[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"question-spring-test-kak-testirovat-spring-security":3},{"id":4,"slug":5,"topicId":6,"topicSlug":7,"topicName":8,"topicEmoji":9,"question":10,"answer":11,"codeLang":12,"codeSrc":12,"important":12,"commonMistakes":12,"modernUsage":12,"difficulty":13,"tags":14,"related":15,"progress":16,"seo":17},711,"kak-testirovat-spring-security",16,"spring-test","Spring Test","🧪","Как тестировать Spring Security?","Spring Security предоставляет модуль `spring-security-test` с инструментами для тестирования аутентификации и авторизации.\n\n### Зависимость\n\n```xml\n\u003Cdependency>\n    \u003CgroupId>org.springframework.security\u003C\u002FgroupId>\n    \u003CartifactId>spring-security-test\u003C\u002FartifactId>\n    \u003Cscope>test\u003C\u002Fscope>\n\u003C\u002Fdependency>\n```\n\n### WithMockUser — эмуляция аутентифицированного пользователя\n\n```java\n@WebMvcTest(UserController.class)\nclass SecuredControllerTest {\n\n    @Autowired\n    private MockMvc mockMvc;\n\n    @MockBean\n    private UserService userService;\n\n    @Test\n    @WithMockUser(username = \"admin\", roles = {\"ADMIN\"})\n    void adminShouldAccessAdminEndpoint() throws Exception {\n        mockMvc.perform(get(\"\u002Fapi\u002Fadmin\u002Fusers\"))\n            .andExpect(status().isOk());\n    }\n\n    @Test\n    @WithMockUser(username = \"user\", roles = {\"USER\"})\n    void regularUserShouldNotAccessAdminEndpoint() throws Exception {\n        mockMvc.perform(get(\"\u002Fapi\u002Fadmin\u002Fusers\"))\n            .andExpect(status().isForbidden());\n    }\n\n    @Test\n    void anonymousUserShouldGetUnauthorized() throws Exception {\n        mockMvc.perform(get(\"\u002Fapi\u002Fadmin\u002Fusers\"))\n            .andExpect(status().isUnauthorized());\n    }\n}\n```\n\n### SecurityMockMvcRequestPostProcessors — настройка безопасности в запросе\n\n```java\nimport static org.springframework.security.test.web.servlet.request\n    .SecurityMockMvcRequestPostProcessors.*;\n\n@Test\nvoid shouldAuthenticateWithCsrf() throws Exception {\n    mockMvc.perform(post(\"\u002Fapi\u002Fusers\")\n            .with(csrf())\n            .with(user(\"admin\").roles(\"ADMIN\"))\n            .contentType(MediaType.APPLICATION_JSON)\n            .content(\"{\\\"name\\\": \\\"Иван\\\"}\"))\n        .andExpect(status().isCreated());\n}\n\n@Test\nvoid shouldAuthenticateWithHttpBasic() throws Exception {\n    mockMvc.perform(get(\"\u002Fapi\u002Fusers\")\n            .with(httpBasic(\"user\", \"password\")))\n        .andExpect(status().isOk());\n}\n```\n\n### Кастомная аннотация для повторяющихся сценариев\n\n```java\n@Retention(RetentionPolicy.RUNTIME)\n@WithMockUser(username = \"admin\", roles = {\"ADMIN\"})\npublic @interface WithAdmin {}\n\n@Retention(RetentionPolicy.RUNTIME)\n@WithMockUser(username = \"user\", roles = {\"USER\"})\npublic @interface WithRegularUser {}\n\n\u002F\u002F Использование\n@Test\n@WithAdmin\nvoid shouldAccessAsAdmin() throws Exception {\n    mockMvc.perform(get(\"\u002Fapi\u002Fadmin\u002Fdashboard\"))\n        .andExpect(status().isOk());\n}\n```\n\n### Интеграционный тест с TestRestTemplate\n\n```java\n@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)\nclass SecurityIntegrationTest {\n\n    @Autowired\n    private TestRestTemplate restTemplate;\n\n    @Test\n    void shouldReturnUnauthorizedWithoutCredentials() {\n        ResponseEntity\u003CString> response =\n            restTemplate.getForEntity(\"\u002Fapi\u002Fusers\", String.class);\n        assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());\n    }\n\n    @Test\n    void shouldReturnOkWithValidCredentials() {\n        ResponseEntity\u003CString> response = restTemplate\n            .withBasicAuth(\"admin\", \"password\")\n            .getForEntity(\"\u002Fapi\u002Fusers\", String.class);\n        assertEquals(HttpStatus.OK, response.getStatusCode());\n    }\n}\n```\n\n> **На собеседовании:** минимум, который нужно знать — `@WithMockUser` и `csrf()`. Частая ошибка — не добавить `.with(csrf())` при тестировании POST\u002FPUT\u002FDELETE-запросов, из-за чего тест падает с 403 Forbidden.","","middle",[7],[],null,{"title":18,"description":19,"ogTitle":18,"ogDescription":20,"keywords":21,"schemaAnswer":19,"featuredSnippetReady":22},"Как тестировать Spring Security? — Gymterview","Spring Security предоставляет модуль `spring-security-test` с инструментами для тестирования аутентификации и авторизации.","Spring Security предоставляет модуль `spring-security-test` с инструментами для тестирования аутентификации и авторизаци",[7,13],true]