Package org.springframework.security.test.web.servlet.request

Class SecurityMockMvcRequestPostProcessors

java.lang.Object

org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

public final class SecurityMockMvcRequestPostProcessors
extends Object

Contains MockMvc RequestPostProcessor implementations for Spring Security.

Since:

4.0

Author:

Rob Winch

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor	Populates a valid CsrfToken into the request.
static class	SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor
static final class	SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor	Creates a UsernamePasswordAuthenticationToken and sets the principal to be a User and associates it to the MockHttpServletRequest.

Method Summary

Modifier and Type	Method	Description
static org.springframework.test.web.servlet.request.RequestPostProcessor	authentication(org.springframework.security.core.Authentication authentication)	Establish a SecurityContext that uses the specified Authentication for the Authentication.getPrincipal() and a custom UserDetails.
static SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor	csrf()	Creates a RequestPostProcessor that will automatically populate a valid CsrfToken in the request.
static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor	digest()	Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.
static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor	digest(String username)	Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.
static org.springframework.test.web.servlet.request.RequestPostProcessor	httpBasic(String username, String password)	Convenience mechanism for setting the Authorization header to use HTTP Basic with the given username and password.
static org.springframework.test.web.servlet.request.RequestPostProcessor	securityContext(org.springframework.security.core.context.SecurityContext securityContext)	Establish the specified SecurityContext to be used.
static org.springframework.test.web.servlet.request.RequestPostProcessor	testSecurityContext()	Creates a RequestPostProcessor that can be used to ensure that the resulting request is ran with the user in the TestSecurityContextHolder.
static SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor	user(String username)	Establish a SecurityContext that has a UsernamePasswordAuthenticationToken for the Authentication.getPrincipal() and a User for the UsernamePasswordAuthenticationToken.getPrincipal().
static org.springframework.test.web.servlet.request.RequestPostProcessor	user(org.springframework.security.core.userdetails.UserDetails user)	Establish a SecurityContext that has a UsernamePasswordAuthenticationToken for the Authentication.getPrincipal() and a custom UserDetails for the UsernamePasswordAuthenticationToken.getPrincipal().
static org.springframework.test.web.servlet.request.RequestPostProcessor	x509(String resourceName)	Finds an X509Cetificate using a resoureName and populates it on the request.
static org.springframework.test.web.servlet.request.RequestPostProcessor	x509(X509Certificate... certificates)	Populates the provided X509Certificate instances on the request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

digest

public static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor digest()

Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.

Returns:

the DigestRequestPostProcessor to use

digest

public static SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor digest(String username)

Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.

Parameters:

username - the username to use

Returns:

the DigestRequestPostProcessor to use

x509

public static org.springframework.test.web.servlet.request.RequestPostProcessor x509(X509Certificate... certificates)

Populates the provided X509Certificate instances on the request.

Parameters:

certificates - the X509Certificate instances to pouplate

Returns:

the RequestPostProcessor to use.

x509

public static org.springframework.test.web.servlet.request.RequestPostProcessor x509(String resourceName)
                                                                              throws IOException,
CertificateException

Finds an X509Cetificate using a resoureName and populates it on the request.

Parameters:

resourceName - the name of the X509Certificate resource

Returns:

the RequestPostProcessor to use.

Throws:

IOException

CertificateException

csrf

public static SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor csrf()

Creates a RequestPostProcessor that will automatically populate a valid CsrfToken in the request.

Returns:

the SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor for further customizations.

testSecurityContext

public static org.springframework.test.web.servlet.request.RequestPostProcessor testSecurityContext()

Creates a RequestPostProcessor that can be used to ensure that the resulting request is ran with the user in the TestSecurityContextHolder.

Returns:

the RequestPostProcessor to sue

user

public static SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor user(String username)

Establish a SecurityContext that has a UsernamePasswordAuthenticationToken for the Authentication.getPrincipal() and a User for the UsernamePasswordAuthenticationToken.getPrincipal(). All details are declarative and do not require that the user actually exists.

Parameters:

username - the username to populate

Returns:

the SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor for additional customization

user

public static org.springframework.test.web.servlet.request.RequestPostProcessor user(org.springframework.security.core.userdetails.UserDetails user)

Establish a SecurityContext that has a UsernamePasswordAuthenticationToken for the Authentication.getPrincipal() and a custom UserDetails for the UsernamePasswordAuthenticationToken.getPrincipal(). All details are declarative and do not require that the user actually exists.

Parameters:

user - the UserDetails to populate

Returns:

the RequestPostProcessor to use

authentication

public static org.springframework.test.web.servlet.request.RequestPostProcessor authentication(org.springframework.security.core.Authentication authentication)

Establish a SecurityContext that uses the specified Authentication for the Authentication.getPrincipal() and a custom UserDetails. All details are declarative and do not require that the user actually exists.

Parameters:

authentication - the Authentication to populate

Returns:

the RequestPostProcessor to use

securityContext

public static org.springframework.test.web.servlet.request.RequestPostProcessor securityContext(org.springframework.security.core.context.SecurityContext securityContext)

Establish the specified SecurityContext to be used.

httpBasic

public static org.springframework.test.web.servlet.request.RequestPostProcessor httpBasic(String username,
 String password)

Convenience mechanism for setting the Authorization header to use HTTP Basic with the given username and password. This method will automatically perform the necessary Base64 encoding.

Parameters:

username - the username to include in the Authorization header.

password - the password to include in the Authorization header.

Returns:

the RequestPostProcessor to use