2023-07-23 14:35:51 +05:30
= SecurityMockMvcResultHandlers
2021-10-29 12:34:29 -06:00
Spring Security provides a few ``ResultHandler``s implementations.
In order to use Spring Security's ``ResultHandler``s implementations ensure the following static import is used:
[source,java]
----
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultHandlers.*;
----
2023-09-07 14:07:40 -05:00
== Exporting the SecurityContext
2021-10-29 12:34:29 -06:00
Often times we want to query a repository to see if some `MockMvc` request actually persisted in the database.
In some cases our repository query uses the xref:features/integrations/data.adoc[Spring Data Integration] to filter the results based on current user's username or any other property.
Let's see an example:
A repository interface:
[source,java]
----
private interface MessageRepository extends JpaRepository<Message, Long> {
@Query("SELECT m.content FROM Message m WHERE m.sentBy = ?#{ principal?.name }")
List<String> findAllUserMessages();
}
----
Our test scenario:
[source,java]
----
mvc
.perform(post("/message")
.content("New Message")
.contentType(MediaType.TEXT_PLAIN)
)
.andExpect(status().isOk());
List<String> userMessages = messageRepository.findAllUserMessages();
assertThat(userMessages).hasSize(1);
----
This test won't pass because after our request finishes, the `SecurityContextHolder` will be cleared out by the filter chain.
We can then export the `TestSecurityContextHolder` to our `SecurityContextHolder` and use it as we want:
[source,java]
----
mvc
.perform(post("/message")
.content("New Message")
.contentType(MediaType.TEXT_PLAIN)
)
.andDo(exportTestSecurityContext())
.andExpect(status().isOk());
List<String> userMessages = messageRepository.findAllUserMessages();
assertThat(userMessages).hasSize(1);
----
[NOTE]
====
Remember to clear the `SecurityContextHolder` between your tests, or it may leak amongst them
====
