Open membersound opened 2 years ago
Hi @membersound. Thanks for the sample over in spring boot issue. I was able to pull in the project and see your errors. I am able to convert the simple project you provided to a Spring WebFlux project by removing the spring-boot-starter-web
dependency and changing your SecurityConfig
to use webflux support instead. When I do this, your WebTestClient tests work (though they do not pass, as the assertions are expecting 200 instead of 403 and 302 respectively). However, the mockmvc tests cannot work in the same project.
All that to say, I'm uncertain whether your scenario would be expected to work currently as I believe the WebTestClient
support in Spring Security is designed to work with webflux, at least in a mock server setup. I'll ask the team if your scenario is supported and get back to you.
Hi @membersound. Just to let you know, I've spoken with the team around this issue. A couple of takeaways:
IllegalStateException
instead of NullPointerException
when one of the mutators such as csrf()
is applied. I'll open a new issue for this change.WebHttpHandlerBuilder
is missing and proactively throw an IllegalStateException
during WebTestClient
setup instead of waiting for one of the mutators such as csrf()
to be applied. I'll create a new issue for this change as well.@sjohnr currently it is possible to use e.g. csrf
with WebTestClient
in a servlet environment via this workaround:
val webTestClient = MockMvcWebTestClient.bindToApplicationContext(webApplicationContext)
.apply(SecurityMockMvcConfigurers.springSecurity())
.defaultRequest(MockMvcRequestBuilders.get("/").with(SecurityMockMvcRequestPostProcessors.csrf()))
.configureClient()
.build()
If an exception is thrown proactively during WebTestClient
setup would that mean that this code will not work anymore and all tests would have to be reverted back to using MockMvc
directly?
Thanks @mengelbrecht, that's definitely worth exploring. I'm less familiar with the test infrastructure, so thanks for pointing that out!
spring-boot-2.6.3
I'm migrating my
MockMvc
tests toWebTestClient
, for having all my tests using the same underlying API.The following example project shows that authenticating on the
/login
page works withMockMvc
, but does not withWebTestClient
. In real world, I'm testing a ldap security configuration, but the issue is reproducible even with in-memory authentication.This is a result result of https://github.com/spring-projects/spring-boot/issues/29825 (see the issue also for a full sample project attached)
I assume this is a bug, as authentication with
MockMvc
works flawless, andWebTestClient
does not.Tests:
Source: