I have an application that I created with JHipster. I created a Blog object and then modified the class BlogResource, so its method getAll()returns only the blog for the current user.
@RequestMapping(value = "/blogs",
method = RequestMethod.GET,
produces = MediaType.APPLICATION_JSON_VALUE)
@Timed
public List<Blog> getAll() {
log.debug("REST request to get all Blogs");
return blogRepository.findAllForCurrentUser();
}
BlogRepositoryhas the following method findAllForCurrentUser().
@Query("select blog from Blog blog where blog.user.login = ?
List<Blog> findAllForCurrentUser();
To verify this, I was able to use Spring Security RequestPostProcessor:
@Test
@Transactional
public void getAllBlogs() throws Exception {
restBlogMockMvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
blog.setUser(userRepository.findOneByLogin("user").get());
blogRepository.saveAndFlush(blog);
restBlogMockMvc.perform(get("/api/blogs").with(user("user")))
.andExpect(status().isOk())
.andExpect(content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.[*].id").value(hasItem(blog.getId().intValue())))
.andExpect(jsonPath("$.[*].name").value(hasItem(DEFAULT_NAME.toString())))
.andExpect(jsonPath("$.[*].handle").value(hasItem(DEFAULT_HANDLE.toString())));
}
I am curious to know why using annotations such as @WithMockUserand @WithUserDetailswill not work for this. If I change it to use annotations, I get the following error:
[DEBUG] org.jhipster.app.security.Http401UnauthorizedEntryPoint - Pre-authenticated entry point called. Rejecting access
java.lang.AssertionError: Status
Expected :200
Actual :401
source
share