Trying to do simple spring boot security test. I can pass the test only with deprecated NoOpPasswordEncoder in globalConfigure() method in SpringSecurityConfig.
it works fine, but is it possible get rid of deprecated NoOpPasswordEncoder?
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().anyRequest().fullyAuthenticated()
.antMatchers("/").permitAll()
.and()
.formLogin().defaultSuccessUrl("/", true)
.loginPage("/login").permitAll().and().logout().permitAll()
.and().httpBasic();
}
@SuppressWarnings("deprecated")
@Autowired
public void configureGlobal(AuthenticationManagerBuilder authBuilder) throws Exception{
authBuilder.inMemoryAuthentication()
.passwordEncoder(NoOpPasswordEncoder.getInstance())
.withUser("user").password("user").roles("USER")
.and()
.withUser("admin").password("admin").roles("USER", "ADMIN");
}
}
Testing spring security
@RunWith(SpringJUnit4ClassRunner.class)
@AutoConfigureMockMvc
@SpringBootTest
public class SpringSecurityConfigTest {
@Autowired
MockMvc mockMvc;
@Test
public void userIsAuthenticatedTest() throws Exception {
mockMvc.perform(formLogin().user("admin").password("admin"))
.andExpect(authenticated());
}
}
Aucun commentaire:
Enregistrer un commentaire