Mock MVC injected authentication

[nat...@ncjones.com]

I have a Spring MVC controller request handler method which is expecting a Spring Security authentication instance to be injected as a parameter. When I test this controller with Rest Assured the Spring authorization parameter is null. I have set the principal using given().auth().principal(). If I instead use SecurityContextHolder.getContext().getAuthentication() to get the authentication in the controller. I understand the injected authentication should be the same as that returned by the static getContext() approach. Is there anything I can do to get injecting authorization instances like this working with Rest Assured Mock MVC?

The Spring controller class is:

@Controller
@RequestMapping("/session")
public class SessionController {

    @RequestMapping(method = GET)
    @ResponseBody
    public UserSessionInfo getUserSessionDetails(Authentication authentication) {
        if (authentication == null || !authentication.isAuthenticated()) {
            throw new AccessDeniedException("User is not authenticated yet");
        }
        CustomUserDetails userDetails = (CustomUserDetails) authentication.getPrincipal();
        UserSessionInfo userInfo = new UserSessionInfo();
        userInfo.setUserName(userDetails.getUsername());
        return userInfo;
    }

}

The JUnit test class is:

public class SessionControllerTest {
   
    private SessionController sessionController;
   
    @Before
    public void setUp() {
        sessionController = new SessionController();
    }

    @Test
    public void test() {
        given().
            standaloneSetup(sessionController).
            auth().principal(new User("username", "password")).
        when().
            get("/session").
        then().
            statusCode(200).
            body("username", equalTo("username"));
    }

}

[Johan Haleby]

That's interesting and I don't know to be honest :/ Do you know if vanilla MockMvc has support for this? I know the Spring guys have been talking about adding better authentication support to MockMvc (perhaps it has even been released?) so in that case I should definitely add support for it in RA as well.

/Johan

--
You received this message because you are subscribed to the Google Groups "REST assured" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rest-assured...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Nathan Jones]

We switched to Spring Mock MVC but still didn't get this working. I am
pretty sure it works in Spring 4 but we are on 3.2 (see
http://spring.io/blog/2014/05/23/preview-spring-security-test-web-security).

We ended up side-stepping the issue by creating our own domain-specific
permissioning abstraction which is injected into our Spring MVC controllers.

- Nathan

> thrownewAccessDeniedException("User is not authenticated yet");

> }
> CustomUserDetailsuserDetails
> =(CustomUserDetails)authentication.getPrincipal();
> UserSessionInfouserInfo =newUserSessionInfo();
> userInfo.setUserName(userDetails.getUsername());
> returnuserInfo;
> }
>
> }
>
> |
>
> The JUnit test class is:
>
> |
> publicclassSessionControllerTest{
>
> privateSessionControllersessionController;
>
> @Before
> publicvoidsetUp(){
> sessionController =newSessionController();
> }
>
> @Test
> publicvoidtest(){
> given().
> standaloneSetup(sessionController).

> auth().principal(newUser("username","password")).

> when().
> get("/session").
> then().
> statusCode(200).

> body("username",equalTo("username"));

> }
>
> }
> |
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "REST assured" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to rest-assured...@googlegroups.com

> <mailto:rest-assured...@googlegroups.com>.

> For more options, visit https://groups.google.com/d/optout.
>
>

> --
> You received this message because you are subscribed to the Google
> Groups "REST assured" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to rest-assured...@googlegroups.com

> <mailto:rest-assured...@googlegroups.com>.

[Johan Haleby]

If you get more info or ideas about this in the future please let us know if there's anything we can do from the REST Assured side.

    send an email to rest-assured+unsubscribe@googlegroups.com

    <mailto:rest-assured+unsub...@googlegroups.com>.

    For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google
Groups "REST assured" group.
To unsubscribe from this group and stop receiving emails from it, send

an email to rest-assured+unsubscribe@googlegroups.com

<mailto:rest-assured+unsub...@googlegroups.com>.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "REST assured" group.

To unsubscribe from this group and stop receiving emails from it, send an email to rest-assured+unsubscribe@googlegroups.com.