認証のテスト

Spring Security サポートを WebTestClient に適用した後、アノテーションまたは mutateWith サポートのいずれかを使用できます(例:

  • Java

  • Kotlin

import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockUser;

@Test
public void messageWhenNotAuthenticated() throws Exception {
	this.rest
		.get()
		.uri("/message")
		.exchange()
		.expectStatus().isUnauthorized();
}

// --- WithMockUser ---

@Test
@WithMockUser
public void messageWhenWithMockUserThenForbidden() throws Exception {
	this.rest
		.get()
		.uri("/message")
		.exchange()
		.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);
}

@Test
@WithMockUser(roles = "ADMIN")
public void messageWhenWithMockAdminThenOk() throws Exception {
	this.rest
		.get()
		.uri("/message")
		.exchange()
		.expectStatus().isOk()
		.expectBody(String.class).isEqualTo("Hello World!");
}

// --- mutateWith mockUser ---

@Test
public void messageWhenMutateWithMockUserThenForbidden() throws Exception {
	this.rest
		.mutateWith(mockUser())
		.get()
		.uri("/message")
		.exchange()
		.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);
}

@Test
public void messageWhenMutateWithMockAdminThenOk() throws Exception {
	this.rest
		.mutateWith(mockUser().roles("ADMIN"))
		.get()
		.uri("/message")
		.exchange()
		.expectStatus().isOk()
		.expectBody(String.class).isEqualTo("Hello World!");
}
import org.springframework.test.web.reactive.server.expectBody
import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockUser

//...

@Test
@WithMockUser
fun messageWhenWithMockUserThenForbidden() {
    this.rest.get().uri("/message")
        .exchange()
        .expectStatus().isEqualTo(HttpStatus.FORBIDDEN)
}

@Test
@WithMockUser(roles = ["ADMIN"])
fun messageWhenWithMockAdminThenOk() {
    this.rest.get().uri("/message")
        .exchange()
        .expectStatus().isOk
        .expectBody<String>().isEqualTo("Hello World!")

}

// --- mutateWith mockUser ---

@Test
fun messageWhenMutateWithMockUserThenForbidden() {
    this.rest
        .mutateWith(mockUser())
        .get().uri("/message")
        .exchange()
        .expectStatus().isEqualTo(HttpStatus.FORBIDDEN)
}

@Test
fun messageWhenMutateWithMockAdminThenOk() {
    this.rest
        .mutateWith(mockUser().roles("ADMIN"))
        .get().uri("/message")
        .exchange()
        .expectStatus().isOk
        .expectBody<String>().isEqualTo("Hello World!")
}

mockUser() に加えて、Spring Security には、CSRFOAuth 2.0 などの便利なミューテーターがいくつか付属しています。