From 212e6fe8205be2ffcc309b70e7db2a3f0817ac6e Mon Sep 17 00:00:00 2001 From: chrisoberle Date: Sun, 2 Sep 2018 05:14:16 -0400 Subject: [PATCH] BAEL-1969 spring security for spring boot integration tests (#5074) * BAEL-1969 spring security for spring boot integration tests * BAEL-1969 spring security for spring boot integration tests --- .../MethodSecurityConfigurer.java | 13 +++++ .../SecuredApplication.java | 13 +++++ .../integrationtesting/SecuredController.java | 21 ++++++++ .../integrationtesting/SecuredService.java | 13 +++++ .../WebSecurityConfigurer.java | 31 +++++++++++ ...ControllerRestTemplateIntegrationTest.java | 34 ++++++++++++ ...edControllerSpringBootIntegrationTest.java | 52 +++++++++++++++++++ ...ecuredControllerWebMvcIntegrationTest.java | 39 ++++++++++++++ ...ecuredMethodSpringBootIntegrationTest.java | 32 ++++++++++++ 9 files changed, 248 insertions(+) create mode 100644 spring-boot-security/src/main/java/com/baeldung/integrationtesting/MethodSecurityConfigurer.java create mode 100644 spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredApplication.java create mode 100644 spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredController.java create mode 100644 spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredService.java create mode 100644 spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java create mode 100644 spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerRestTemplateIntegrationTest.java create mode 100644 spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerSpringBootIntegrationTest.java create mode 100644 spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerWebMvcIntegrationTest.java create mode 100644 spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredMethodSpringBootIntegrationTest.java diff --git a/spring-boot-security/src/main/java/com/baeldung/integrationtesting/MethodSecurityConfigurer.java b/spring-boot-security/src/main/java/com/baeldung/integrationtesting/MethodSecurityConfigurer.java new file mode 100644 index 0000000000..dccbace106 --- /dev/null +++ b/spring-boot-security/src/main/java/com/baeldung/integrationtesting/MethodSecurityConfigurer.java @@ -0,0 +1,13 @@ +package com.baeldung.integrationtesting; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration; + +@Configuration +@EnableGlobalMethodSecurity( + prePostEnabled = true, + securedEnabled = true) +public class MethodSecurityConfigurer extends GlobalMethodSecurityConfiguration { + +} diff --git a/spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredApplication.java b/spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredApplication.java new file mode 100644 index 0000000000..18469e4752 --- /dev/null +++ b/spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredApplication.java @@ -0,0 +1,13 @@ +package com.baeldung.integrationtesting; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class SecuredApplication { + + public static void main(String[] args) { + SpringApplication.run(SecuredApplication.class, args); + } + +} diff --git a/spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredController.java b/spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredController.java new file mode 100644 index 0000000000..495c358784 --- /dev/null +++ b/spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredController.java @@ -0,0 +1,21 @@ +package com.baeldung.integrationtesting; + +import java.util.Arrays; +import java.util.List; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +public class SecuredController { + + @GetMapping("/public/hello") + public List publicHello() { + return Arrays.asList("Hello", "World", "from", "Public"); + } + + @GetMapping("/private/hello") + public List privateHello() { + return Arrays.asList("Hello", "World", "from", "Private"); + } + +} diff --git a/spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredService.java b/spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredService.java new file mode 100644 index 0000000000..25253f163a --- /dev/null +++ b/spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredService.java @@ -0,0 +1,13 @@ +package com.baeldung.integrationtesting; + +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.stereotype.Service; + +@Service +public class SecuredService { + + @PreAuthorize("authenticated") + public String sayHelloSecured() { + return "Hello user."; + } +} diff --git a/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java b/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java new file mode 100644 index 0000000000..32a48ce612 --- /dev/null +++ b/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java @@ -0,0 +1,31 @@ +package com.baeldung.integrationtesting; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@Configuration +public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.inMemoryAuthentication() + .withUser("spring") + .password("secret") + .roles("USER"); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/private/**") + .hasRole("USER") + .antMatchers("/public/**") + .permitAll() + .and() + .httpBasic(); + } + + +} diff --git a/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerRestTemplateIntegrationTest.java b/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerRestTemplateIntegrationTest.java new file mode 100644 index 0000000000..c224058155 --- /dev/null +++ b/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerRestTemplateIntegrationTest.java @@ -0,0 +1,34 @@ +package com.baeldung.integrationtesting; + +import static org.junit.Assert.assertEquals; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; +import org.springframework.boot.test.web.client.TestRestTemplate; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.test.context.junit4.SpringRunner; + +@RunWith(SpringRunner.class) +@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) +public class SecuredControllerRestTemplateIntegrationTest { + + @Autowired + private TestRestTemplate template; + + @Test + public void givenRequestOnPrivateService_shouldFailWith401() throws Exception { + ResponseEntity result = template.getForEntity("/private/hello", String.class); + assertEquals(HttpStatus.UNAUTHORIZED, result.getStatusCode()); + } + + @Test + public void givenAuthRequestOnPrivateService_shouldSucceedWith200() throws Exception { + ResponseEntity result = template.withBasicAuth("spring", "secret") + .getForEntity("/private/hello", String.class); + assertEquals(HttpStatus.OK, result.getStatusCode()); + } + +} diff --git a/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerSpringBootIntegrationTest.java b/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerSpringBootIntegrationTest.java new file mode 100644 index 0000000000..ce9e6de917 --- /dev/null +++ b/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerSpringBootIntegrationTest.java @@ -0,0 +1,52 @@ +package com.baeldung.integrationtesting; + +import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; +import org.springframework.http.MediaType; +import org.springframework.security.test.context.support.WithMockUser; +import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.setup.MockMvcBuilders; +import org.springframework.web.context.WebApplicationContext; + +@RunWith(SpringRunner.class) +@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) +public class SecuredControllerSpringBootIntegrationTest { + + @Autowired + private WebApplicationContext context; + + private MockMvc mvc; + + @Before + public void setup() { + mvc = MockMvcBuilders + .webAppContextSetup(context) + .apply(springSecurity()) + .build(); + } + + @Test + public void givenRequestOnPrivateService_shouldFailWith401() throws Exception { + mvc.perform(get("/private/hello") + .contentType(MediaType.APPLICATION_JSON)) + .andExpect(status().isUnauthorized()); + } + + @WithMockUser("spring") + @Test + public void givenAuthRequestOnPrivateService_shouldSucceedWith200() throws Exception { + mvc.perform(get("/private/hello") + .contentType(MediaType.APPLICATION_JSON)) + .andExpect(status().isOk()); + } + +} diff --git a/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerWebMvcIntegrationTest.java b/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerWebMvcIntegrationTest.java new file mode 100644 index 0000000000..7281648856 --- /dev/null +++ b/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerWebMvcIntegrationTest.java @@ -0,0 +1,39 @@ +package com.baeldung.integrationtesting; + +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; +import org.springframework.http.MediaType; +import org.springframework.security.test.context.support.WithMockUser; +import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.test.web.servlet.MockMvc; + +import com.baeldung.integrationtesting.SecuredController; + +@RunWith(SpringRunner.class) +@WebMvcTest(SecuredController.class) +public class SecuredControllerWebMvcIntegrationTest { + + @Autowired + private MockMvc mvc; + + @Test + public void givenRequestOnPrivateService_shouldFailWith401() throws Exception { + mvc.perform(get("/private/hello") + .contentType(MediaType.APPLICATION_JSON)) + .andExpect(status().isUnauthorized()); + } + + @WithMockUser(value = "spring") + @Test + public void givenAuthRequestOnPrivateService_shouldSucceedWith200() throws Exception { + mvc.perform(get("/private/hello") + .contentType(MediaType.APPLICATION_JSON)) + .andExpect(status().isOk()); + } + +} diff --git a/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredMethodSpringBootIntegrationTest.java b/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredMethodSpringBootIntegrationTest.java new file mode 100644 index 0000000000..816b05bd5a --- /dev/null +++ b/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredMethodSpringBootIntegrationTest.java @@ -0,0 +1,32 @@ +package com.baeldung.integrationtesting; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; +import org.springframework.security.test.context.support.WithMockUser; +import org.springframework.test.context.junit4.SpringRunner; + +import com.baeldung.integrationtesting.SecuredService; + +@RunWith(SpringRunner.class) +@SpringBootTest +public class SecuredMethodSpringBootIntegrationTest { + + @Autowired + private SecuredService service; + + @Test(expected = AuthenticationCredentialsNotFoundException.class) + public void givenUnauthenticated_whenCallService_thenThrowsException() { + service.sayHelloSecured(); + } + + @WithMockUser(username="spring") + @Test + public void givenAuthenticated_whenCallServiceWithSecured_thenOk() { + assertThat(service.sayHelloSecured()).isNotBlank(); + } +}