Fork me on GitHub

Using Spring Security in integration tests

Setup the testing environment to use your application context

Running Integration tests requires a bit more configuration, especially when you need setups for third-party software like Liquibase for database migrations.

The code

To leverage existing configuration, Spring 4.2 provides a set of annotations that will bootstrap the test into a running Spring application.

Given you have a very simple controller that’s secured with an SpEL expression:

@RequestMapping(path = "/exampleRoute")
public class PrivateMessageController {
    * Returns a String "Hello" if the user has the role `USER`.
    * Fails if the user is unauthenticated.
    @RequestMapping(method = RequestMethod.GET)
    public String sayHello() {
        return "Hello!";

To test this behaviour, Spring Security needs to be set up for each test. We can do this by putting some annotations on the test class, which will be picked up by SpringJUnit4ClassRunner on test execution. The next step is to inject the WebApplicationContext and configure it. I do it here in a method annotated with @Before.

@SpringApplicationConfiguration(classes = MyApplication.class)
public class MyExampleIntegrationTest {
    private WebApplicationContext wac;
    private MockMvc mockMvc;
    public void setupMockMvc() {
        this.mockMvc = MockMvcBuilders
            // The important bit
    * We can now perform http-requests through the `mockMvc`
    * which will execute the endpoints on the application.
    * The example below expects HTTP status 401 (`Unauthorized`)
    public void unauthorizedAccessIsntAThing() throws Exception {

Running the test will result in a fully bootstrapped application. All properties will be picked up and mockMvc is at your service.

It’s a very convenient method to interact with the application for testing reasons.

No Comments