18 Testing security configurations

 

This chapter covers

  • Testing integration with Spring Security configurations for endpoints
  • Defining mock users for tests
  • Testing integration with Spring Security for method-level security
  • Testing reactive Spring implementations

The legend says that writing unit and integration tests started with the following short verse:

99 little bugs in the code,

99 little bugs.

Track one down, patch it around,

There’s 113 little bugs in the code.

—Anonymous

With time, software became more complex, and teams became larger. Knowing all the functionalities implemented over time by others became impossible. Developers needed a way to make sure they didn’t break existing functionalities while correcting bugs or implementing new features.

While developing applications, we continuously write tests to validate that the functionalities we implement work as desired. The main reason why we write unit and integration tests is to ensure we don’t break existing functionalities when changing code to fix a bug or to implement new features. This is also called regression testing.

18.1 Using mock users for tests

18.2 Testing with users from a UserDetailsService

18.3 Using custom Authentication objects for testing

18.4 Testing method security

18.5 Testing authentication

18.6 Testing CSRF configurations

18.7 Testing CORS configurations

18.8 Testing reactive Spring Security implementations

Summary