• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Paul Clapham
  • Rob Spoor
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Carey Brown

How to turn off Spring Security for specific JUnit tests

Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have created a Microservice using TDD with Spring Boot, and I have just enabled Spring Security in the application. As expected, the tests I currently have no longer pass.

One thing I would like to do is disable security for the tests I currently have so that they can pass (since I am testing functionality, not the security). My plan is to create more tests that will exercise the security mechanisms that I will develop.

Looking at references in books and online (including questions answered in Stack Overflow) I learned about two methods to disable security in tests:


Both of these settings were identified in various Stack Overflow answers as being deprecated, but I tried them anyway.

Unfortunately, they didn't work. Apparently, in Version 2.2.1 of Spring Boot (the version I am using) secure isn't just deprecated, it is gone. Tests with the annotations using the "secure = false" parameter do not compile.

I did try setting a default user and password and using @WithMockUser, but the tests I have still break because Spring Security insists upon sending up the login page to tests that are specifically designed to only test the API. The only way I see to keep them working properly (without having to rewrite my entire test suite!) is to disable security for those specific tests. I want to be able to retain those tests that check the Controller's API and services, while writing new tests that engage with the security mechanisms.

Does Spring Boot still support a mechanism for disabling security for specific tests? If so, what is that mechanism?
Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic