Search code examples
springspring-bootspring-securityspring-test

How to disable crsf protection in @WebFluxTest?


Why am I receiving a 403 FORBIDDEN for the following test?

@RestController
public class MyServlet {
    @PostMapping("/")
    public Mono<String> accept(Authentication authentication) {}
}


@WebFluxTest(MyServlet.class)
@WithMockUser
public class MyServletTest {
    @Autowired
    private WebTestClient webClient;

    @Test
    public void test() {
        webClient.post().url("/")
            .exchange()
            .expectStatus().isOk();
    }
}

Result:

java.lang.AssertionError: Status expected:<200 OK> but was:<403 FORBIDDEN>

> POST /
> WebTestClient-Request-Id: [1]
> Content-Type: [application/json]

No content

< 403 FORBIDDEN Forbidden
< Content-Type: [text/plain]
< Cache-Control: [no-cache, no-store, max-age=0, must-revalidate]
< Pragma: [no-cache]
< Expires: [0]
< X-Content-Type-Options: [nosniff]
< X-Frame-Options: [DENY]
< X-XSS-Protection: [1 ; mode=block]
< Referrer-Policy: [no-referrer]

CSRF Token has been associated to this client

As far as I know, @WebFluxTest disables csrf. So why is it complaining?


Solution

  • webClient.mutateWith(SecurityMockServerConfigurers.csrf()).post()...;