Package org.springframework.security.test.web.servlet.request

Class SecurityMockMvcRequestPostProcessors

  • public final class SecurityMockMvcRequestPostProcessors
extends java.lang.Object
    Contains MockMvc RequestPostProcessor implementations for Spring Security.
    Since:
    4.0

    • Method Detail

      • digest

        public static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor digest​(java.lang.String username)
        Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.
        Parameters:
        username - the username to use
        Returns:
        the DigestRequestPostProcessor to use

      • x509

        public static org.springframework.test.web.servlet.request.RequestPostProcessor x509​(java.security.cert.X509Certificate... certificates)
        Populates the provided X509Certificate instances on the request.
        Parameters:
        certificates - the X509Certificate instances to pouplate
        Returns:
        the RequestPostProcessor to use.

      • x509

        public static org.springframework.test.web.servlet.request.RequestPostProcessor x509​(java.lang.String resourceName)
                                                                              throws java.io.IOException,
                                                                                     java.security.cert.CertificateException
        Finds an X509Cetificate using a resoureName and populates it on the request.
        Parameters:
        resourceName - the name of the X509Certificate resource
        Returns:
        the RequestPostProcessor to use.
        Throws:
        java.io.IOException
        java.security.cert.CertificateException

      • testSecurityContext

        public static org.springframework.test.web.servlet.request.RequestPostProcessor testSecurityContext()
        Creates a RequestPostProcessor that can be used to ensure that the resulting request is ran with the user in the TestSecurityContextHolder.
        Returns:
        the RequestPostProcessor to sue

      • user

        public static SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor user​(java.lang.String username)
        Establish a SecurityContext that has a UsernamePasswordAuthenticationToken for the Authentication.getPrincipal() and a User for the UsernamePasswordAuthenticationToken.getPrincipal(). All details are declarative and do not require that the user actually exists.

        The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

        • Invoking apply SecurityMockMvcConfigurers.springSecurity()
        • Adding Spring Security's FilterChainProxy to MockMvc
        • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
        Parameters:
        username - the username to populate
        Returns:
        the SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor for additional customization

      • user

        public static org.springframework.test.web.servlet.request.RequestPostProcessor user​(org.springframework.security.core.userdetails.UserDetails user)
        Establish a SecurityContext that has a UsernamePasswordAuthenticationToken for the Authentication.getPrincipal() and a custom UserDetails for the UsernamePasswordAuthenticationToken.getPrincipal(). All details are declarative and do not require that the user actually exists.

        The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

        • Invoking apply SecurityMockMvcConfigurers.springSecurity()
        • Adding Spring Security's FilterChainProxy to MockMvc
        • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
        Parameters:
        user - the UserDetails to populate
        Returns:
        the RequestPostProcessor to use

      • jwt

        public static SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor jwt()
        Establish a SecurityContext that has a JwtAuthenticationToken for the Authentication and a Jwt for the Authentication.getPrincipal(). All details are declarative and do not require the JWT to be valid.

        The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

        • Invoking apply SecurityMockMvcConfigurers.springSecurity()
        • Adding Spring Security's FilterChainProxy to MockMvc
        • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
        Returns:
        the SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor for additional customization

      • opaqueToken

        public static SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor opaqueToken()
        Establish a SecurityContext that has a BearerTokenAuthentication for the Authentication and a OAuth2AuthenticatedPrincipal for the Authentication.getPrincipal(). All details are declarative and do not require the token to be valid

        The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

        • Invoking apply SecurityMockMvcConfigurers.springSecurity()
        • Adding Spring Security's FilterChainProxy to MockMvc
        • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
        Returns:
        the SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor for additional customization
        Since:
        5.3

      • authentication

        public static org.springframework.test.web.servlet.request.RequestPostProcessor authentication​(org.springframework.security.core.Authentication authentication)
        Establish a SecurityContext that uses the specified Authentication for the Authentication.getPrincipal() and a custom UserDetails. All details are declarative and do not require that the user actually exists.

        The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

        • Invoking apply SecurityMockMvcConfigurers.springSecurity()
        • Adding Spring Security's FilterChainProxy to MockMvc
        • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
        Parameters:
        authentication - the Authentication to populate
        Returns:
        the RequestPostProcessor to use

      • anonymous

        public static org.springframework.test.web.servlet.request.RequestPostProcessor anonymous()
        Establish a SecurityContext that uses an AnonymousAuthenticationToken. This is useful when a user wants to run a majority of tests as a specific user and wishes to override a few methods to be anonymous. For example: 
         
 public class SecurityTests {
     @Before
     public void setup() {
         mockMvc = MockMvcBuilders
             .webAppContextSetup(context)
             .defaultRequest(get("/").with(user("user")))
             .build();
     }

     @Test
     public void anonymous() {
         mockMvc.perform(get("anonymous").with(anonymous()));
     }
     // ... lots of tests ran with a default user ...
 }
        Returns:
        the RequestPostProcessor to use

      • securityContext

        public static org.springframework.test.web.servlet.request.RequestPostProcessor securityContext​(org.springframework.security.core.context.SecurityContext securityContext)
        Establish the specified SecurityContext to be used.

        This works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter (i.e. Spring Security's FilterChainProxy will typically do this) is associated with the MockMvc instance.

      • httpBasic

        public static org.springframework.test.web.servlet.request.RequestPostProcessor httpBasic​(java.lang.String username,
                                                                                          java.lang.String password)
        Convenience mechanism for setting the Authorization header to use HTTP Basic with the given username and password. This method will automatically perform the necessary Base64 encoding.
        Parameters:
        username - the username to include in the Authorization header.
        password - the password to include in the Authorization header.
        Returns:
        the RequestPostProcessor to use

      • oauth2Login

        public static SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor oauth2Login()
        Establish a SecurityContext that has a OAuth2AuthenticationToken for the Authentication, a OAuth2User as the principal, and a OAuth2AuthorizedClient in the session. All details are declarative and do not require associated tokens to be valid.

        The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

        • Invoking apply SecurityMockMvcConfigurers.springSecurity()
        • Adding Spring Security's FilterChainProxy to MockMvc
        • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
        Returns:
        the SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor for additional customization
        Since:
        5.3

      • oidcLogin

        public static SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor oidcLogin()
        Establish a SecurityContext that has a OAuth2AuthenticationToken for the Authentication, a OidcUser as the principal, and a OAuth2AuthorizedClient in the session. All details are declarative and do not require associated tokens to be valid.

        The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

        • Invoking apply SecurityMockMvcConfigurers.springSecurity()
        • Adding Spring Security's FilterChainProxy to MockMvc
        • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
        Returns:
        the SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor for additional customization
        Since:
        5.3