Spring webflow unit test with spring security on

Question

I'm trying to test a webflow controller with spring security on:

<action-state id="search">
    <secured attributes="ROLE_ADMIN"/>
...
</action-state>

I'm using AbstractXmlFlowExecutionTests subclass.

Now, the test runs ok without the "secured" tag (I don't make any mocks for the security), but once I add the security tag, the test keeps finishing with success, although I anticipate a security exception to be thrown. Any ideas why it doesn't work and how should I configure it? Thanks in advance! Igor

Well, it's in the message... I'm using it inside the action-state in the webflow. It works fine when I actually RUN my app, but it fails in the test. — Igor Deruga, Feb 27 '13 at 22:45

score 1 · Accepted Answer · answered Mar 08 '13 at 20:21

Ok, I've found the solution: I needed to add a securityListener manually. Before startFlow:

setFlowExecutionListener(getSecurityListener(new String[] {"ROLE_ADMIN_FAKE"}));

Where

private FlowExecutionListener getSecurityListener(String[] roles) {
    List<GrantedAuthority> result = new ArrayList<>();
    for (String role: roles) {
        SimpleGrantedAuthority authority = new SimpleGrantedAuthority(role);
        result.add(authority);
    }
    Authentication auth = new PreAuthenticatedAuthenticationToken("Igor", "", result);
    SecurityContextHolder.getContext().setAuthentication(auth);
    return new SecurityFlowExecutionListener();
}

Spring webflow unit test with spring security on

1 Answers1