I'm trying to test some oauth endpoints following this guide, http://engineering.pivotal.io/post/faking_oauth_sso/.
I created a method getOauthUserAuthentication()
which returns an oauth2 authentication object with principal 'vince' and authority 'ROLE_USER'.
Job newJob = jobRepository.save(job);
Authentication auth = getOauthUserAuthentication()
restMockMvc.perform(get("/api/jobs/{id}", newJob.getId())
.with(authentication(auth)))
.andExpect(status().isOk())
I set a break point inside the controller, and called SecurityContextHolder.getContext().getAuthentication()
returns an authentication object with principal anonymousUser
and authorities ROLE_ANONYMOUS
.
It seems the token is being created correctly, but isn't being propagated to security context created by mockMvc. What am I missing?
When running the tests, I had been invoking the profile associated with the the resource server config class I had created. When i removed the profile invocation from the active profiles annotation, the authentication object I was creating in the test started showing up in the controller. I believe that the security context created by the config class was overwriting the one created by mockMvc. since I wasn't sending a bearer token, the config class automatically created the anonymousUser principle.