Jsrikoo
Reputation: 35
How to bypass the Spring @PreAuthorize annotation on RestController for tests?
How can I create a bypass @Preauthorize so that I can test in local with out calling the actual because annotation will be loaded before the class loads ?
@RestController
@RequestMapping("/test")
public class ResourceController {
@RequestMapping(method = GET)
@PreAuthorize
@ResponseBody
public String message(){ return "Hello World"; }
Upvotes: 3
Views: 3380
Answers (2)
Nitish Sahu
Reputation: 91
You can use spring-security-test to achieve this.
pom.xml
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<version>5.3.3.RELEASE</version>
<scope>test</scope>
</dependency>
Supposedly your controller looks like:
@PreAuthorize("hasRole('ROLE_ADMIN')")
public User createUser(final User user) {
......
}
And your test can look like:
public class MyControllerTests {
private MockMvc mvc;
@BeforeEach
void setup() {
mvc = MockMvcBuilders
.webAppContextSetup(context)
.apply(springSecurity())
.build();
}
@Test
void testCreateWithProperPermission() throws Exception {
final User user = new User();
user.setName("Test");
final MvcResult mvcResult = mvc.perform(MockMvcRequestBuilders.post("/v1/foo/").with(user("foo").roles("ADMIN"))
.content(new ObjectMapper().writeValueAsString(user))
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isOk())
final String responseBody = mvcResult.getResponse().getContentAsString();
final User created = new ObjectMapper().readValue(responseBody, User.class);
// verify the saved entity's data is correct
assertThat(created).isNotNull();
assertThat(created)
.hasFieldOrPropertyWithValue("name", user.getName());
}
Upvotes: 1
Alien
Reputation: 15878
You can have a test profile in your code which you then activate when running tests against the code. You can then use the predefined user and password in your tests.
@Configuration
public class TestConfig {
@EnableWebSecurity
@Profile("test")
class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public UserDetailsService userDetailsService() {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("user").password("password").roles("ROLE1", "ROLE2", "ROLE3").build());
return manager;
}
}
}
Upvotes: 0
Related Questions
- how to disable @PreAuthorize for tests?
- How to disable/ ignore @PreAuthorize in a Spring Boot application
- How to ignore @PreAuthorize("isAuthenticated()") annotation in Unit Test?
- PreAuthorize annotations on Spring controllers are ignored when testing
- How can test a Spring Boot controller method annoted with @PreAuthorized(hasAnyAuthority(...))
- Spring Boot - Test Rest Api With Custom PreAuthorize Expression and Authentication
- Spring Boot - @PreAuthorize does not work in test
- RestAssured: How to disable PreAuthorize when
- TestingAuthenticationToken and @PreAuthorizedTest -anotation ignored
- Bypass Spring Security @preauthorize