java - Spring Boot testing with Spring Security. How does one launch an alternative security config? -

-

my spring boot application has application class. when run (as application), launches within embedded servlet container (tomcat, in case). somehow (through application's @annotations, suppose), websecurityconfig (extending websecurityconfigureradapter) in same package loaded.

websecurityconfig contains 2 important blocks of configuration information:

@configuration @order(securityproperties.access_override_order) @enableglobalmethodsecurity(prepostenabled = true) // enables method-level role-checking public class websecurityconfig extends websecurityconfigureradapter {      @autowired     public void configureglobal(authenticationmanagerbuilder auth) throws exception {       auth          .ldapauthentication()          .usersearchbase("cn=users,dc=some,dc=domain,dc=com")             .usersearchfilter("(samaccountname={0})")          .groupsearchbase("ou=groups,dc=some,dc=domain,dc=com")                           .groupsearchfilter("(member={0})")          .contextsource()             .managerdn("cn=ad-bind,cn=users,dc=some,dc=domain,dc=com")             .managerpassword("apassword!")              .url("ldaps://some.domain.com:636");     }      @override     protected void configure(httpsecurity http) throws exception {          system.out.println("***************** websecurityconfig.configure *************************");          http.csrf().disable();           http             .headers()                 .frameoptions()                     .disable();           http                 .authorizerequests()                     .antmatchers("/resources/images/*", "/me", "/products", "/product/**", "/offerings", "/offering/**", "/client/**")                             .permitall()                     .anyrequest().authenticated()                     .and()                     .formlogin()                     .loginpage("/login").defaultsuccessurl("/me")                     .permitall()                     .and()                     .logout()                     .permitall();           http.logout().logoutsuccessurl("/me");     } }

configureglobal() contains configuration our internal ldap system , works fine.

configure() specifies urls public, shown logged-in users , relative urls send users log in.

now i'm integration testing , have written methods test controllers not require authentication. tests work expected. application class fires , tests execute against it.

but want test controller methods require authentication. way think accomplished telling test class fire alternative application class (testapplication, in case) , websecurityconfig creates dummy users:

@runwith(springjunit4classrunner.class) @springapplicationconfiguration(classes = testapplication.class) // fires testapplication.class instead of application.class @webappconfiguration public class productcontrollertests {     // test methods here, time username/password included }  @configuration @enableautoconfiguration public class testapplication extends springbootservletinitializer {      public static void main(string[] args) {         springapplication.run(applicationclass, args);     }      @override     protected springapplicationbuilder configure(springapplicationbuilder application) {         return application.sources(applicationclass);     }      private static class<testapplication> applicationclass = testapplication.class;  }  @configuration @order(securityproperties.access_override_order) @enableglobalmethodsecurity(prepostenabled = true) public class websecurityconfig extends websecurityconfigureradapter {      @autowired     public void configureglobal(authenticationmanagerbuilder auth) throws exception {       auth.inmemoryauthentication().withuser("testuser").password("userpass").roles("user");       auth.inmemoryauthentication().withuser("testadmin").password("adminpass").roles("admin");     }      @override     protected void configure(httpsecurity http) throws exception {          system.out.println("***************** websecurityconfig.configure *************************");          http.csrf().disable();           http             .headers()                 .frameoptions()                     .disable();           http                 .authorizerequests()                     .antmatchers("/resources/images/*", "/me", "/products", "/product/**", "/offerings", "/offering/**", "/client/**")                             .permitall()                     .anyrequest().authenticated()                     .and()                     .formlogin()                     .loginpage("/login").defaultsuccessurl("/me")                     .permitall()                     .and()                     .logout()                     .permitall();           http.logout().logoutsuccessurl("/me");     } }

so question is: when execute unit test class, believe testapplication firing. however, not picking alternative websecurityconfig class , auth.inmemoryauthentication() test users. how force application use 1 websecurityconfig when running application normally, different websecurityconfig when running unit tests?

you can configure testapplication include beans test. in other words, make sure websecurityconfig not part of test configuration. if read javadoc of @springbootapplication notice composite annotation consists of (among others) @componentscan annotation. consequently application , testapplication perform recursive scan package in class located. spring reference docs has specific chapter using filters customize scanning.

alternatively, if using spring security version 4 or greater may find additions of @withmockuser , @withuserdetails interesting.


Comments

Post a Comment

Popular posts from this blog

python - TypeError: start must be a integer -

-
i trying draw 5 turtles, getting typeerror on line 25. here code: import turtle wn = turtle.screen() redrose = turtle.turtle() color = input("what background color be?") fillcolor_f = input("what color of rose be?") redrose.hideturtle() redrose.speed(30) redrose.penup() redrose.left(180) redrose.forward(175) redrose.right(90) redrose.forward(30) redrose.right(90) redrose.pendown() def drawrose(red): redrose.color("pink") redrose.fillcolor(fillcolor_f) redrose.fill(true) in range(red): redrose.forward(i) redrose.right(49) in range(5): drawrose(redrose) redrose.penup() redrose.forward(350) redrose.right(144) redrose.pendown() redrose.fill(false) drawrose(50) wn.bgcolor(color) i trying draw 5 roses, produces errors. doing in interactivepython.org. you recursively calling drawrose wrong parameter. on line 23 ( for in range(red): ) expect red integer...
Read more

c# - DevExpress RepositoryItemComboBox BackColor property ignored -

-
i have following code almost works properly; private void cbstatus_drawitem(object sender, listboxdrawitemeventargs e) { string item = e.item string; if (item != null) { switch (item) { case "1": e.appearance.forecolor = color.green; e.appearance.backcolor = color.green; break; case "2": e.appearance.forecolor = color.orange; e.appearance.backcolor = color.orange; break; case "3": e.appearance.forecolor = color.red; e.appearance.backcolor = color.red; break; } } } when dropdown shown, items forecolor correct, backcolor remains whatever backcolor of theme is; i.e. if i've got set dark theme, backcolor dark, cells in gridview, rather being green/orange/red. i've tried setting e.appearance.options.usebackcolor trying set e....
Read more

django - Creating multiple model instances in DRF3 -

-
1) create multiple model instances 1 api call, asked here: how create multiple model instances django rest framework? tried solution named in link, no success. i trying upload multiple files in 1 api call. result: files uploaded (only once overwrote perform_create) 1 instance created (if send 2 files, latter created instance). my code: class fileuploadserializer(serializers.modelserializer): def __init__(self, *args, **kwargs): many = kwargs.pop('many', true) super(fileuploadserializer, self).__init__(many=many, *args, **kwargs) class meta: model = fileupload read_only_fields = ('created', 'datafile', 'owner') class fileuploadviewset(viewsets.modelviewset): queryset = fileupload.objects.all() serializer_class = fileuploadserializer parser_classes = (multipartparser, formparser, ) def perform_create(self, serializer): file_list = self.request.data.getlist('file') ...
Read more