public final class SecurityMockMvcRequestPostProcessors extends Object
MockMvc
RequestPostProcessor
implementations for Spring
Security.Modifier and Type | Class and Description |
---|---|
static class |
SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
Populates a valid
CsrfToken into the request. |
static class |
SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor |
static class |
SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
Creates a
UsernamePasswordAuthenticationToken and sets the principal to be
a User and associates it to the MockHttpServletRequest . |
Modifier and Type | Method and Description |
---|---|
static RequestPostProcessor |
anonymous()
Establish a
SecurityContext that uses an
AnonymousAuthenticationToken . |
static RequestPostProcessor |
authentication(Authentication authentication)
Establish a
SecurityContext that uses the specified Authentication
for the Authentication.getPrincipal() and a custom UserDetails . |
static SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor |
csrf()
Creates a
RequestPostProcessor that will automatically populate a valid
CsrfToken in the request. |
static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor |
digest()
Creates a DigestRequestPostProcessor that enables easily adding digest based
authentication to a request.
|
static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor |
digest(String username)
Creates a DigestRequestPostProcessor that enables easily adding digest based
authentication to a request.
|
static RequestPostProcessor |
httpBasic(String username,
String password)
Convenience mechanism for setting the Authorization header to use HTTP Basic with
the given username and password.
|
static RequestPostProcessor |
securityContext(SecurityContext securityContext)
Establish the specified
SecurityContext to be used. |
static RequestPostProcessor |
testSecurityContext()
Creates a
RequestPostProcessor that can be used to ensure that the
resulting request is ran with the user in the TestSecurityContextHolder . |
static SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor |
user(String username)
Establish a
SecurityContext that has a
UsernamePasswordAuthenticationToken for the
Authentication.getPrincipal() and a User for the
UsernamePasswordAuthenticationToken.getPrincipal() . |
static RequestPostProcessor |
user(UserDetails user)
Establish a
SecurityContext that has a
UsernamePasswordAuthenticationToken for the
Authentication.getPrincipal() and a custom UserDetails for the
UsernamePasswordAuthenticationToken.getPrincipal() . |
static RequestPostProcessor |
x509(String resourceName)
Finds an X509Cetificate using a resoureName and populates it on the request.
|
static RequestPostProcessor |
x509(X509Certificate... certificates)
Populates the provided X509Certificate instances on the request.
|
public static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor digest()
public static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor digest(String username)
username
- the username to usepublic static RequestPostProcessor x509(X509Certificate... certificates)
certificates
- the X509Certificate instances to pouplateRequestPostProcessor
to use.public static RequestPostProcessor x509(String resourceName) throws IOException, CertificateException
resourceName
- the name of the X509Certificate resourceRequestPostProcessor
to use.IOException
CertificateException
public static SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor csrf()
RequestPostProcessor
that will automatically populate a valid
CsrfToken
in the request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
for further customizations.public static RequestPostProcessor testSecurityContext()
RequestPostProcessor
that can be used to ensure that the
resulting request is ran with the user in the TestSecurityContextHolder
.RequestPostProcessor
to suepublic static SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor user(String username)
SecurityContext
that has a
UsernamePasswordAuthenticationToken
for the
Authentication.getPrincipal()
and a User
for the
UsernamePasswordAuthenticationToken.getPrincipal()
. All details are
declarative and do not require that the user actually exists.
The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
SecurityMockMvcConfigurers.springSecurity()
SecurityContextPersistenceFilter
to the MockMvc
instance may make sense when using MockMvcBuilders standaloneSetupusername
- the username to populateSecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
for additional customizationpublic static RequestPostProcessor user(UserDetails user)
SecurityContext
that has a
UsernamePasswordAuthenticationToken
for the
Authentication.getPrincipal()
and a custom UserDetails
for the
UsernamePasswordAuthenticationToken.getPrincipal()
. All details are
declarative and do not require that the user actually exists.
The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
SecurityMockMvcConfigurers.springSecurity()
SecurityContextPersistenceFilter
to the MockMvc
instance may make sense when using MockMvcBuilders standaloneSetupuser
- the UserDetails to populateRequestPostProcessor
to usepublic static RequestPostProcessor authentication(Authentication authentication)
SecurityContext
that uses the specified Authentication
for the Authentication.getPrincipal()
and a custom UserDetails
. All
details are declarative and do not require that the user actually exists.
The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
SecurityMockMvcConfigurers.springSecurity()
SecurityContextPersistenceFilter
to the MockMvc
instance may make sense when using MockMvcBuilders standaloneSetupauthentication
- the Authentication to populateRequestPostProcessor
to usepublic static RequestPostProcessor anonymous()
SecurityContext
that uses an
AnonymousAuthenticationToken
. This is useful when a user wants to run a
majority of tests as a specific user and wishes to override a few methods to be
anonymous. For example:
public class SecurityTests {
@Before
public void setup() {
mockMvc = MockMvcBuilders
.webAppContextSetup(context)
.defaultRequest(get("/").with(user("user")))
.build();
}
@Test
public void anonymous() {
mockMvc.perform(get("anonymous").with(anonymous()));
}
// ... lots of tests ran with a default user ...
}
RequestPostProcessor
to usepublic static RequestPostProcessor securityContext(SecurityContext securityContext)
SecurityContext
to be used.
This works by associating the user to the HttpServletRequest
. To associate
the request to the SecurityContextHolder
you need to ensure that the
SecurityContextPersistenceFilter
(i.e. Spring Security's FilterChainProxy
will typically do this) is associated with the MockMvc
instance.
public static RequestPostProcessor httpBasic(String username, String password)
username
- the username to include in the Authorization header.password
- the password to include in the Authorization header.RequestPostProcessor
to use