Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HtmlUnit WebClient configuration with MockMvcWebClientBuilder behaves differently than manually creating WebClient [SPR-17632] #22163

Open
spring-projects-issues opened this issue Jan 1, 2019 · 1 comment

Comments

@spring-projects-issues
Copy link
Collaborator

@spring-projects-issues spring-projects-issues commented Jan 1, 2019

Patrick Adler opened SPR-17632 and commented

"Logging out" by removing the jsessionid  cookie in with HtmlUnits WebClient seems to behave differently, depending on how the WebClient is created.

I have created an example project here

There are 3 tests (NoRememberMeLoginAutoconfigured, NoRememberMeLoginMockMvcWebClientBuilder and NoRememberMeLoginManually) and only the manually configured WebClient behaves as expected.

 

The problem is that the WebClient stays "logged in" although the session cookie has been deleted.
This does not happen when configuring it manually (new WebClient) or when accessing the  page with a browser.

I used an HandlerInterceptorAdapter to verify that the cookies are not sent for the second request. Feel free to check this again (HandlerInterceptorAdapter is included in the example project) because I might have overlooked something.

 

I have also explained the problem on stackoverflow and the Spring Boot issue tracker on GitHub. Where I was told that the relevant code probably lies within the spring framework.

 

I think the example project demonstrated the problem very obviously but I would be glad to further explain any uncertainties abotu my issue.

 


Affects: 5.1.2

Reference URL: spring-projects/spring-boot#15592

@616slayer616
Copy link

@616slayer616 616slayer616 commented Feb 4, 2019

it seems the Problem is @WithAnonymousUser.
When I set it the SecurityContext will always have an AnonymousAuthenticationToken.
Everything works fine when I omit the annotation. But the secured page should normally not be accessible by an anonymous (not logged in) User. There is even a mockMvc test asserting that @WithAnonymousUser is redirected to login.

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants