Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HtmlUnit WebClient configuration with MockMvcWebClientBuilder behaves differently than manually creating WebClient [SPR-17632] #22163

Open
spring-projects-issues opened this issue Jan 1, 2019 · 1 comment
Labels
in: test Issues in the test module in: web Issues in web modules (web, webmvc, webflux, websocket) status: waiting-for-triage An issue we've not yet triaged or decided on

Comments

@spring-projects-issues
Copy link
Collaborator

spring-projects-issues commented Jan 1, 2019

Patrick Adler opened SPR-17632 and commented

"Logging out" by removing the jsessionid  cookie in with HtmlUnits WebClient seems to behave differently, depending on how the WebClient is created.

I have created an example project here

There are 3 tests (NoRememberMeLoginAutoconfigured, NoRememberMeLoginMockMvcWebClientBuilder and NoRememberMeLoginManually) and only the manually configured WebClient behaves as expected.

 

The problem is that the WebClient stays "logged in" although the session cookie has been deleted.
This does not happen when configuring it manually (new WebClient) or when accessing the  page with a browser.

I used an HandlerInterceptorAdapter to verify that the cookies are not sent for the second request. Feel free to check this again (HandlerInterceptorAdapter is included in the example project) because I might have overlooked something.

 

I have also explained the problem on stackoverflow and the Spring Boot issue tracker on GitHub. Where I was told that the relevant code probably lies within the spring framework.

 

I think the example project demonstrated the problem very obviously but I would be glad to further explain any uncertainties abotu my issue.

 


Affects: 5.1.2

Reference URL: spring-projects/spring-boot#15592

@spring-projects-issues spring-projects-issues added type: bug A general bug status: waiting-for-triage An issue we've not yet triaged or decided on in: test Issues in the test module and removed type: bug A general bug labels Jan 11, 2019
@616slayer616
Copy link

616slayer616 commented Feb 4, 2019

it seems the Problem is @WithAnonymousUser.
When I set it the SecurityContext will always have an AnonymousAuthenticationToken.
Everything works fine when I omit the annotation. But the secured page should normally not be accessible by an anonymous (not logged in) User. There is even a mockMvc test asserting that @WithAnonymousUser is redirected to login.

@rstoyanchev rstoyanchev added the in: web Issues in web modules (web, webmvc, webflux, websocket) label Nov 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: test Issues in the test module in: web Issues in web modules (web, webmvc, webflux, websocket) status: waiting-for-triage An issue we've not yet triaged or decided on
Projects
None yet
Development

No branches or pull requests

3 participants