When I tested forms authentication with the following configuration in Spring Security, a 404 error occurred.
POST
--------------------------------->
Form screen AuthenticationProvider
·username
・ Password <=================================
User information
SecurityConfig.java
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/webjars/**", "/css/");
}
@Override
protected void configure(HttpSecurity http) {
http.authorizeRequests()
.antMatchers("signin").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginProcessingUrl("/authentication")
.loginPage("signin")
.failureUrl("signin" + "?error")
.successForwardUrl("/hoge/list")
.failureForwardUrl("/authenticationError")
.usernameParameter("username")
.passwordParameter("password")
.and()
.logout()
.logoutSuccessUrl("signin");
}
TestClass.java
@RunWith(SpringRunner.class)
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@ContextConfiguration(classes = HogeApplication.class)
public class TestClass {
@Before
public void Prepare request() {
mvc = MockMvcBuilders
.webAppContextSetup(context)
.build();
}
@Test
public void Authenticate with request URL() throws Exception {
ResultActions result = mvc.perform(
MockMvcRequestBuilders.post("/authentication")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.param("username",User account)
.param("password",password)
);
result.andExpect(status().isOk())
.andExpect(forwardedUrl("/hoge/list"));
}
}
Assertion results java.lang.AssertionError: Status Expected :200 Actual :404
Take the following two workarounds.
Applying the above, the test class will be as follows.
TestClass.java
@RunWith(SpringRunner.class)
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@ContextConfiguration(classes = HogeApplication.class)
public class TestClass {
@Before
public void Prepare request() {
mvc = MockMvcBuilders
.webAppContextSetup(context)
.apply(springSecurity()) //If this is not applied, even if csrf is set, it will be 404.
.build();
}
@Test
public void Authenticate with request URL() throws Exception {
ResultActions result = mvc.perform(
MockMvcRequestBuilders.post("/authentication")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.with(csrf())
.param("username",User account)
.param("password",password)
);
result.andExpect(status().isOk())
.apply(springSecurity()) //If this is not applied, even if csrf is set, it will be 404.
.andExpect(forwardedUrl("/hoge/list"));
}
}
Official documentation also mentions csrf (), but explicitly post The username and password did not pass to the server side in the following implementation without requesting. There may be something wrong, but I don't know. .. ..
TestClass.java
public class TestClass {
Methods that do not pass the public parameter() {
ResultActions result2 = mvc.perform(formLogin("/authentication")
.user(User account).password(password));
result2.andExpect(status().isOk())
.andExpect(forwardedUrl("/clients/list"))
.andDo(MockMvcResultHandlers.print());
ResultActions result3 = mvc.perform(MockMvcRequestBuilders.post("/authentication")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.with(csrf())
.with(user(User account).password(password)));
result3.andExpect(status().isOk())
.andExpect(forwardedUrl("/clients/list"))
.andDo(MockMvcResultHandlers.print());
}
}
The result was the same with csrf (). AsHeader ().
If springSecurity () is not applied, it will be 404 even if csrf () is set in MockMvcRequestBuilders # post.
Recommended Posts