Spring Security Test and MockMvc serve null custom UserDetails parameter to REST Controller
I am trying to write an integration test that hits a REST endpoint and gets data for a specific authenticated user (the one I configure in the test). I first tried my setup with mockMvc = webAppContextSetup(wac).apply(springSecurity()).build()
, but it was consistently failing BeanInstantiationException
. Through Testing Spring Security and MvcMock with a custom UserDetails implementation, I was able to overcome this issue by switching my setUp. Now that I have switched my setting to use standaloneSetup
, I can call my controller. But no matter what I do, I cannot get the custom UserDetails object I create in my test, in a method of my controller that ends up calling MockMvc.
I am using Spring 4.2.2 and Spring Security 4.0.1.
My test code looks something like this:
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(classes = { RestControllerITConfig.class })
@WebAppConfiguration
public class ControllerIT {
private MockMvc mockMvc;
@Before
public void setUp() {
mockMvc = standaloneSetup(new Controller())
.setCustomArgumentResolvers(new AuthenticationPrincipalArgumentResolver())
.build();
}
@Test
public void testGetEndpoint() throws Exception {
CustomUserDetails userDetails = new CustomUserDetails("John","Smith", "abc123");
assertNotNull(userDetails);
MvcResult result = mockMvc.perform(
get("/somepath").with(user(userDetails)))
.andExpect(status().isOk())
.andExpect(content().contentType("text/json")));
}
}
@Configuration
@ComponentScan(basePackageClasses = { AuthenticationConfig.class })
public class RestControllerITConfig {
}
@Configuration
@EnableWebSecurity
@ComponentScan("com.my.authentication.package")
public class AuthenticationConfig extends WebSecurityConfigurerAdapter {
// snip
}
@Target({ ElementType.PARAMETER, ElementType.TYPE })
@Retention(RetentionPolicy.RUNTIME)
@Documented
@AuthenticationPrincipal
public @interface MyUser {
}
@RestController
@RequestMapping("/somepath")
public class Controller {
@RequestMapping(value = "", method = RequestMethod.GET)
public ResponseEntity<Object> getSomePath(@MyUser CustomUserDetails customUser) {
customUser.getName(); // <== Causes NPE
}
}
There are other parts of the irrelevant configuration that have been omitted for brevity. I don't really understand why the custom UserDetails object that I create explicitly in the test doesn't end up in my REST controller, but rather is a null object. What am I doing wrong here? Does anyone have a working example of a similar case? Thank you very much in advance.
source to share
Finally, I was able to get this to work by explicitly adding the AuthenticationConfig filter to StandaloneMockMvcBuilder
. So my setup now looks like this:
private MockMvc mockMvc;
@Autowired
private MyController controller;
@Autowired
private AuthenticationConfig authConfig;
@Before
public void setUp() {
mockMvc = standaloneSetup(controller)
.setCustomArgumentResolvers(new AuthenticationPrincipalArgumentResolver())
.addFilters(authConfig.getCustomFilter())
.build();
}
source to share