Set properties for principal in @WithMockAuthentication

[ancavar]

I stumbled upon the issue that I have a class implementing UserDetails and some controller accesses its through authentication.getPrincipal() and its logic depends on some field from it. Is it possible and viable to implement such feature? Or maybe I'm missing some easier method to do it? I know about @WithUserDetails but I don't want the overhead and complications of working with a database.

[ch4mpy]

@ancavar I had missed this question, sorry.

Unfortunately, Authentication#principal is an Object, so, there is no easy way I know to configure it with test annotations.

All you can do is:

• use another annotation (like @WithMockUser, @WithJwt, @WithOpaqueToken, @WithOAuth2Login or @WithOidcLogin)
• stick with @WithMockAuthentication and hand-configure the Authentication mock with something like that:

@Test
@WithMockAuthentication(authType = UsernamePasswordAuthenticationToken.class, principalType = UserDetails.class, authorities = "ROLE_AUTHORIZED_PERSONNEL", name = "Ch4mp")
void givenUserIsAuthenticatedWithMockedAuthenticationAndGrantedWithAuthorizedPersonnel_whenGetSecret_thenReturnsSecret() {
    final var userDetails = defaultUserDetails();

    ...
}

private UserDetails defaultUserDetails() {
    // This cast is safe if you used "principalType = UserDetails.class" in test annotation
    final var userDetails = (UserDetails) TestSecurityContextHolder.getContext().getAuthentication().getPrincipal();
    when(userDetails.getAuthorities()).thenReturn((Collection) TestSecurityContextHolder.getContext().getAuthentication().getAuthorities());
    when(userDetails.getUsername()).thenReturn(TestSecurityContextHolder.getContext().getAuthentication().getName());
    when(userDetails.isAccountNonExpired()).thenReturn(true);
    when(userDetails.isAccountNonLocked()).thenReturn(true);
    when(userDetails.isCredentialsNonExpired()).thenReturn(true);
    when(userDetails.isEnabled()).thenReturn(true);
    return userDetails;
}

As I don't know the type of Authentication you are using in your app, I used UsernamePasswordAuthenticationToken in the sample. Change that with whatever your security configuration sets the security context with.

In the case where you would actually be using UsernamePasswordAuthenticationToken, @WithMockUser would probably be much better suited than @WithMockAuthentication.