spring-security/docs/modules/ROOT/pages/servlet/test/mockmvc/result-handlers.adoc

=== SecurityMockMvcResultHandlers

Spring Security provides a few ``ResultHandler``s implementations.
In order to use Spring Security's ``ResultHandler``s implementations ensure the following static import is used:

[source,java]
----
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultHandlers.*;
----

==== Exporting the SecurityContext

Often times we want to query a repository to see if some `MockMvc` request actually persisted in the database.
In some cases our repository query uses the xref:features/integrations/data.adoc[Spring Data Integration] to filter the results based on current user's username or any other property.
Let's see an example:

A repository interface:
[source,java]
----
private interface MessageRepository extends JpaRepository<Message, Long> {
	@Query("SELECT m.content FROM Message m WHERE m.sentBy = ?#{ principal?.name }")
	List<String> findAllUserMessages();
}
----

Our test scenario:

[source,java]
----
mvc
	.perform(post("/message")
		.content("New Message")
		.contentType(MediaType.TEXT_PLAIN)
	)
	.andExpect(status().isOk());

List<String> userMessages = messageRepository.findAllUserMessages();
assertThat(userMessages).hasSize(1);
----

This test won't pass because after our request finishes, the `SecurityContextHolder` will be cleared out by the filter chain.
We can then export the `TestSecurityContextHolder` to our `SecurityContextHolder` and use it as we want:

[source,java]
----
mvc
	.perform(post("/message")
		.content("New Message")
		.contentType(MediaType.TEXT_PLAIN)
	)
	.andDo(exportTestSecurityContext())
	.andExpect(status().isOk());

List<String> userMessages = messageRepository.findAllUserMessages();
assertThat(userMessages).hasSize(1);
----

[NOTE]
====
Remember to clear the `SecurityContextHolder` between your tests, or it may leak amongst them
====
Separate Testing Servlet Docs Issue gh-10367 2021-10-29 12:34:29 -06:00			`=== SecurityMockMvcResultHandlers`

			Spring Security provides a few ``ResultHandler``s implementations.
			In order to use Spring Security's ``ResultHandler``s implementations ensure the following static import is used:

			`[source,java]`
			`----`
			`import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultHandlers.*;`
			`----`

			`==== Exporting the SecurityContext`

			Often times we want to query a repository to see if some `MockMvc` request actually persisted in the database.
			`In some cases our repository query uses the xref:features/integrations/data.adoc[Spring Data Integration] to filter the results based on current user's username or any other property.`
			`Let's see an example:`

			`A repository interface:`
			`[source,java]`
			`----`
			`private interface MessageRepository extends JpaRepository<Message, Long> {`
			`@Query("SELECT m.content FROM Message m WHERE m.sentBy = ?#{ principal?.name }")`
			`List<String> findAllUserMessages();`
			`}`
			`----`

			`Our test scenario:`

			`[source,java]`
			`----`
			`mvc`
			`.perform(post("/message")`
			`.content("New Message")`
			`.contentType(MediaType.TEXT_PLAIN)`
			`)`
			`.andExpect(status().isOk());`

			`List<String> userMessages = messageRepository.findAllUserMessages();`
			`assertThat(userMessages).hasSize(1);`
			`----`

			This test won't pass because after our request finishes, the `SecurityContextHolder` will be cleared out by the filter chain.
			We can then export the `TestSecurityContextHolder` to our `SecurityContextHolder` and use it as we want:

			`[source,java]`
			`----`
			`mvc`
			`.perform(post("/message")`
			`.content("New Message")`
			`.contentType(MediaType.TEXT_PLAIN)`
			`)`
			`.andDo(exportTestSecurityContext())`
			`.andExpect(status().isOk());`

			`List<String> userMessages = messageRepository.findAllUserMessages();`
			`assertThat(userMessages).hasSize(1);`
			`----`

			`[NOTE]`
			`====`
			Remember to clear the `SecurityContextHolder` between your tests, or it may leak amongst them
			`====`