Spring-test-mvc testing security
Hi all,
I've started to look at spring-test-mvc to test our webapp, and it looks very promising.
I'm having trouble however trying to code an integration test to test a redirection to a login page for an unauthenticated user. The Spring Security beans get loaded, but the filter is never called, and the home page is returned rather than a 302 forwarding to the login page
I'm using GenericWebXmlContextLoader from the spring-test-mvc samples as a context loader. I'm guessing my problem stems from root context versus servlet context, as I came across references to this in other threads concerning live configuration as opposed to test. Is web.xml even touched as I don't see any reference to /WEB-INF/spring/root-context.xml in the output?
Can I use spring-mvc-test to test this as it would provide an elegant means of doing so, or should I look at some other means? I'm using Spring 3.1-RC2, Spring Security 3.1-RC3, and Spring Test MVC 1.0.0.BUILD-SNAPSHOT
Code below, and a link to trace level log output from the test (too big to embed without lots of editing)
Any insight much appreciated!
Regards,
John
LoginRedirectTest.java
web.xmlCode:package org.tssg.qosplan; import static org.springframework.test.web.server.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.server.result.MockMvcResultMatchers.forwardedUrl; import static org.springframework.test.web.server.result.MockMvcResultMatchers.status; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.server.MockMvc; import org.springframework.test.web.server.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; import org.tssg.qosplan.loader.GenericWebXmlContextLoader; @ContextConfiguration( loader=GenericWebXmlContextLoader.class, locations={"/org/tssg/qosplan/servlet-context.xml", "/org/tssg/qosplan/security-context.xml"}) @RunWith(SpringJUnit4ClassRunner.class) public class LoginRedirectTest { @Autowired private WebApplicationContext _cxt ; private MockMvc _mockMvc ; @Before public void setupContainer() throws Exception { this._mockMvc = MockMvcBuilders.webApplicationContextSetup(_cxt).build(); } @Test public void testShouldRedirectToLoginPage() throws Exception { _mockMvc.perform(get("/")) .andExpect(status().isMovedTemporarily()) .andExpect(forwardedUrl("/public/login.jsp")) ; } }
servlet-context.xmlCode:<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <!-- The definition of the Root Spring Container shared by all Servlets and Filters --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring/root-context.xml</param-value> </context-param> <!-- Creates the Spring Container shared by all Servlets and Filters --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- Set up the spring security filter --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Processes application requests --> <servlet> <servlet-name>appServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>appServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> </web-app>
security-context.xmlCode:<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure --> <!-- Enables the Spring MVC @Controller programming model --> <annotation-driven /> <!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory --> <resources mapping="/resources/**" location="/resources/" /> <context:component-scan base-package="org.tssg.qosplan" /> </beans:beans>
HomeController.javaCode:<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <!-- URL patterns to ignore for authentication purposes --> <http pattern="/public/**" security="none"/> <http pattern="/css/**" security="none" /> <http pattern="/js/**" security="none" /> <http pattern="/images/**" security="none" /> <http auto-config='true'> <intercept-url pattern="/**" access="ROLE_USER" /> <form-login login-page='/public/login.jsp' /> </http> <authentication-manager> <authentication-provider> <user-service> <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" /> <user name="test" password="test" authorities="ROLE_USER" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans>
Log output:Code:package org.tssg.qosplan; import java.text.DateFormat; import java.util.Date; import java.util.Locale; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; /** * Handles requests for the application home page. */ @Controller public class HomeController { private static final Logger logger = LoggerFactory.getLogger(HomeController.class); /** * Simply selects the home view to render by returning its name. */ @RequestMapping(value = "/", method = RequestMethod.GET) public String home(Locale locale, Model model) { logger.info("Welcome home! the client locale is "+ locale.toString()); Date date = new Date(); DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG, locale); String formattedDate = dateFormat.format(date); model.addAttribute("serverTime", formattedDate ); return "home"; } }
http://dl.dropbox.com/u/19207401/spring-test-mvc.log
Reply With Quote