Spring Security: Upgrading the deprecated WebSecurityConfigurerAdapter (#12540)
* add SecurityFilterChain application in spring security web boot 4 * pmd violation * fix: pom description * remove unused code, format * make tests grouped logically * add missing case for user role * rename package to lower case
This commit is contained in:
+94
@@ -0,0 +1,94 @@
|
||||
package com.baeldung.securityfilterchain;
|
||||
|
||||
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.security.test.context.support.WithAnonymousUser;
|
||||
import org.springframework.security.test.context.support.WithUserDetails;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
|
||||
@SpringBootTest(classes = SecurityFilterChainApplication.class)
|
||||
public class SecurityFilterChainIntegrationTest {
|
||||
@Autowired
|
||||
private WebApplicationContext context;
|
||||
|
||||
private MockMvc mvc;
|
||||
|
||||
@BeforeEach
|
||||
public void setup() {
|
||||
mvc = MockMvcBuilders.webAppContextSetup(context)
|
||||
.apply(springSecurity())
|
||||
.build();
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithUserDetails(value = "admin")
|
||||
public void whenAdminAccessUserEndpoint_thenOk() throws Exception {
|
||||
mvc.perform(get("/user"))
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithUserDetails(value = "admin")
|
||||
public void whenAdminAccessAdminSecuredEndpoint_thenIsOk() throws Exception {
|
||||
mvc.perform(get("/admin"))
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithUserDetails(value = "admin")
|
||||
public void whenAdminAccessDeleteSecuredEndpoint_thenIsOk() throws Exception {
|
||||
mvc.perform(delete("/delete").content("{}"))
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithAnonymousUser
|
||||
public void whenAnonymousAccessLogin_thenOk() throws Exception {
|
||||
mvc.perform(get("/login"))
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithAnonymousUser
|
||||
public void whenAnonymousAccessRestrictedEndpoint_thenIsUnauthorized() throws Exception {
|
||||
mvc.perform(get("/all"))
|
||||
.andExpect(status().isUnauthorized());
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithUserDetails()
|
||||
public void whenUserAccessUserSecuredEndpoint_thenOk() throws Exception {
|
||||
mvc.perform(get("/user"))
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithUserDetails()
|
||||
public void whenUserAccessRestrictedEndpoint_thenOk() throws Exception {
|
||||
mvc.perform(get("/all"))
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithUserDetails()
|
||||
public void whenUserAccessAdminSecuredEndpoint_thenIsForbidden() throws Exception {
|
||||
mvc.perform(get("/admin"))
|
||||
.andExpect(status().isForbidden());
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithUserDetails()
|
||||
public void whenUserAccessDeleteSecuredEndpoint_thenIsForbidden() throws Exception {
|
||||
mvc.perform(delete("/delete"))
|
||||
.andExpect(status().isForbidden());
|
||||
}
|
||||
}
|
||||
+1
@@ -0,0 +1 @@
|
||||
spring.security.debug=true
|
||||
+12
@@ -0,0 +1,12 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration scan="true" scanPeriod="15 seconds" debug="false">
|
||||
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
|
||||
<encoder>
|
||||
<pattern>[%d{ISO8601}]-[%thread] %-5level %logger - %msg%n</pattern>
|
||||
</encoder>
|
||||
</appender>
|
||||
|
||||
<root level="INFO">
|
||||
<appender-ref ref="STDOUT"/>
|
||||
</root>
|
||||
</configuration>
|
||||
Reference in New Issue
Block a user