Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-2592: spring mvc test SecurityRequestPostProcessors missed #2807

Closed
spring-projects-issues opened this issue May 14, 2014 · 6 comments
Closed
Assignees
Labels
in: test An issue in spring-security-test in: web An issue in web modules (web, webmvc) status: invalid An issue that we don't feel is valid type: bug A general bug type: jira An issue that was migrated from JIRA

Comments

@spring-projects-issues
Copy link

spring-projects-issues commented May 14, 2014

Grigory Kislin (Migrated from SEC-2592) said:

Hello.
I'd like to add security to my spring mvc test.
But code in sample

    this.mockMvc.perform(get("/").with(userDeatilsService("user")))
    this.mockMvc.perform(get("/").with(user("user").roles("DENIED")))

required class https://github.com/spring-projects/spring-test-mvc/blob/master/src/test/java/org/springframework/test/web/server/samples/context/SecurityRequestPostProcessors.java which is missed in spring-test-4.0.3.RELEASE.jar (as well as in spring-test-mvc-1.0.0.M2.jar)

@spring-projects-issues
Copy link
Author

spring-projects-issues commented May 14, 2014

Rob Winch said:

You are referencing sample code of how Spring Security Test would possibly work (i.e. It is an incomplete version of the final thing). A concrete implementation is provided in spring-security-test-4.0.0.M1.jar See the sample usage at https://github.com/rwinch/spring-security-test-blog

@spring-projects-issues
Copy link
Author

spring-projects-issues commented May 14, 2014

Grigory Kislin said:

Thank you very much for prompt answer !
So now we can use org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
I share this among StackOverflow.
Looking forward for documentation:)

@spring-projects-issues
Copy link
Author

spring-projects-issues commented May 14, 2014

Rob Winch said:

The best documentation at the moment is the sample I referenced and the blog series. I will be adding additional posts next week. If you want to track formal documentation being written, please follow SEC-2572 Any feedback (see blog for how to provide feedback) you have would be very valuable in ensuring the GA release is as good as possible.

NOTE: We are waiting to get feedback on the implementation before spending lots of time documenting in the event we need to rewrite things. It is not looking like we will need to rewrite anything though.

@spring-projects-issues
Copy link
Author

spring-projects-issues commented May 14, 2014

Grigory Kislin said:

Thank you again, I've added myself in watching.

I've spend some hard time trying to figure out why my rest authentication is not working:

<http pattern="/rest/**" use-expressions="true" name="restSecurityFilterChain"  create-session="stateless">
    <intercept-url pattern="/**" access="isAuthenticated()"/>
    <http-basic/>
</http>

In case of create-session="stateless" created SecurityContextPersistenceFilter initialized by NullSecurityContextRepository which is not keep session, saved before MockMvc do perform. Without "stateless" test give success.
Are there any workaround (possibility to test stateless configuration) ?

@spring-projects-issues
Copy link
Author

spring-projects-issues commented May 14, 2014

Rob Winch said:

Thanks for the feedback. Right now the Spring Security Test support does not support stateless mode. Please create a JIRA for supporting Spring Security Test in a stateless mode.

@spring-projects-issues
Copy link
Author

spring-projects-issues commented May 14, 2014

Grigory Kislin said:

Have done: https://jira.spring.io/browse/SEC-2593
I suppose in my case I could emulate authorization by proper "Authorization" header.

@spring-projects-issues spring-projects-issues added in: test An issue in spring-security-test in: web An issue in web modules (web, webmvc) Resolved status: invalid An issue that we don't feel is valid type: jira An issue that was migrated from JIRA labels Feb 5, 2016
@rwinch rwinch added the type: bug A general bug label May 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: test An issue in spring-security-test in: web An issue in web modules (web, webmvc) status: invalid An issue that we don't feel is valid type: bug A general bug type: jira An issue that was migrated from JIRA
Projects
None yet
Development

No branches or pull requests

2 participants