Class SecurityMockMvcRequestPostProcessors
MockMvc
RequestPostProcessor
implementations for Spring
Security.- Since:
- 4.0
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic final class
Populates a validCsrfToken
into the request.static class
static final class
static final class
static final class
static final class
static final class
static final class
Creates aUsernamePasswordAuthenticationToken
and sets the principal to be aUser
and associates it to theMockHttpServletRequest
. -
Method Summary
Modifier and TypeMethodDescriptionstatic org.springframework.test.web.servlet.request.RequestPostProcessor
Establish aSecurityContext
that uses anAnonymousAuthenticationToken
.static org.springframework.test.web.servlet.request.RequestPostProcessor
authentication
(Authentication authentication) Establish aSecurityContext
that uses the specifiedAuthentication
for theAuthentication.getPrincipal()
and a customUserDetails
.csrf()
Creates aRequestPostProcessor
that will automatically populate a validCsrfToken
in the request.digest()
Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.static org.springframework.test.web.servlet.request.RequestPostProcessor
Convenience mechanism for setting the Authorization header to use HTTP Basic with the given username and password.jwt()
Establish aSecurityContext
that has aJwtAuthenticationToken
for theAuthentication
and aJwt
for theAuthentication.getPrincipal()
.Establish anOAuth2AuthorizedClient
in the session.oauth2Client
(String registrationId) Establish anOAuth2AuthorizedClient
in the session.Establish aSecurityContext
that has aOAuth2AuthenticationToken
for theAuthentication
, aOAuth2User
as the principal, and aOAuth2AuthorizedClient
in the session.Establish aSecurityContext
that has aOAuth2AuthenticationToken
for theAuthentication
, aOidcUser
as the principal, and aOAuth2AuthorizedClient
in the session.Establish aSecurityContext
that has aBearerTokenAuthentication
for theAuthentication
and aOAuth2AuthenticatedPrincipal
for theAuthentication.getPrincipal()
.static org.springframework.test.web.servlet.request.RequestPostProcessor
securityContext
(SecurityContext securityContext) Establish the specifiedSecurityContext
to be used.static org.springframework.test.web.servlet.request.RequestPostProcessor
Creates aRequestPostProcessor
that can be used to ensure that the resulting request is ran with the user in theTestSecurityContextHolder
.Establish aSecurityContext
that has aUsernamePasswordAuthenticationToken
for theAuthentication.getPrincipal()
and aUser
for theUsernamePasswordAuthenticationToken.getPrincipal()
.static org.springframework.test.web.servlet.request.RequestPostProcessor
user
(UserDetails user) Establish aSecurityContext
that has aUsernamePasswordAuthenticationToken
for theAuthentication.getPrincipal()
and a customUserDetails
for theUsernamePasswordAuthenticationToken.getPrincipal()
.static org.springframework.test.web.servlet.request.RequestPostProcessor
Finds an X509Cetificate using a resoureName and populates it on the request.static org.springframework.test.web.servlet.request.RequestPostProcessor
x509
(X509Certificate... certificates) Populates the provided X509Certificate instances on the request.
-
Method Details
-
digest
Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.- Returns:
- the DigestRequestPostProcessor to use
-
digest
public static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor digest(String username) Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.- Parameters:
username
- the username to use- Returns:
- the DigestRequestPostProcessor to use
-
x509
public static org.springframework.test.web.servlet.request.RequestPostProcessor x509(X509Certificate... certificates) Populates the provided X509Certificate instances on the request.- Parameters:
certificates
- the X509Certificate instances to pouplate- Returns:
- the
RequestPostProcessor
to use.
-
x509
public static org.springframework.test.web.servlet.request.RequestPostProcessor x509(String resourceName) throws IOException, CertificateException Finds an X509Cetificate using a resoureName and populates it on the request.- Parameters:
resourceName
- the name of the X509Certificate resource- Returns:
- the
RequestPostProcessor
to use. - Throws:
IOException
CertificateException
-
csrf
Creates aRequestPostProcessor
that will automatically populate a validCsrfToken
in the request.- Returns:
- the
SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
for further customizations.
-
testSecurityContext
public static org.springframework.test.web.servlet.request.RequestPostProcessor testSecurityContext()Creates aRequestPostProcessor
that can be used to ensure that the resulting request is ran with the user in theTestSecurityContextHolder
.- Returns:
- the
RequestPostProcessor
to use
-
user
Establish aSecurityContext
that has aUsernamePasswordAuthenticationToken
for theAuthentication.getPrincipal()
and aUser
for theUsernamePasswordAuthenticationToken.getPrincipal()
. All details are declarative and do not require that the user actually exists.The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
- Invoking apply
SecurityMockMvcConfigurers.springSecurity()
- Adding Spring Security's FilterChainProxy to MockMvc
- Manually adding
SecurityContextPersistenceFilter
to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
- Parameters:
username
- the username to populate- Returns:
- the
SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
for additional customization
- Invoking apply
-
user
public static org.springframework.test.web.servlet.request.RequestPostProcessor user(UserDetails user) Establish aSecurityContext
that has aUsernamePasswordAuthenticationToken
for theAuthentication.getPrincipal()
and a customUserDetails
for theUsernamePasswordAuthenticationToken.getPrincipal()
. All details are declarative and do not require that the user actually exists.The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
- Invoking apply
SecurityMockMvcConfigurers.springSecurity()
- Adding Spring Security's FilterChainProxy to MockMvc
- Manually adding
SecurityContextPersistenceFilter
to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
- Parameters:
user
- the UserDetails to populate- Returns:
- the
RequestPostProcessor
to use
- Invoking apply
-
jwt
Establish aSecurityContext
that has aJwtAuthenticationToken
for theAuthentication
and aJwt
for theAuthentication.getPrincipal()
. All details are declarative and do not require the JWT to be valid.The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
- Invoking apply
SecurityMockMvcConfigurers.springSecurity()
- Adding Spring Security's FilterChainProxy to MockMvc
- Manually adding
SecurityContextPersistenceFilter
to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
- Returns:
- the
SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
for additional customization
- Invoking apply
-
opaqueToken
Establish aSecurityContext
that has aBearerTokenAuthentication
for theAuthentication
and aOAuth2AuthenticatedPrincipal
for theAuthentication.getPrincipal()
. All details are declarative and do not require the token to be validThe support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
- Invoking apply
SecurityMockMvcConfigurers.springSecurity()
- Adding Spring Security's FilterChainProxy to MockMvc
- Manually adding
SecurityContextPersistenceFilter
to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
- Returns:
- the
SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
for additional customization - Since:
- 5.3
- Invoking apply
-
authentication
public static org.springframework.test.web.servlet.request.RequestPostProcessor authentication(Authentication authentication) Establish aSecurityContext
that uses the specifiedAuthentication
for theAuthentication.getPrincipal()
and a customUserDetails
. All details are declarative and do not require that the user actually exists.The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
- Invoking apply
SecurityMockMvcConfigurers.springSecurity()
- Adding Spring Security's FilterChainProxy to MockMvc
- Manually adding
SecurityContextPersistenceFilter
to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
- Parameters:
authentication
- the Authentication to populate- Returns:
- the
RequestPostProcessor
to use
- Invoking apply
-
anonymous
public static org.springframework.test.web.servlet.request.RequestPostProcessor anonymous()Establish aSecurityContext
that uses anAnonymousAuthenticationToken
. This is useful when a user wants to run a majority of tests as a specific user and wishes to override a few methods to be anonymous. For example:public class SecurityTests { @Before public void setup() { mockMvc = MockMvcBuilders .webAppContextSetup(context) .defaultRequest(get("/").with(user("user"))) .build(); } @Test public void anonymous() { mockMvc.perform(get("anonymous").with(anonymous())); } // ... lots of tests ran with a default user ... }
- Returns:
- the
RequestPostProcessor
to use
-
securityContext
public static org.springframework.test.web.servlet.request.RequestPostProcessor securityContext(SecurityContext securityContext) Establish the specifiedSecurityContext
to be used.This works by associating the user to the
HttpServletRequest
. To associate the request to theSecurityContextHolder
you need to ensure that theSecurityContextPersistenceFilter
(i.e. Spring Security's FilterChainProxy will typically do this) is associated with theMockMvc
instance. -
httpBasic
public static org.springframework.test.web.servlet.request.RequestPostProcessor httpBasic(String username, String password) Convenience mechanism for setting the Authorization header to use HTTP Basic with the given username and password. This method will automatically perform the necessary Base64 encoding.- Parameters:
username
- the username to include in the Authorization header.password
- the password to include in the Authorization header.- Returns:
- the
RequestPostProcessor
to use
-
oauth2Login
Establish aSecurityContext
that has aOAuth2AuthenticationToken
for theAuthentication
, aOAuth2User
as the principal, and aOAuth2AuthorizedClient
in the session. All details are declarative and do not require associated tokens to be valid.The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
- Invoking apply
SecurityMockMvcConfigurers.springSecurity()
- Adding Spring Security's FilterChainProxy to MockMvc
- Manually adding
SecurityContextPersistenceFilter
to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
- Returns:
- the
SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
for additional customization - Since:
- 5.3
- Invoking apply
-
oidcLogin
Establish aSecurityContext
that has aOAuth2AuthenticationToken
for theAuthentication
, aOidcUser
as the principal, and aOAuth2AuthorizedClient
in the session. All details are declarative and do not require associated tokens to be valid.The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
- Invoking apply
SecurityMockMvcConfigurers.springSecurity()
- Adding Spring Security's FilterChainProxy to MockMvc
- Manually adding
SecurityContextPersistenceFilter
to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
- Returns:
- the
SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
for additional customization - Since:
- 5.3
- Invoking apply
-
oauth2Client
Establish anOAuth2AuthorizedClient
in the session. All details are declarative and do not require associated tokens to be valid.The support works by associating the authorized client to the HttpServletRequest using an
OAuth2AuthorizedClientRepository
- Returns:
- the
SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
for additional customization - Since:
- 5.3
-
oauth2Client
public static SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor oauth2Client(String registrationId) Establish anOAuth2AuthorizedClient
in the session. All details are declarative and do not require associated tokens to be valid.The support works by associating the authorized client to the HttpServletRequest using an
OAuth2AuthorizedClientRepository
- Parameters:
registrationId
- The registration id for theOAuth2AuthorizedClient
- Returns:
- the
SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
for additional customization - Since:
- 5.3
-