public final class SecurityMockMvcRequestPostProcessors extends Object
MockMvc RequestPostProcessor implementations for Spring
Security.| Modifier and Type | Class and Description |
|---|---|
static class |
SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
Populates a valid
CsrfToken into the request. |
static class |
SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor |
static class |
SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
Creates a
UsernamePasswordAuthenticationToken and sets the principal to be
a User and associates it to the MockHttpServletRequest. |
| Modifier and Type | Method and Description |
|---|---|
static RequestPostProcessor |
anonymous()
Establish a
SecurityContext that uses an
AnonymousAuthenticationToken. |
static RequestPostProcessor |
authentication(org.springframework.security.core.Authentication authentication)
Establish a
SecurityContext that uses the specified Authentication
for the Authentication.getPrincipal() and a custom UserDetails. |
static SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor |
csrf()
Creates a
RequestPostProcessor that will automatically populate a valid
CsrfToken in the request. |
static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor |
digest()
Creates a DigestRequestPostProcessor that enables easily adding digest based
authentication to a request.
|
static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor |
digest(String username)
Creates a DigestRequestPostProcessor that enables easily adding digest based
authentication to a request.
|
static RequestPostProcessor |
httpBasic(String username,
String password)
Convenience mechanism for setting the Authorization header to use HTTP Basic with
the given username and password.
|
static RequestPostProcessor |
securityContext(org.springframework.security.core.context.SecurityContext securityContext)
Establish the specified
SecurityContext to be used. |
static RequestPostProcessor |
testSecurityContext()
Creates a
RequestPostProcessor that can be used to ensure that the
resulting request is ran with the user in the TestSecurityContextHolder. |
static SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor |
user(String username)
Establish a
SecurityContext that has a
UsernamePasswordAuthenticationToken for the
Authentication.getPrincipal() and a User for the
UsernamePasswordAuthenticationToken.getPrincipal(). |
static RequestPostProcessor |
user(org.springframework.security.core.userdetails.UserDetails user)
Establish a
SecurityContext that has a
UsernamePasswordAuthenticationToken for the
Authentication.getPrincipal() and a custom UserDetails for the
UsernamePasswordAuthenticationToken.getPrincipal(). |
static RequestPostProcessor |
x509(String resourceName)
Finds an X509Cetificate using a resoureName and populates it on the request.
|
static RequestPostProcessor |
x509(X509Certificate... certificates)
Populates the provided X509Certificate instances on the request.
|
public static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor digest()
public static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor digest(String username)
username - the username to usepublic static RequestPostProcessor x509(X509Certificate... certificates)
certificates - the X509Certificate instances to pouplateRequestPostProcessor to use.public static RequestPostProcessor x509(String resourceName) throws IOException, CertificateException
resourceName - the name of the X509Certificate resourceRequestPostProcessor to use.IOExceptionCertificateExceptionpublic static SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor csrf()
RequestPostProcessor that will automatically populate a valid
CsrfToken in the request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor for further customizations.public static RequestPostProcessor testSecurityContext()
RequestPostProcessor that can be used to ensure that the
resulting request is ran with the user in the TestSecurityContextHolder.RequestPostProcessor to suepublic static SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor user(String username)
SecurityContext that has a
UsernamePasswordAuthenticationToken for the
Authentication.getPrincipal() and a User for the
UsernamePasswordAuthenticationToken.getPrincipal(). All details
are declarative and do not require that the user actually exists.
The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
SecurityMockMvcConfigurers.springSecurity()SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetupusername - the username to populateSecurityMockMvcRequestPostProcessors.UserRequestPostProcessor for additional customizationpublic static RequestPostProcessor user(org.springframework.security.core.userdetails.UserDetails user)
SecurityContext that has a
UsernamePasswordAuthenticationToken for the
Authentication.getPrincipal() and a custom UserDetails for the
UsernamePasswordAuthenticationToken.getPrincipal(). All details are
declarative and do not require that the user actually exists.
The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
SecurityMockMvcConfigurers.springSecurity()SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetupuser - the UserDetails to populateRequestPostProcessor to usepublic static RequestPostProcessor authentication(org.springframework.security.core.Authentication authentication)
SecurityContext that uses the specified Authentication
for the Authentication.getPrincipal() and a custom UserDetails. All
details are declarative and do not require that the user actually exists.
The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. A few ways to do this are:
SecurityMockMvcConfigurers.springSecurity()SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders standaloneSetupauthentication - the Authentication to populateRequestPostProcessor to usepublic static RequestPostProcessor anonymous()
SecurityContext that uses an
AnonymousAuthenticationToken. This is useful when a user wants to
run a majority of tests as a specific user and wishes to override a few
methods to be anonymous. For example:
public class SecurityTests {
@Before
public void setup() {
mockMvc = MockMvcBuilders
.webAppContextSetup(context)
.defaultRequest(get("/").with(user("user")))
.build();
}
@Test
public void anonymous() {
mockMvc.perform(get("anonymous").with(anonymous()));
}
// ... lots of tests ran with a default user ...
}
RequestPostProcessor to usepublic static RequestPostProcessor securityContext(org.springframework.security.core.context.SecurityContext securityContext)
SecurityContext to be used.
This works by associating the user to the HttpServletRequest. To
associate the request to the SecurityContextHolder you need to
ensure that the SecurityContextPersistenceFilter (i.e. Spring
Security's FilterChainProxy will typically do this) is associated with
the MockMvc instance.
public static RequestPostProcessor httpBasic(String username, String password)
username - the username to include in the Authorization header.password - the password to include in the Authorization header.RequestPostProcessor to use