I created a custom login form for my spring download application. In my form integration test, I want to verify that the cookies received contain JSESSIONID and XSRF-TOKEN .
But I only got XSRF-TOKEN .
Here is my test:
@RunWith(SpringJUnit4ClassRunner.class) @SpringApplicationConfiguration(classes = Application.class) @WebAppConfiguration @IntegrationTest("server.port:0") public class UserIT { @Autowired private WebApplicationContext context; @Autowired private FilterChainProxy springSecurityFilterChain; @Value("${local.server.port}") private Integer port; private MockMvc mockMvc; @Before public void setup() { mockMvc = MockMvcBuilders.webAppContextSetup(context).addFilters(springSecurityFilterChain) .build(); } @Test public void getUserInfoTest() throws Exception { disableSslVerification(); MvcResult result = mockMvc.perform(formLogin("/login").user("roy").password("spring")).andExpect(authenticated()) .andReturn(); Cookie sessionId = result.getResponse().getCookie("JSESSIONID"); Cookie token = result.getResponse().getCookie("XSRF-TOKEN"); }
Conf security:
@Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http //.httpBasic() //.and() .headers().frameOptions().disable() .and() .antMatcher("/**").authorizeRequests() .antMatchers("/actuator/health").permitAll() .antMatchers("/actuator/**").hasAuthority(Authority.Type.ROLE_ADMIN.getName()) .antMatchers("/login**", "/index.html", "/home.html").permitAll() .anyRequest().authenticated() .and() .formLogin().loginPage("/login.jsp") .usernameParameter("username") .passwordParameter("password") .loginProcessingUrl("/login") .permitAll() .and() .logout().logoutSuccessUrl("/login.jsp").permitAll() .and() .csrf().csrfTokenRepository(csrfTokenRepository()) .and() .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class) .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on }
Please help me get the desired result.
source share