Package org.springframework.security.test.web.servlet.request

Class SecurityMockMvcRequestPostProcessors

java.lang.Object
org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
public final class SecurityMockMvcRequestPostProcessors extends Object
Contains MockMvc RequestPostProcessor implementations for Spring Security.
Since:
4.0

  • Method Details

    • digest

      public static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor digest()
      Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.
      Returns:
      the DigestRequestPostProcessor to use

    • digest

      public static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor digest(String username)
      Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.
      Parameters:
      username - the username to use
      Returns:
      the DigestRequestPostProcessor to use

    • x509

      public static org.springframework.test.web.servlet.request.RequestPostProcessor x509(X509Certificate... certificates)
      Populates the provided X509Certificate instances on the request.
      Parameters:
      certificates - the X509Certificate instances to pouplate
      Returns:
      the RequestPostProcessor to use.

    • x509

      public static org.springframework.test.web.servlet.request.RequestPostProcessor x509(String resourceName) throws IOException, CertificateException
      Finds an X509Cetificate using a resoureName and populates it on the request.
      Parameters:
      resourceName - the name of the X509Certificate resource
      Returns:
      the RequestPostProcessor to use.
      Throws:
      IOException
      CertificateException

    • csrf

      public static SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor csrf()
      Creates a RequestPostProcessor that will automatically populate a valid CsrfToken in the request.
      Returns:
      the SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor for further customizations.

    • testSecurityContext

      public static org.springframework.test.web.servlet.request.RequestPostProcessor testSecurityContext()
      Creates a RequestPostProcessor that can be used to ensure that the resulting request is ran with the user in the TestSecurityContextHolder.
      Returns:
      the RequestPostProcessor to use

    • user

      public static SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor user(String username)
      Establish a SecurityContext that has a UsernamePasswordAuthenticationToken for the Authentication.getPrincipal() and a User for the UsernamePasswordAuthenticationToken.getPrincipal(). All details are declarative and do not require that the user actually exists.

      The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

      • Invoking apply SecurityMockMvcConfigurers.springSecurity()
      • Adding Spring Security's FilterChainProxy to MockMvc
      • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
      Parameters:
      username - the username to populate
      Returns:
      the SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor for additional customization

    • user

      public static org.springframework.test.web.servlet.request.RequestPostProcessor user(org.springframework.security.core.userdetails.UserDetails user)
      Establish a SecurityContext that has a UsernamePasswordAuthenticationToken for the Authentication.getPrincipal() and a custom UserDetails for the UsernamePasswordAuthenticationToken.getPrincipal(). All details are declarative and do not require that the user actually exists.

      The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

      • Invoking apply SecurityMockMvcConfigurers.springSecurity()
      • Adding Spring Security's FilterChainProxy to MockMvc
      • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
      Parameters:
      user - the UserDetails to populate
      Returns:
      the RequestPostProcessor to use

    • jwt

      public static SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor jwt()
      Establish a SecurityContext that has a JwtAuthenticationToken for the Authentication and a Jwt for the Authentication.getPrincipal(). All details are declarative and do not require the JWT to be valid.

      The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

      • Invoking apply SecurityMockMvcConfigurers.springSecurity()
      • Adding Spring Security's FilterChainProxy to MockMvc
      • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
      Returns:
      the SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor for additional customization

    • opaqueToken

      public static SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor opaqueToken()
      Establish a SecurityContext that has a BearerTokenAuthentication for the Authentication and a OAuth2AuthenticatedPrincipal for the Authentication.getPrincipal(). All details are declarative and do not require the token to be valid

      The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

      • Invoking apply SecurityMockMvcConfigurers.springSecurity()
      • Adding Spring Security's FilterChainProxy to MockMvc
      • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
      Returns:
      the SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor for additional customization
      Since:
      5.3

    • authentication

      public static org.springframework.test.web.servlet.request.RequestPostProcessor authentication(org.springframework.security.core.Authentication authentication)
      Establish a SecurityContext that uses the specified Authentication for the Authentication.getPrincipal() and a custom UserDetails. All details are declarative and do not require that the user actually exists.

      The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

      • Invoking apply SecurityMockMvcConfigurers.springSecurity()
      • Adding Spring Security's FilterChainProxy to MockMvc
      • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
      Parameters:
      authentication - the Authentication to populate
      Returns:
      the RequestPostProcessor to use

    • anonymous

      public static org.springframework.test.web.servlet.request.RequestPostProcessor anonymous()
      Establish a SecurityContext that uses an AnonymousAuthenticationToken. This is useful when a user wants to run a majority of tests as a specific user and wishes to override a few methods to be anonymous. For example: 
       
 public class SecurityTests {
     @Before
     public void setup() {
         mockMvc = MockMvcBuilders
             .webAppContextSetup(context)
             .defaultRequest(get("/").with(user("user")))
             .build();
     }

     @Test
     public void anonymous() {
         mockMvc.perform(get("anonymous").with(anonymous()));
     }
     // ... lots of tests ran with a default user ...
 }
      Returns:
      the RequestPostProcessor to use

    • securityContext

      public static org.springframework.test.web.servlet.request.RequestPostProcessor securityContext(org.springframework.security.core.context.SecurityContext securityContext)
      Establish the specified SecurityContext to be used.

      This works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter (i.e. Spring Security's FilterChainProxy will typically do this) is associated with the MockMvc instance.

    • httpBasic

      public static org.springframework.test.web.servlet.request.RequestPostProcessor httpBasic(String username, String password)
      Convenience mechanism for setting the Authorization header to use HTTP Basic with the given username and password. This method will automatically perform the necessary Base64 encoding.
      Parameters:
      username - the username to include in the Authorization header.
      password - the password to include in the Authorization header.
      Returns:
      the RequestPostProcessor to use

    • oauth2Login

      public static SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor oauth2Login()
      Establish a SecurityContext that has a OAuth2AuthenticationToken for the Authentication, a OAuth2User as the principal, and a OAuth2AuthorizedClient in the session. All details are declarative and do not require associated tokens to be valid.

      The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

      • Invoking apply SecurityMockMvcConfigurers.springSecurity()
      • Adding Spring Security's FilterChainProxy to MockMvc
      • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
      Returns:
      the SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor for additional customization
      Since:
      5.3

    • oidcLogin

      public static SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor oidcLogin()
      Establish a SecurityContext that has a OAuth2AuthenticationToken for the Authentication, a OidcUser as the principal, and a OAuth2AuthorizedClient in the session. All details are declarative and do not require associated tokens to be valid.

      The support works by associating the authentication to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:

      • Invoking apply SecurityMockMvcConfigurers.springSecurity()
      • Adding Spring Security's FilterChainProxy to MockMvc
      • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetup
      Returns:
      the SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor for additional customization
      Since:
      5.3

    • oauth2Client

      public static SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor oauth2Client()
      Establish an OAuth2AuthorizedClient in the session. All details are declarative and do not require associated tokens to be valid.

      The support works by associating the authorized client to the HttpServletRequest using an OAuth2AuthorizedClientRepository

      Returns:
      the SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor for additional customization
      Since:
      5.3

    • oauth2Client

      public static SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor oauth2Client(String registrationId)
      Establish an OAuth2AuthorizedClient in the session. All details are declarative and do not require associated tokens to be valid.

      The support works by associating the authorized client to the HttpServletRequest using an OAuth2AuthorizedClientRepository

      Parameters:
      registrationId - The registration id for the OAuth2AuthorizedClient
      Returns:
      the SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor for additional customization
      Since:
      5.3