-
|
Hi, I am currently trying to make these annotations work with TestRestTemplate instead of MockMvc. It works with MockMvc but I would like to test other values from the response so I have other tests with SpringBootTest and TestRestTemplate in addition to the controllers with mockMvc. In the method check() from AuthoritiesAuthorizationManager.java in Spring Security, the authentication is always for an anonymous authentication. Is there any way to inject my test JWT test setup in there? I've tried with WithMockAuthentication and WithJwt but without success for the moment. I guess that I will need to create the JWT Bearer header in my TestRestTemplate instance. Is there any way to get a valid JWT token string from the spring-addons or will I need to create a valid one myself like this okta blog ? Any pointers on where I should look for the problem that may be in my test setup? Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
May I ask what exactly you can test on responses from To my knowledge, no, you can't force the security context with TestRestTemplate as the request is an actual request and the security context is populated by the actual security filter-chain. You can hardly create a "valid" JWT bearer yourself because it requires to sign it with the actual authorization server private key. It also requires the authorization server to be reachable for the resource server to fetch the public key. If you want to stick with actual requests (instead of MockMvc ones), I'd advise that you define an OAuth2 client with client-credentials on the authorization server (actually a few of distinct clients, each granted with the different set of roles you need) and use it with your REST client to get actual access tokens before sending your test requests. |
Beta Was this translation helpful? Give feedback.
-
|
You are right, I may currently have bad integration tests as I am testing the server side and not the client side so I should not need TestRestTemplate at all for this. For the moment, I have some generic tests that I do on the ResponseEntity (not null, some expected HTTP status and content-types) so I extracted all of that in generic util methods with TestRestTemplate and I couldn't make it work like with HTTP Basic Auth because of the token and found your library via the Baeldung blog post. Regarding the creation of the JWT token, I thought I could create one without the signing of the token (with alg none) as I just wanted to test the authorities. That doesn't seem to be a valid path for my tests. Anyway, thanks for the clarification! It was a misunderstanding on my side, I'll rework my tests to use MockMvc instead. |
Beta Was this translation helpful? Give feedback.
May I ask what exactly you can test on responses from
TestRestTemplatethat you can't with those fromMockMvc?To my knowledge, no, you can't force the security context with TestRestTemplate as the request is an actual request and the security context is populated by the actual security filter-chain.
You can hardly create a "valid" JWT bearer yourself because it requires to sign it with the actual authorization server private key. It also requires the authorization server to be reachable for the resource server to fetch the public key.
If you want to stick with actual requests (instead of MockMvc ones), I'd advise that you define an OAuth2 client with client-credentials on the authorizati…