Spring webflow unit test with spring security on

StackOverflow https://stackoverflow.com/questions/15118127

Question

I'm trying to test a webflow controller with spring security on: 

<action-state id="search">
    <secured attributes="ROLE_ADMIN"/>
...
</action-state>

I'm using AbstractXmlFlowExecutionTests subclass.

Now, the test runs ok without the "secured" tag (I don't make any mocks for the security), but once I add the security tag, the test keeps finishing with success, although I anticipate a security exception to be thrown. Any ideas why it doesn't work and how should I configure it? Thanks in advance! Igor

Was it helpful?

Solution

Ok, I've found the solution: I needed to add a securityListener manually. Before startFlow:

setFlowExecutionListener(getSecurityListener(new String[] {"ROLE_ADMIN_FAKE"}));

Where

private FlowExecutionListener getSecurityListener(String[] roles) {
    List<GrantedAuthority> result = new ArrayList<>();
    for (String role: roles) {
        SimpleGrantedAuthority authority = new SimpleGrantedAuthority(role);
        result.add(authority);
    }
    Authentication auth = new PreAuthenticatedAuthenticationToken("Igor", "", result);
    SecurityContextHolder.getContext().setAuthentication(auth);
    return new SecurityFlowExecutionListener();
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top