0

I'm trying to test some oauth endpoints following this guide, http://engineering.pivotal.io/post/faking_oauth_sso/.

I created a method getOauthUserAuthentication() which returns an oauth2 authentication object with principal 'vince' and authority 'ROLE_USER'.

Job newJob = jobRepository.save(job);
Authentication auth = getOauthUserAuthentication()

restMockMvc.perform(get("/api/jobs/{id}", newJob.getId())
        .with(authentication(auth)))
        .andExpect(status().isOk())

I set a break point inside the controller, and called SecurityContextHolder.getContext().getAuthentication() returns an authentication object with principal anonymousUser and authorities ROLE_ANONYMOUS.

It seems the token is being created correctly, but isn't being propagated to security context created by mockMvc. What am I missing?

Cœur
  • 37,241
  • 25
  • 195
  • 267
thejames42
  • 447
  • 6
  • 22

1 Answers1

0

When running the tests, I had been invoking the profile associated with the the resource server config class I had created. When i removed the profile invocation from the active profiles annotation, the authentication object I was creating in the test started showing up in the controller. I believe that the security context created by the config class was overwriting the one created by mockMvc. since I wasn't sending a bearer token, the config class automatically created the anonymousUser principle.

thejames42
  • 447
  • 6
  • 22