1

I want to do some end-to-end test for spring boot rest-api application. To achieve this im using spring mock mvc. But i can't get the 200 response because the rest api is using custom security interceptor to validate the token in request. Instead i keep getting 401 as a response. How to include this token validation in my test?

I've tried several configuration by including @ContextConfiguration(classes = {WebMvcConfig.class}) in my test class. WebMvcConfig is configuration class to register the interceptor.

This is my test file

@AutoConfigureMockMvc
@RunWith(SpringRunner.class)
@SpringBootTest(classes = VeripalServiceApplication.class)
@TestPropertySource(locations="classpath:test.properties")
@Transactional
public class VeripalTextConfigurationTest {

    @Autowired
    private MockMvc mockMvc;

    @Test
    public void happpyPath_thenReturns200() throws Exception {

        String jsonBody = "some json body";
        String endPoint = "/end_point_to_my_api";

        HttpHeaders headers = new HttpHeaders();
        headers.add("token", "this_is_my_token");
        headers.setContentType(aplication/json);

        /** Hit the API */
        mockMvc.perform(post(endPoint)
                .headers(httpHeaders)
                .content(jsonBody)
                )
                .andExpect(status().isOk()).andDo(print());
    }

}

And this is the @Configuration

@Configuration
@EnableScheduling
public class WebMvcConfig extends WebMvcConfigurerAdapter {

    @Autowired
    private ConsumerService consumerService;

    @Autowired
    private EndpointService endpointService;

    @Autowired
    private ConsumerConfigurationService consumerConfigurationService;

    @Autowired
    private AccessLimitService accessLimitService;

    @Autowired
    private ConfigurationHistoryService configurationHistoryService;

    @Autowired
    private LimitCarryOverService limitCarryOverService;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new Interceptor(consumerService, endpointService, consumerConfigurationService, accessLimitService, configurationHistoryService, limitCarryOverService));
    }
}

And this is my Interceptor class

public class Interceptor implements HandlerInterceptor {

    // some code here ...
}
edi junaedi
  • 11
  • 2

1 Answers1

0

you need to have a clear picture of request life-cycle in Servlet API and Spring Security framework.

This article might help you to understand this flow http://blog.florian-hopf.de/2017/08/spring-security.html

So, I'm pretty sure, you have an issue in authentication filters, thus you can resolve it in couple ways:

  • Disable security, for example by using @AutoConfigureMockMvc(secure = false)
  • Or you need to mock some places (AuthenticationProvider, UserDetailsService, etc) where you can provide Authentication object
  • Or, it also might help, try to play with @WithMockUser

.

Related posts:

V2: use IoC + Mockito, e.g. stub it for unit tests. I don't see how your code are written, so I believe a snippet below might help you.

// @Import({MyAuthCustomInterceptor.class}) // eq to @Component/@Service to create a bean
public class WebMvcConfig extends WebMvcConfigurerAdapter {
    @Autowired
    MyAuthCustomInterceptor interceptor;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(interceptor);
    }
}


public class VeripalTextConfigurationTest {
   @MockBean
   MyAuthCustomInterceptor interceptor;

   @SetUp
   public void setup(){
       Mockito.when(interceptor.preHandle(...)).thenReturn(true);
   }
}
Pianov
  • 1,533
  • 9
  • 16
  • Thanks but we are not using any spring security at all, we only use our own custom security to validate the token inside the interceptor class – edi junaedi Apr 08 '19 at 08:02