I have created a Microservice using TDD with Spring Boot, and I have just enabled Spring Security in the application. As expected, the tests I currently have no longer pass.
One thing I would like to do is disable security for the tests I currently have so that they can pass (since I am
testing functionality, not the security). My plan is to create more tests that will exercise the security mechanisms that I will develop.
Looking at references in books and online (including questions answered in Stack Overflow) I learned about two methods to disable security in tests:
and
Both of these settings were identified in various Stack Overflow answers as being deprecated, but I tried them anyway.
Unfortunately, they didn't work. Apparently, in Version 2.2.1 of Spring Boot (the version I am using) secure isn't just deprecated, it is gone. Tests with the annotations using the "secure = false" parameter do not compile.
I did try setting a default user and password and using @WithMockUser, but the tests I have still break because Spring Security insists upon sending up the login page to tests that are specifically designed to only test the API. The only way I see to keep them working properly (without having to rewrite my entire test suite!) is to disable security for those specific tests. I want to be able to retain those tests that check the Controller's API and services, while writing new tests that engage with the security mechanisms.
Does Spring Boot still support a mechanism for disabling security for specific tests? If so, what is that mechanism?