| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153 |
- == SecurityMockMvcResultMatchers
- At times it is desirable to make various security related assertions about a request.
- To accommodate this need, Spring Security Test support implements Spring MVC Test's `ResultMatcher` interface.
- In order to use Spring Security's `ResultMatcher` implementations ensure the following static import is used:
- ====
- .Java
- [source,java,role="primary"]
- ----
- import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.*;
- ----
- .Kotlin
- [source,kotlin,role="secondary"]
- ----
- import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.*
- ----
- ====
- === Unauthenticated Assertion
- At times it may be valuable to assert that there is no authenticated user associated with the result of a `MockMvc` invocation.
- For example, you might want to test submitting an invalid username and password and verify that no user is authenticated.
- You can easily do this with Spring Security's testing support using something like the following:
- ====
- .Java
- [source,java,role="primary"]
- ----
- mvc
- .perform(formLogin().password("invalid"))
- .andExpect(unauthenticated());
- ----
- .Kotlin
- [source,kotlin,role="secondary"]
- ----
- mvc
- .perform(formLogin().password("invalid"))
- .andExpect { unauthenticated() }
- ----
- ====
- === Authenticated Assertion
- It is often times that we must assert that an authenticated user exists.
- For example, we may want to verify that we authenticated successfully.
- We could verify that a form based login was successful with the following snippet of code:
- ====
- .Java
- [source,java,role="primary"]
- ----
- mvc
- .perform(formLogin())
- .andExpect(authenticated());
- ----
- .Kotlin
- [source,kotlin,role="secondary"]
- ----
- mvc
- .perform(formLogin())
- .andExpect { authenticated() }
- ----
- ====
- If we wanted to assert the roles of the user, we could refine our previous code as shown below:
- ====
- .Java
- [source,java,role="primary"]
- ----
- mvc
- .perform(formLogin().user("admin"))
- .andExpect(authenticated().withRoles("USER","ADMIN"));
- ----
- .Kotlin
- [source,kotlin,role="secondary"]
- ----
- mvc
- .perform(formLogin())
- .andExpect { authenticated().withRoles("USER","ADMIN") }
- ----
- ====
- Alternatively, we could verify the username:
- ====
- .Java
- [source,java,role="primary"]
- ----
- mvc
- .perform(formLogin().user("admin"))
- .andExpect(authenticated().withUsername("admin"));
- ----
- .Kotlin
- [source,kotlin,role="secondary"]
- ----
- mvc
- .perform(formLogin().user("admin"))
- .andExpect { authenticated().withUsername("admin") }
- ----
- ====
- We can also combine the assertions:
- ====
- .Java
- [source,java,role="primary"]
- ----
- mvc
- .perform(formLogin().user("admin"))
- .andExpect(authenticated().withUsername("admin").withRoles("USER", "ADMIN"));
- ----
- .Kotlin
- [source,kotlin,role="secondary"]
- ----
- mvc
- .perform(formLogin().user("admin"))
- .andExpect { authenticated().withUsername("admin").withRoles("USER", "ADMIN") }
- ----
- ====
- We can also make arbitrary assertions on the authentication
- ====
- .Java
- [source,java,role="primary"]
- ----
- mvc
- .perform(formLogin())
- .andExpect(authenticated().withAuthentication(auth ->
- assertThat(auth).isInstanceOf(UsernamePasswordAuthenticationToken.class)));
- ----
- .Kotlin
- [source,kotlin,role="secondary"]
- ----
- mvc
- .perform(formLogin())
- .andExpect {
- authenticated().withAuthentication { auth ->
- assertThat(auth).isInstanceOf(UsernamePasswordAuthenticationToken::class.java) }
- }
- }
- ----
- ====
|
