thymeleaf - Spring security DefaultMethodSecurityExpressionHandler bean is not registered for Integration Test's default spring security config -

i attempting write spring mvc integration test spring security , thymeleaf view layer.

i have setup mockmvc object spring security integration examples documentation.

integration test setup:

import static org.springframework.security.test.web.servlet.setup.securitymockmvcconfigurers.*; import static org.springframework.security.test.web.servlet.request.securitymockmvcrequestpostprocessors.*; import static org.springframework.security.test.web.servlet.request.securitymockmvcrequestbuilders.*; import static org.springframework.security.test.web.servlet.response.securitymockmvcresultmatchers.*; import static org.springframework.test.web.servlet.request.mockmvcrequestbuilders.*; import static org.springframework.test.web.servlet.result.mockmvcresultmatchers.*; import static org.springframework.test.web.servlet.result.mockmvcresulthandlers.*;      @autowired      private webapplicationcontext webapplicationcontext;      private mockmvc mockmvc;      @before     public void setup() {          mockmvc = mockmvcbuilders                 .webappcontextsetup(webapplicationcontext)                 //.defaultrequest(get("/").with(user(someuser)))                 .apply(springsecurity())                 .build();     }

thymeleaf configured utilize springsecuritydialect. (thymeleaf-extras-springsecurity4)

 additionaldialects.add( new springsecuritydialect());

for purpose of being able utilize spring security expressions in view layer (example).

<p sec:authorize="hasrole('role_user')"> user logged in</p>

now configuration works fine outside of testing however, when try make integration test thymeleaf throws exception stating

(org.thymeleaf.extras.springsecurity4.auth.authutils.class)

@suppresswarnings("unchecked") private static securityexpressionhandler<filterinvocation> getexpressionhandler(final servletcontext servletcontext) {      final applicationcontext ctx =             webapplicationcontextutils.getrequiredwebapplicationcontext(servletcontext);      final map<string, securityexpressionhandler> expressionhandlers =             ctx.getbeansoftype(securityexpressionhandler.class);      (securityexpressionhandler handler : expressionhandlers.values()) {         if (filterinvocation.class.equals(generictyperesolver.resolvetypeargument(handler.getclass(), securityexpressionhandler.class))) {             return handler;         }     }      throw new templateprocessingexception(             "no visible securityexpressionhandler instance found in application " +             "context. there must @ least 1 in order support expressions in spring security " +             "authorization queries.");

this exception valid because securityexpressionhandler.class missing application context during integration test.

so question is... how come securityexpressionhandler.class registered spring bean in regular servlet environment when using integration test config ctx.getbeansoftype(securityexpressionhandler.class) missing context? bug in spring security? or need add additional logic register securityexpressionhandler bean integration test only?

i tried "force create" securityexpressionhandler extending globalmethodsecurityconfiguration , @overriding createexpressionhandler() , adding test config still bean not registered webapplicationcontext.

this blocker me right because cannot perform integration testing on view file contains spring security expressions embedded inside them.

spring v4.1.6 spring security 4.0.1 thymeleaf v2.1.4

if loading webapplicationcontext test using @contexthierarchy, not work spring framework 4.1.4 through 4.1.6 due confirmed bug fixed in 4.1.7.

see spr-13075 details.

Abdulaziz

Search This Blog

thymeleaf - Spring security DefaultMethodSecurityExpressionHandler bean is not registered for Integration Test's default spring security config -

Comments

Post a Comment