public final class SecurityMockMvcRequestPostProcessors
extends java.lang.Object
MockMvc
RequestPostProcessor
implementations for Spring
Security.Modifier and Type | Class and Description |
---|---|
static class |
SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
Populates a valid
CsrfToken into the request. |
static class |
SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor |
static class |
SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor |
static class |
SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor |
static class |
SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor |
static class |
SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor |
static class |
SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor |
static class |
SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
Creates a
UsernamePasswordAuthenticationToken and sets the principal to be
a User and associates it to the MockHttpServletRequest . |
Modifier and Type | Method and Description |
---|---|
static org.springframework.test.web.servlet.request.RequestPostProcessor |
anonymous()
Establish a
SecurityContext that uses an
AnonymousAuthenticationToken . |
static org.springframework.test.web.servlet.request.RequestPostProcessor |
authentication(Authentication authentication)
Establish a
SecurityContext that uses the specified Authentication
for the Authentication.getPrincipal() and a custom UserDetails . |
static SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor |
csrf()
Creates a
RequestPostProcessor that will automatically populate a valid
CsrfToken in the request. |
static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor |
digest()
Creates a DigestRequestPostProcessor that enables easily adding digest based
authentication to a request.
|
static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor |
digest(java.lang.String username)
Creates a DigestRequestPostProcessor that enables easily adding digest based
authentication to a request.
|
static org.springframework.test.web.servlet.request.RequestPostProcessor |
httpBasic(java.lang.String username,
java.lang.String password)
Convenience mechanism for setting the Authorization header to use HTTP Basic with
the given username and password.
|
static SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor |
jwt()
Establish a
SecurityContext that has a JwtAuthenticationToken for
the Authentication and a Jwt for the
Authentication.getPrincipal() . |
static SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor |
oauth2Client()
Establish an
OAuth2AuthorizedClient in the session. |
static SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor |
oauth2Client(java.lang.String registrationId)
Establish an
OAuth2AuthorizedClient in the session. |
static SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor |
oauth2Login()
Establish a
SecurityContext that has a OAuth2AuthenticationToken
for the Authentication , a OAuth2User as the principal, and a
OAuth2AuthorizedClient in the session. |
static SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor |
oidcLogin()
Establish a
SecurityContext that has a OAuth2AuthenticationToken
for the Authentication , a OidcUser as the principal, and a
OAuth2AuthorizedClient in the session. |
static SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor |
opaqueToken()
Establish a
SecurityContext that has a BearerTokenAuthentication
for the Authentication and a OAuth2AuthenticatedPrincipal for the
Authentication.getPrincipal() . |
static org.springframework.test.web.servlet.request.RequestPostProcessor |
securityContext(SecurityContext securityContext)
Establish the specified
SecurityContext to be used. |
static org.springframework.test.web.servlet.request.RequestPostProcessor |
testSecurityContext()
Creates a
RequestPostProcessor that can be used to ensure that the
resulting request is ran with the user in the TestSecurityContextHolder . |
static SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor |
user(java.lang.String username)
Establish a
SecurityContext that has a
UsernamePasswordAuthenticationToken for the
Authentication.getPrincipal() and a User for the
UsernamePasswordAuthenticationToken.getPrincipal() . |
static org.springframework.test.web.servlet.request.RequestPostProcessor |
user(UserDetails user)
Establish a
SecurityContext that has a
UsernamePasswordAuthenticationToken for the
Authentication.getPrincipal() and a custom UserDetails for the
UsernamePasswordAuthenticationToken.getPrincipal() . |
static org.springframework.test.web.servlet.request.RequestPostProcessor |
x509(java.lang.String resourceName)
Finds an X509Cetificate using a resoureName and populates it on the request.
|
static org.springframework.test.web.servlet.request.RequestPostProcessor |
x509(java.security.cert.X509Certificate... certificates)
Populates the provided X509Certificate instances on the request.
|
public static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor digest()
public static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor digest(java.lang.String username)
username
- the username to usepublic static org.springframework.test.web.servlet.request.RequestPostProcessor x509(java.security.cert.X509Certificate... certificates)
certificates
- the X509Certificate instances to pouplateRequestPostProcessor
to use.public static org.springframework.test.web.servlet.request.RequestPostProcessor x509(java.lang.String resourceName) throws java.io.IOException, java.security.cert.CertificateException
resourceName
- the name of the X509Certificate resourceRequestPostProcessor
to use.java.io.IOException
java.security.cert.CertificateException
public static SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor csrf()
RequestPostProcessor
that will automatically populate a valid
CsrfToken
in the request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
for further customizations.public static org.springframework.test.web.servlet.request.RequestPostProcessor testSecurityContext()
RequestPostProcessor
that can be used to ensure that the
resulting request is ran with the user in the TestSecurityContextHolder
.RequestPostProcessor
to suepublic static SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor user(java.lang.String username)
SecurityContext
that has a
UsernamePasswordAuthenticationToken
for the
Authentication.getPrincipal()
and a User
for the
UsernamePasswordAuthenticationToken.getPrincipal()
. All details are
declarative and do not require that the user actually exists.
The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
SecurityMockMvcConfigurers.springSecurity()
SecurityContextPersistenceFilter
to the MockMvc
instance may make sense when using MockMvcBuilders standaloneSetupusername
- the username to populateSecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
for additional customizationpublic static org.springframework.test.web.servlet.request.RequestPostProcessor user(UserDetails user)
SecurityContext
that has a
UsernamePasswordAuthenticationToken
for the
Authentication.getPrincipal()
and a custom UserDetails
for the
UsernamePasswordAuthenticationToken.getPrincipal()
. All details are
declarative and do not require that the user actually exists.
The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
SecurityMockMvcConfigurers.springSecurity()
SecurityContextPersistenceFilter
to the MockMvc
instance may make sense when using MockMvcBuilders standaloneSetupuser
- the UserDetails to populateRequestPostProcessor
to usepublic static SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor jwt()
SecurityContext
that has a JwtAuthenticationToken
for
the Authentication
and a Jwt
for the
Authentication.getPrincipal()
. All details are declarative and do not
require the JWT to be valid.
The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
SecurityMockMvcConfigurers.springSecurity()
SecurityContextPersistenceFilter
to the MockMvc
instance may make sense when using MockMvcBuilders standaloneSetupSecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
for additional customizationpublic static SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor opaqueToken()
SecurityContext
that has a BearerTokenAuthentication
for the Authentication
and a OAuth2AuthenticatedPrincipal
for the
Authentication.getPrincipal()
. All details are declarative and do not
require the token to be valid
The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
SecurityMockMvcConfigurers.springSecurity()
SecurityContextPersistenceFilter
to the MockMvc
instance may make sense when using MockMvcBuilders standaloneSetupSecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
for additional customizationpublic static org.springframework.test.web.servlet.request.RequestPostProcessor authentication(Authentication authentication)
SecurityContext
that uses the specified Authentication
for the Authentication.getPrincipal()
and a custom UserDetails
. All
details are declarative and do not require that the user actually exists.
The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
SecurityMockMvcConfigurers.springSecurity()
SecurityContextPersistenceFilter
to the MockMvc
instance may make sense when using MockMvcBuilders standaloneSetupauthentication
- the Authentication to populateRequestPostProcessor
to usepublic static org.springframework.test.web.servlet.request.RequestPostProcessor anonymous()
SecurityContext
that uses an
AnonymousAuthenticationToken
. This is useful when a user wants to run a
majority of tests as a specific user and wishes to override a few methods to be
anonymous. For example:
public class SecurityTests {
@Before
public void setup() {
mockMvc = MockMvcBuilders
.webAppContextSetup(context)
.defaultRequest(get("/").with(user("user")))
.build();
}
@Test
public void anonymous() {
mockMvc.perform(get("anonymous").with(anonymous()));
}
// ... lots of tests ran with a default user ...
}
RequestPostProcessor
to usepublic static org.springframework.test.web.servlet.request.RequestPostProcessor securityContext(SecurityContext securityContext)
SecurityContext
to be used.
This works by associating the user to the HttpServletRequest
. To associate
the request to the SecurityContextHolder
you need to ensure that the
SecurityContextPersistenceFilter
(i.e. Spring Security's FilterChainProxy
will typically do this) is associated with the MockMvc
instance.
public static org.springframework.test.web.servlet.request.RequestPostProcessor httpBasic(java.lang.String username, java.lang.String password)
username
- the username to include in the Authorization header.password
- the password to include in the Authorization header.RequestPostProcessor
to usepublic static SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor oauth2Login()
SecurityContext
that has a OAuth2AuthenticationToken
for the Authentication
, a OAuth2User
as the principal, and a
OAuth2AuthorizedClient
in the session. All details are declarative and do
not require associated tokens to be valid.
The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
SecurityMockMvcConfigurers.springSecurity()
SecurityContextPersistenceFilter
to the MockMvc
instance may make sense when using MockMvcBuilders standaloneSetupSecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
for additional customizationpublic static SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor oidcLogin()
SecurityContext
that has a OAuth2AuthenticationToken
for the Authentication
, a OidcUser
as the principal, and a
OAuth2AuthorizedClient
in the session. All details are declarative and do
not require associated tokens to be valid.
The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
SecurityMockMvcConfigurers.springSecurity()
SecurityContextPersistenceFilter
to the MockMvc
instance may make sense when using MockMvcBuilders standaloneSetupSecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
for additional customizationpublic static SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor oauth2Client()
OAuth2AuthorizedClient
in the session. All details are
declarative and do not require associated tokens to be valid.
The support works by associating the authorized client to the HttpServletRequest
via the HttpSessionOAuth2AuthorizedClientRepository
SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
for additional customizationpublic static SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor oauth2Client(java.lang.String registrationId)
OAuth2AuthorizedClient
in the session. All details are
declarative and do not require associated tokens to be valid.
The support works by associating the authorized client to the HttpServletRequest
via the HttpSessionOAuth2AuthorizedClientRepository
registrationId
- The registration id for the OAuth2AuthorizedClient
SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
for additional customization