You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Kotlin examples for the MockMvc assertions call the Java functions, but these methods are not compatible with the Kotlin DSL, and so this test will always pass:
I believe the example doesn't work because the Kotlin code (e.g. .andExpect { authenticated() }) implements the functional interface ResultMatcher as a no-op.
these methods are not compatible with the Kotlin DSL
I don't believe the framework is intending to expose a Kotlin DSL (though the Kotlin compiler allows a functional parameter that is the last parameter of a method call to be expressed this way). Code similar to Java should work in Kotlin:
@Test
fun`user should be authenticated`() {
mvc
.perform(formLogin())
.andExpect(authenticated())
.andExpect(unauthenticated())
.andExpect(authenticated().withRoles("USER", "ADMIN"))
.andExpect(authenticated().withRoles("blah", "qwerty"))
}
Do you agree? If so, would you be interested in submitting a PR to correct the Kotlin example(s) in the docs?
So there's no 'correct' way to document this. The Kotlin DSL needs to be adjusted, either to be compatible with the existing andExpect() functions, or to make .andExpect { authenticated() } work.
I think making .andExpect { authenticated() } work is much more preferable because users will have already copied and pasted the docs, and those assertions will be silently ignored. However, I'm not sure if it's technically possible (a new function might require a specific import).
I ended up working around this by not using the Kotlin DSL at all, which is a shame, but at least it works.
Describe the bug
https://github.com/spring-projects/spring-security/blob/5.7.3/docs/modules/ROOT/pages/servlet/test/mockmvc/result-matchers.adoc#authenticated-assertion
The Kotlin examples for the MockMvc assertions call the Java functions, but these methods are not compatible with the Kotlin DSL, and so this test will always pass:
authenticated()
returns aAuthenticatedMatcher
instance, but the returned value isn't used for anything.Expected behavior
The examples for Kotlin
SecurityMockMvcResultMatchers
are corrected.Sample
mvc-kt-matchers.zip
The text was updated successfully, but these errors were encountered: