes. |
@wilkinsona thanks for looking into this and for the feedback. Would it be viable to include configuration classes annotated with |
Thanks for the suggestion. You don't have to use |
Makes sense, thanks |
We've just discussed this and decided that the potential problems of including |
Thanks for considering |
I am having this issue too, but no success solving yet. I have a test like this:
Where WebSecurityConfig is my class like this:
This setup is working well with bootRun , but not under test. Under test, the |
@JogoShugh I can't seen the connection with this issue. It's specific to |
Copied from spring-projects/spring-security#11275
Describe the bug
After upgrading
spring-boot-starter-parent
from version 2.6.4 to 2.7.0 and then making the suggested changes described in Spring Security without the WebSecurityConfigurerAdapter, specifically replacing the configuration class that extendsWebSecurityConfigurerAdapter
with a configuration class that declares a bean of typeSecurityFilterChain
, classes annotated with@WebMvcTest
no longer auto-configure Spring Security.As a temporary fix I've included
@ImportAutoConfiguration(classes = SecurityConfig.class)
pointing to theSecurityConfig.class
that contains theSecurityFilterChain
bean declarationTo Reproduce
SecurityFilterChain
bean using an oauth2 providerAuthenticationEntryPoint
to alway return a 401 (instead of the default redirect to the form login page) with.defaultAuthenticationEntryPointFor(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), AnyRequestMatcher.INSTANCE))
@WebMvcTest
test class to test the error response of an unauthenticated request to a secured endpointcommence
method inDelegatingAuthenticationEntryPoint
when running the test can confirm that theHttpStatusEntryPoint
that was configured is not included in the list ofentryPoints
Expected behavior
@WebMvcTest
or@AutoConfigureMockMvc
should include beans of typeSecurityFilterChain
in auto-configurationSample
No sample
The text was updated successfully, but these errors were encountered: