Reputation: 322
Remove "Using default security password" on Spring Boot test
I have a multi module project, I noticed that when I run my tests (for example the tests annotated with @WebMvcTest) I get this message
Using generated security password: 12e4c462-385v-12y6-917u-e8u5rte36ooi
This generated password is for development use only. Your security configuration must be updated before running your application in production.
How do i remove it?
I think the "problem" is just that having a multi module project, in some tests, the class implementing UserDetailsService is not found because it is part of a different module and therefore the package is not scanned.
Is it enough for me to just ignore the message?
Actually this didn't happen before, it has happened since I removed a bean, probably useless, inside the WebSecuriyConfig class which extends the WebSecurityConfigurerAdapter.
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
Since I don't use that bean anywhere in my application.
Upvotes: 1
Views: 7042
Answers (1)
Reputation: 12639
Security configuration is not loaded by default by @WebMvcTest. You need to manually @Import your web-security config and then setup test security-context.
For configuring OAuth2 test security context, you can use either
- MockMvc request post-processor:
jwt()oropaqueToken()fromorg.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors) - a test annotation from this repo
Sample with @WithMockJwtAuth
@WebMvcTest()
@Import({ WebSecurityConfig.class })
class GreetingControllerTest {
@MockBean
JwtDecoder jwtDecoder;
@Autowired
MockMvc mockMvc;
@Test
@WithMockJwtAuth(authorities = {"NICE", "AUTHOR"}, claims = @OpenIdClaims(preferred_username = "Tonton Pirate"))
void whenGrantedNiceRoleThenOk() throws Exception {
mockMvc.perform(get("/greet")).andExpect(status().isOk())
.andExpect(content().string("Hi Tonton Pirate! You are granted with: [NICE, AUTHOR]."));
}
@Test
@WithMockJwtAuth(authorities = {"AUTHOR"}, claims = @OpenIdClaims(preferred_username = "Tonton Pirate"))
void whenNotGrantedNiceRoleThenForbidden() throws Exception {
mockMvc.perform(get("/greet")).andExpect(status().isForbidden());
}
@Test
void whenAnonymousThenUnauthorized() throws Exception {
mockMvc.perform(get("/greet")).andExpect(status().isUnauthorized());
}
}
Same sample with jwt post-processor
@WebMvcTest()
@Import({ WebSecurityConfig.class })
class GreetingControllerTest {
@MockBean
JwtDecoder jwtDecoder;
@Autowired
MockMvc mockMvc;
@Test
void whenGrantedNiceRoleThenOk() throws Exception {
mockMvc.perform(get("/greet").with(jwt().jwt(jwt -> {
jwt.claim("preferred_username", "Tonton Pirate");
}).authorities(List.of(new SimpleGrantedAuthority("NICE"), new SimpleGrantedAuthority("AUTHOR"))))).andExpect(status().isOk())
.andExpect(content().string("Hi Tonton Pirate! You are granted with: [NICE, AUTHOR]."));
}
@Test
void whenNotGrantedNiceRoleThenForbidden() throws Exception {
mockMvc.perform(get("/greet").with(jwt().jwt(jwt -> {
jwt.claim("preferred_username", "Tonton Pirate");
}).authorities(List.of(new SimpleGrantedAuthority("AUTHOR"))))).andExpect(status().isForbidden());
}
@Test
void whenAnonymousThenUnauthorized() throws Exception {
mockMvc.perform(get("/greet")).andExpect(status().isUnauthorized());
}
}
Upvotes: 1
Related Questions
- Remove "Using default security password" on Spring Boot
- Spring boot - how to override the default username and password in spring security
- Spring Security: How to change default user and password?
- Disable security for unit tests with spring boot
- Spring boot change default authentication system
- Disable Basic Authentication while using Spring Security Java configuration
- Spring boot, disable security for tests
- Why I can't disable spring boot auto generated password and user?
- How to disable default Spring security with Spring boot?
- Spring security configuration: enable/disable authentication