[JAVA] Spring Boot @WebMvcTest test enables Spring Security default security

When using WebFlux and Security with Spring Boot 2.3.4.RELEASE In a test that gives @WebMvcTest for testing a controller etc. When I made a request to the controller with WebTestClient, I was asked for Basic authentication for some reason.

It's a project that uses Spring Security, but it doesn't use Basic authentication.

Although the cause could not be investigated, there was an issue on GitHub.

In summary, @WebFluxTest configures controller-related @Beans such as @Conroller, @ControllerAdvice, and WebFluxConfigurer, but not @Bean of @Service.

However, it seems that the class with @Configuration is generated as @Bean. And it seems that only @Bean that matches the condition is generated from it.

If you have a security configuration for WebFlux of Spring Security, in most cases you will need to prepare the following configuration described in the document.

@Configuration
@EnableWebFluxSecurity
public class SecurityConfiguration {

    @Bean
    public SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) {
        // do stuff
    }
}

At this time, SecurityWebFilterChain is not generated, but @EnableWebFluxSecurity is scanned together with SecurityConfiguration.

Looking at the definition of @EnableWebFluxSecurity, [@Import (WebFluxSecurityConfiguration.class)](https://github.com/spring-projects/spring-security/blob/651c94b3859eb6c3eee4ee632b1419e59d99d8dd/config/src/main/java/org/springframework /security/config/annotation/web/reactive/EnableWebFluxSecurity.java#L87-L88) is added.

WebFluxSecurityConfiguration will generate the default SecurityWebFilterChain (https://github.com/spring-projects/spring-security/blob/651c94b3859eb6c3eee4ee632b1419e59d99d8dd/config/src/main/java/org/springframework/security/config/annotation" /web/reactive/WebFluxSecurityConfiguration.java#L100-L111).

It seems that the default security of Spring Security is applied to the test with @WebFluxTest in this way.

As a countermeasure, it seems that there is no choice but to explicitly @ Import`` @ Configuration that generates SecurityWebFilterChain prepared in the project.

Recommended Posts

Spring Boot @WebMvcTest test enables Spring Security default security
Try using Spring Boot Security
Spring Security usage memo test
Write test code in Spring Boot
Use DBUnit for Spring Boot test
Perform transaction confirmation test with Spring Boot
Form class validation test with Spring Boot
Achieve BASIC authentication with Spring Boot + Spring Security
About designing Spring Boot and unit test environment
Hash passwords with Spring Boot + Spring Security (with salt, with stretching)
Try LDAP authentication with Spring Security (Spring Boot) + OpenLDAP
Challenge Spring Boot
[Java / Spring Boot] Spring security ④ --Implementation of login process
[Java / Spring Boot] Spring security ⑤ --Implementation of logout processing
Spring Boot Form
Spring Boot Memorandum
gae + spring boot
[Introduction to Spring Boot] Authentication function with Spring Security
Create Spring Cloud Config Server with security with Spring Boot 2.0
How to write a unit test for Spring Boot 2
Spring Security usage memo: Cooperation with Spring MVC and Boot
[JUnit 5 compatible] Write a test using JUnit 5 with Spring boot 2.2, 2.3
Spring Boot with Spring Security Filter settings and addictive points
Implement a simple Rest API with Spring Security with Spring Boot 2.0
[JUnit 5] Write a validation test with Spring Boot! [Parameterization test]
Test field-injected class in Spring boot test without using Spring container
Create a simple demo site with Spring Security with Spring Boot 2.1
I wrote a test with Spring Boot + JUnit 5 now
SPRING BOOT learning record 01
Spring Boot + Heroku Postgres
About Spring Security authentication
Spring boot memo writing (1)
First Spring Boot (DI)
SPRING BOOT learning record 02
Spring Boot2 cheat sheet
Spring Boot exception handling
Spring Boot Servlet mapping
Spring boot development-development environment-
Spring Boot learning procedure
Spring Security causes 403 forbidden
Learning Spring Boot [Beginning]
Spring boot memo writing (2)
Spring Boot 2.2 Document Summary
[Spring Boot] DataSourceProperties $ DataSourceBeanCreationException
Spring Boot 2.3 Application Availability
Spring boot tutorials Topics
Download with Spring Boot
Implement a simple Rest API with Spring Security & JWT with Spring Boot 2.0
Use Spring Test + Mockito + JUnit 4 for Spring Boot + Spring Retry unit tests