Announcement Announcement Module
Collapse
No announcement yet.
Spring-test-mvc testing security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring-test-mvc testing security

    Hi all,

    I've started to look at spring-test-mvc to test our webapp, and it looks very promising.

    I'm having trouble however trying to code an integration test to test a redirection to a login page for an unauthenticated user. The Spring Security beans get loaded, but the filter is never called, and the home page is returned rather than a 302 forwarding to the login page

    I'm using GenericWebXmlContextLoader from the spring-test-mvc samples as a context loader. I'm guessing my problem stems from root context versus servlet context, as I came across references to this in other threads concerning live configuration as opposed to test. Is web.xml even touched as I don't see any reference to /WEB-INF/spring/root-context.xml in the output?

    Can I use spring-mvc-test to test this as it would provide an elegant means of doing so, or should I look at some other means? I'm using Spring 3.1-RC2, Spring Security 3.1-RC3, and Spring Test MVC 1.0.0.BUILD-SNAPSHOT

    Code below, and a link to trace level log output from the test (too big to embed without lots of editing)

    Any insight much appreciated!

    Regards,

    John

    LoginRedirectTest.java
    Code:
    package org.tssg.qosplan;
    
    import static org.springframework.test.web.server.request.MockMvcRequestBuilders.get;
    import static org.springframework.test.web.server.result.MockMvcResultMatchers.forwardedUrl;
    import static org.springframework.test.web.server.result.MockMvcResultMatchers.status;
    
    import org.junit.Before;
    import org.junit.Test;
    import org.junit.runner.RunWith;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.test.context.ContextConfiguration;
    import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
    import org.springframework.test.web.server.MockMvc;
    import org.springframework.test.web.server.setup.MockMvcBuilders;
    import org.springframework.web.context.WebApplicationContext;
    import org.tssg.qosplan.loader.GenericWebXmlContextLoader;
    
    @ContextConfiguration(
    		loader=GenericWebXmlContextLoader.class,
    		locations={"/org/tssg/qosplan/servlet-context.xml", "/org/tssg/qosplan/security-context.xml"})  
    @RunWith(SpringJUnit4ClassRunner.class)
    public class LoginRedirectTest {
    
    	
    	@Autowired
    	private WebApplicationContext _cxt ;
    	
    	private MockMvc _mockMvc ;
    	
    	@Before
    	public void setupContainer() throws Exception
    	{
    		this._mockMvc = MockMvcBuilders.webApplicationContextSetup(_cxt).build();
    	}
    	
    	@Test
    	public void testShouldRedirectToLoginPage() throws Exception {
    		_mockMvc.perform(get("/"))
    				.andExpect(status().isMovedTemporarily())
    				.andExpect(forwardedUrl("/public/login.jsp")) ;
    	}
    }
    web.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    
    	<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>/WEB-INF/spring/root-context.xml</param-value>
    	</context-param>
    	
    	<!-- Creates the Spring Container shared by all Servlets and Filters -->
    	<listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
    
    	<!-- Set up the spring security filter -->
    	<filter>
    	  <filter-name>springSecurityFilterChain</filter-name>
    	  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    	</filter>
    	
    	<filter-mapping>
    	  <filter-name>springSecurityFilterChain</filter-name>
    	  <url-pattern>/*</url-pattern>
    	</filter-mapping>
    
    
    	<!-- Processes application requests -->
    	<servlet>
    		<servlet-name>appServlet</servlet-name>
    		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    		<init-param>
    			<param-name>contextConfigLocation</param-name>
    			<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
    		</init-param>
    		<load-on-startup>1</load-on-startup>
    	</servlet>
    		
    	<servlet-mapping>
    		<servlet-name>appServlet</servlet-name>
    		<url-pattern>/</url-pattern>
    	</servlet-mapping>
    
    </web-app>
    servlet-context.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/mvc"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:beans="http://www.springframework.org/schema/beans"
    	xmlns:context="http://www.springframework.org/schema/context"
    	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
    		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
    
    	<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->
    	
    	<!-- Enables the Spring MVC @Controller programming model -->
    	<annotation-driven />
    
    	<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
    	<resources mapping="/resources/**" location="/resources/" />
    
    	<context:component-scan base-package="org.tssg.qosplan" />
    </beans:beans>
    security-context.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    	xmlns:beans="http://www.springframework.org/schema/beans"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    
    	<!-- URL patterns to ignore for authentication purposes -->
    	<http pattern="/public/**" security="none"/>
    	<http pattern="/css/**" security="none" />
    	<http pattern="/js/**" security="none" />
    	<http pattern="/images/**" security="none" />
    
    	<http auto-config='true'>
    		<intercept-url pattern="/**" access="ROLE_USER" />
    		<form-login login-page='/public/login.jsp' />
    	</http>
    
    	<authentication-manager>
    		<authentication-provider>
    			<user-service>
    				<user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
    				<user name="test" password="test" authorities="ROLE_USER" />
    			</user-service>
    		</authentication-provider>
    	</authentication-manager>
    </beans:beans>
    HomeController.java
    Code:
    package org.tssg.qosplan;
    
    import java.text.DateFormat;
    import java.util.Date;
    import java.util.Locale;
    
    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    import org.springframework.stereotype.Controller;
    import org.springframework.ui.Model;
    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.bind.annotation.RequestMethod;
    
    /**
     * Handles requests for the application home page.
     */
    @Controller
    public class HomeController {
    	
    	private static final Logger logger = LoggerFactory.getLogger(HomeController.class);
    	
    	/**
    	 * Simply selects the home view to render by returning its name.
    	 */
    	@RequestMapping(value = "/", method = RequestMethod.GET)
    	public String home(Locale locale, Model model) {
    		logger.info("Welcome home! the client locale is "+ locale.toString());
    		
    		Date date = new Date();
    		DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG, locale);
    		
    		String formattedDate = dateFormat.format(date);
    		
    		model.addAttribute("serverTime", formattedDate );
    		
    		return "home";
    	}
    
    }
    Log output:
    http://dl.dropbox.com/u/19207401/spring-test-mvc.log
Working...
X