I have test-config.xml
<authentication-manager alias="authenticationManager">
<authentication-provider ref="testProvider" />
<authentication-provider>
<user-service>
<user name="department1000" password="password" authorities="ROLE_1000" />
<user name="user" password="password2" authorities="ROLE_ALL_DEPT_ACCESS" />
<user name="user1" password="password3" authorities="ROLE_STUDENT" />
</user-service>
</authentication-provider>
</authentication-manager>
<beans:bean id="testProvider" class="org.springframework.security.authentication.TestingAuthenticationProvider">
</beans:bean>
I need a method that mimics authentication and gives a role:
protected void simulateRole(String role) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority(role));
token = new TestingAuthenticationToken("username","password", authorities);
securityContext.setAuthentication((getAuthenticationManager().authenticate(token)));
Then I need to call the @PreAuthorized anotated controller method for the test:
@Test(expected = AccessDeniedException.class)
public void testShowAccessDenied() {
super.simulateRole("ROLE_STUDENT");
controller.show(new ModelMap(), super.getAuthenticationPrincipal(), Locale.getDefault(), new D(), new E());
super.getSecurityContext().getAuthentication().getDetails();
I think that I do not set the Principal principal required, since the test does not throw an AccessDeniedException
public Principal getAuthenticationPrincipal() {
return (Principal) securityContext.getAuthentication().getDetails();
Changing the type of the arguments to the controller method will cause a ton of mess. Any way to make this work?
source
share