Reputation: 6649
@WithUserDetails and @WithMockUser when using springSecurity() in MockMVC with production authentication logic
After debugging for some time, I found that @WithUserDetails and @WithMockUser dummy the SecurityContext but don't add any fake Authentication Provider, so in case this is used with production code,
SecurityContextHolderis populated with fakeSecurityContextcontaining our dummyAuthenticationobjectFilters take place and all the prod authentication system fail because there is no extra
AbstractUserDetailsAuthenticationProviderinProviderManager, and upon final error,SecurityContextis cleared, so I loose the test mock authentication setting...
So.. is there any built-in way to use test convenient @With.. annotations over production auth code? Is it a bug? Can I change the order of previous bullet points so at least the testing preparation happens later?
Upvotes: 0
Views: 1549
Answers (1)
Reputation: 1622
Correct, the @WithUserDetails and @WithMockUser are intended when you wish to mock a request that is already authenticated.
So all the filters that do authentication, should not trigger at this point. If you're filters are triggering, then you can rewrite the filters to account for the use case when the authentication already has taken place.
Another option is to rewrite the test to do authentication the way your application expects it.
Upvotes: 2
Related Questions
- @WithMockUser with custom User implementation
- @WithMockUser ignores username, password fields?
- Spring Security, JUnit: @WithUserDetails for user created in @Before
- Spring Security Test @WithMockUser not working
- @WithMockUser doesn't pick Spring Security auth credentials
- Spring Security and MockMvc - Need to mock authentication or principal
- Use @WithMockUser (with @SpringBootTest) inside an oAuth2 Resource Server Application
- Spring Security AuthenticationSuccessHandler and MockMvc
- Spring Boot 2, Spring Security 5 and @WithMockUser
- WIthMockUser doesn't work