-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MockMvc discards modified SecurityContext #3719
Comments
Now that I am returning for further enhancements, the |
We have moved to GitHub issues, so this is the correct place :) We are hoping GitHub issues will get more community involvement than JIRA was. I'm working with our admin to get redirects in place. |
Is |
@chrylis Every request. If you need to control it on each specific request, then you need to use .with(user(userDetails)).
This is because it will look up the user for each request. So if you update the source, then it will be correct. |
This actually works the way that I expected it to (login does update the security context persistently). I'm using the MockMvc HtmlUnit support, so the |
Was this issue originally resolved? I'm running into the exact same problem. |
@LajosPolya can you clarify what you mean by "the exact same problem"? I believe it was resolved that there was nothing to do on this ticket, so we'll need more information to help point you in the right direction. |
@jzheaux If I recall correctly, if I annotated a test class with WithUserDetails annotation then only the first API call I made would be authenticated. Every consecutive API call would have an empty SecurityContext so I would have to manually set it. |
What that means is that every API call within a given annotated test would use the same If you still feel like there's an issue, consider filing a separate ticket with more details about what you are experiencing. |
I am testing a Spring MVC controller that updates a customer's subscription and then immediately refreshes the security context to apply the new settings:
This works correctly run live. However, when using
@WithUserDetails
and MockMvc, the change in the context applied in the controller method is discarded between requests, so that when I make a subsequent request I see the stale data.(This may belong on the main JIRA, but I reported here because it appears to be a problem with the security support, perhaps in
TestSecurityContextHolder
; changing arbitrary session attributes works as expected.)The text was updated successfully, but these errors were encountered: