spring-security/docs/modules/ROOT/pages/reactive/test/web/authentication.adoc

= Testing Authentication

After xref:reactive/test/web/setup.adoc[applying the Spring Security support to `WebTestClient`] we can use either annotations or `mutateWith` support.
For example:

====
.Java
[source,java,role="primary"]
----
@Test
public void messageWhenNotAuthenticated() throws Exception {
	this.rest
		.get()
		.uri("/message")
		.exchange()
		.expectStatus().isUnauthorized();
}

// --- WithMockUser ---

@Test
@WithMockUser
public void messageWhenWithMockUserThenForbidden() throws Exception {
	this.rest
		.get()
		.uri("/message")
		.exchange()
		.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);
}

@Test
@WithMockUser(roles = "ADMIN")
public void messageWhenWithMockAdminThenOk() throws Exception {
	this.rest
		.get()
		.uri("/message")
		.exchange()
		.expectStatus().isOk()
		.expectBody(String.class).isEqualTo("Hello World!");
}

// --- mutateWith mockUser ---

@Test
public void messageWhenMutateWithMockUserThenForbidden() throws Exception {
	this.rest
		.mutateWith(mockUser())
		.get()
		.uri("/message")
		.exchange()
		.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);
}

@Test
public void messageWhenMutateWithMockAdminThenOk() throws Exception {
	this.rest
		.mutateWith(mockUser().roles("ADMIN"))
		.get()
		.uri("/message")
		.exchange()
		.expectStatus().isOk()
		.expectBody(String.class).isEqualTo("Hello World!");
}
----

.Kotlin
[source,kotlin,role="secondary"]
----
import org.springframework.test.web.reactive.server.expectBody

//...

@Test
@WithMockUser
fun messageWhenWithMockUserThenForbidden() {
    this.rest.get().uri("/message")
        .exchange()
        .expectStatus().isEqualTo(HttpStatus.FORBIDDEN)
}

@Test
@WithMockUser(roles = ["ADMIN"])
fun messageWhenWithMockAdminThenOk() {
    this.rest.get().uri("/message")
        .exchange()
        .expectStatus().isOk
        .expectBody<String>().isEqualTo("Hello World!")

}

// --- mutateWith mockUser ---

@Test
fun messageWhenMutateWithMockUserThenForbidden() {
    this.rest
        .mutateWith(mockUser())
        .get().uri("/message")
        .exchange()
        .expectStatus().isEqualTo(HttpStatus.FORBIDDEN)
}

@Test
fun messageWhenMutateWithMockAdminThenOk() {
    this.rest
        .mutateWith(mockUser().roles("ADMIN"))
        .get().uri("/message")
        .exchange()
        .expectStatus().isOk
        .expectBody<String>().isEqualTo("Hello World!")
}
----
====

In addition to `mockUser()`, Spring Security ships with several other convenience mutators for things like xref:reactive/test/web/csrf.adoc[CSRF] and xref:reactive/test/web/oauth2.adoc[OAuth 2.0].
Separate Testing Reactive Docs Issue gh-10367 2021-10-29 10:09:04 -06:00			`= Testing Authentication`

			After xref:reactive/test/web/setup.adoc[applying the Spring Security support to `WebTestClient`] we can use either annotations or `mutateWith` support.
			`For example:`

			`====`
			`.Java`
			`[source,java,role="primary"]`
			`----`
			`@Test`
			`public void messageWhenNotAuthenticated() throws Exception {`
			`this.rest`
			`.get()`
			`.uri("/message")`
			`.exchange()`
			`.expectStatus().isUnauthorized();`
			`}`

			`// --- WithMockUser ---`

			`@Test`
			`@WithMockUser`
			`public void messageWhenWithMockUserThenForbidden() throws Exception {`
			`this.rest`
			`.get()`
			`.uri("/message")`
			`.exchange()`
			`.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);`
			`}`

			`@Test`
			`@WithMockUser(roles = "ADMIN")`
			`public void messageWhenWithMockAdminThenOk() throws Exception {`
			`this.rest`
			`.get()`
			`.uri("/message")`
			`.exchange()`
			`.expectStatus().isOk()`
			`.expectBody(String.class).isEqualTo("Hello World!");`
			`}`

			`// --- mutateWith mockUser ---`

			`@Test`
			`public void messageWhenMutateWithMockUserThenForbidden() throws Exception {`
			`this.rest`
			`.mutateWith(mockUser())`
			`.get()`
			`.uri("/message")`
			`.exchange()`
			`.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);`
			`}`

			`@Test`
			`public void messageWhenMutateWithMockAdminThenOk() throws Exception {`
			`this.rest`
			`.mutateWith(mockUser().roles("ADMIN"))`
			`.get()`
			`.uri("/message")`
			`.exchange()`
			`.expectStatus().isOk()`
			`.expectBody(String.class).isEqualTo("Hello World!");`
			`}`
			`----`

			`.Kotlin`
			`[source,kotlin,role="secondary"]`
			`----`
			`import org.springframework.test.web.reactive.server.expectBody`

			`//...`

			`@Test`
			`@WithMockUser`
			`fun messageWhenWithMockUserThenForbidden() {`
			`this.rest.get().uri("/message")`
			`.exchange()`
			`.expectStatus().isEqualTo(HttpStatus.FORBIDDEN)`
			`}`

			`@Test`
			`@WithMockUser(roles = ["ADMIN"])`
			`fun messageWhenWithMockAdminThenOk() {`
			`this.rest.get().uri("/message")`
			`.exchange()`
			`.expectStatus().isOk`
			`.expectBody<String>().isEqualTo("Hello World!")`

			`}`

			`// --- mutateWith mockUser ---`

			`@Test`
			`fun messageWhenMutateWithMockUserThenForbidden() {`
			`this.rest`
			`.mutateWith(mockUser())`
			`.get().uri("/message")`
			`.exchange()`
			`.expectStatus().isEqualTo(HttpStatus.FORBIDDEN)`
			`}`

			`@Test`
			`fun messageWhenMutateWithMockAdminThenOk() {`
			`this.rest`
			`.mutateWith(mockUser().roles("ADMIN"))`
			`.get().uri("/message")`
			`.exchange()`
			`.expectStatus().isOk`
			`.expectBody<String>().isEqualTo("Hello World!")`
			`}`
			`----`
			`====`

			In addition to `mockUser()`, Spring Security ships with several other convenience mutators for things like xref:reactive/test/web/csrf.adoc[CSRF] and xref:reactive/test/web/oauth2.adoc[OAuth 2.0].