spring-security-oauth2-test

This library is helpful for integration test based on spring security, especially oauth2 for resource server, works with MockMvc.

It enhanced spring-security-test by mock an OAuth2 client or on behalf of user.

Attach Map-based claims to mocked user as authentication details, the claims can be extracted from bearer jwt token.

Note: Most code came from the open network. I refactor and enhanced the code, then we have this java-library.

Features

• @WithMockOAuth2Client
• @WithMockOAuth2User
  • mock an oauth2 user, attach claims to OAuth2Authentication details
• @AttachClaims
  • attach Map-based claims to current authentication, should work with @WithMockUser
• @WithMockUserAndClaims
  • enhanced @WithMockUser, attach Map-based claims as authentication details
  • equal to @WithMockUser + @AttachClaims
• @WithToken
  • add bearer token to request header to extract a PreAuthenticatedAuthenticationToken, load existing OAuth2Authentication from SecurityContext
  • require @MockTokenServices on test class
• @ResourcesNonStateless
  • allow non token-based authentication to access oauth2 resources

How to use

Step 1. Add the JitPack repository to your build file

allprojects {
    repositories {
        ...
        maven { url 'https://jitpack.io' }
    }
}

Step 2. Add the dependency

dependencies {
    implementation 'com.github.ahunigel:spring-security-oauth2-test:{version}'
}

Refer to https://jitpack.io/#ahunigel/spring-security-oauth2-test for details.

Step 3. Write tests

@WithMockOAuth2User(
    client = @WithMockOAuth2Client(
      clientId = "custom-client",
      scope = {"custom-scope", "other-scope"},
      authorities = {"custom-authority", "ROLE_CUSTOM_CLIENT"}),
    user = @WithMockUser(
      username = "custom-username",
      authorities = {"custom-user-authority"}),
    claims = @AttachClaims({
      @Claim(name = "user_id", value = "6", type = Long.class),
      @Claim(name = "role_id", value = "1"),
      @Claim(name = "is_social_user", value = "false")
    })
)

or

@AttachClaims(value = {
    @Claim(name = "user_id", value = "6", type = Long.class),
    @Claim(name = "role_id", value = "1"),
    @Claim(name = "is_social_user", value = "false")},
    claims = {"email:ahunigel@gmail.com", "user_name=ahunigel"}
)
@WithMockUser()

or

@WithMockUserAndClaims(
    @AttachClaims(value = {
        @Claim(name = "user_id", value = "6", type = Long.class),
        @Claim(name = "role_id", value = "1"),
        @Claim(name = "is_social_user", value = "false")},
        claims = {"email:ahunigel@gmail.com", "user_name=ahunigel"}
    )
)

References

• How to get @WebMvcTest work with OAuth?
• Faking OAuth2 Single Sign-on in Spring
• @WithSecurityContext
• Spring MVC Test Integration
• OAuth2 Autoconfig
• Retrieve User Information in Spring Security
• Spring Security OAuth
• Use @WithMockUser with @SpringBootTest inside an oAuth2 Resource Server Application

See Also

• springkit-bom
• spring-security-oauth2-test
• spring-toolkit
• spring-test-toolkit

TODOs

• Attach claims for @WithMockOAuth2Client/@WithMockOAuth2User via @AttachClaims
• Migrate Spring Security OAuth 2.x application to Spring Security 5.2
• Add support for RestTemplate
• Add unit test