mirror of
				https://github.com/spring-projects/spring-security.git
				synced 2025-10-25 03:38:43 +00:00 
			
		
		
		
	This commit removes unnecessary main-branch merges starting from 8750608b5bca45525c99d0a41a20ed02de93d8c7 and adds the following needed commit(s) that were made afterward: - 5dce82c48bc0b174838501c5a111b2de70822914
		
			
				
	
	
		
			62 lines
		
	
	
		
			1.8 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			62 lines
		
	
	
		
			1.8 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| === SecurityMockMvcResultHandlers
 | |
| 
 | |
| Spring Security provides a few ``ResultHandler``s implementations.
 | |
| In order to use Spring Security's ``ResultHandler``s implementations ensure the following static import is used:
 | |
| 
 | |
| [source,java]
 | |
| ----
 | |
| import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultHandlers.*;
 | |
| ----
 | |
| 
 | |
| ==== Exporting the SecurityContext
 | |
| 
 | |
| Often times we want to query a repository to see if some `MockMvc` request actually persisted in the database.
 | |
| In some cases our repository query uses the xref:features/integrations/data.adoc[Spring Data Integration] to filter the results based on current user's username or any other property.
 | |
| Let's see an example:
 | |
| 
 | |
| A repository interface:
 | |
| [source,java]
 | |
| ----
 | |
| private interface MessageRepository extends JpaRepository<Message, Long> {
 | |
| 	@Query("SELECT m.content FROM Message m WHERE m.sentBy = ?#{ principal?.name }")
 | |
| 	List<String> findAllUserMessages();
 | |
| }
 | |
| ----
 | |
| 
 | |
| Our test scenario:
 | |
| 
 | |
| [source,java]
 | |
| ----
 | |
| mvc
 | |
| 	.perform(post("/message")
 | |
| 		.content("New Message")
 | |
| 		.contentType(MediaType.TEXT_PLAIN)
 | |
| 	)
 | |
| 	.andExpect(status().isOk());
 | |
| 
 | |
| List<String> userMessages = messageRepository.findAllUserMessages();
 | |
| assertThat(userMessages).hasSize(1);
 | |
| ----
 | |
| 
 | |
| This test won't pass because after our request finishes, the `SecurityContextHolder` will be cleared out by the filter chain.
 | |
| We can then export the `TestSecurityContextHolder` to our `SecurityContextHolder` and use it as we want:
 | |
| 
 | |
| [source,java]
 | |
| ----
 | |
| mvc
 | |
| 	.perform(post("/message")
 | |
| 		.content("New Message")
 | |
| 		.contentType(MediaType.TEXT_PLAIN)
 | |
| 	)
 | |
| 	.andDo(exportTestSecurityContext())
 | |
| 	.andExpect(status().isOk());
 | |
| 
 | |
| List<String> userMessages = messageRepository.findAllUserMessages();
 | |
| assertThat(userMessages).hasSize(1);
 | |
| ----
 | |
| 
 | |
| [NOTE]
 | |
| ====
 | |
| Remember to clear the `SecurityContextHolder` between your tests, or it may leak amongst them
 | |
| ====
 |