Include web security configuration classes when @WebMvcTest.secure is true #6514
The Javadoc for
The aforementioned claims in the Javadoc lead the user to believe that their own Spring Security configuration will be used, thereby requiring roles and authentication mechanisms known to the user. Furthermore, the user naturally assumes that authentication will not be required to access paths for which he or she has not required authentication.
On the contrary, since the user's custom
Consequently, when a user uses
In my Spring Events sample application, I came up with the following two workarounds.
@WebMvcTest(includeFilters = @Filter(classes = EnableWebSecurity.class))
Custom solution specific to my project:
The text was updated successfully, but these errors were encountered:
2 years later and still no fix!!! This is really bad support from Spring. All urls are returning a 401 which means security is on however the rules defined in ResourceServerConfigurerAdapter in the configure methode aren't being loaded. They are loaded when running the application however when testing they aren't laoded and the above solutions don't work!!!
Please try to be constructive. Describing something as "really bad support from Spring" doesn't help anyone. The most likely outcome is that anyone who had the time and motivation to look at this will now choose to spend their time on something more rewarding.
If you are unhappy about the situation, perhaps you could make some suggestions about what form you'd like the proposed enhancements to take? Or, even better than that, perhaps you'd like to contribute something that improves Spring Boot for everyone?