home
개발
//
home
//
🚋

Spring SecurityFilterChain 사용시 WebMvcTest 실패 해결 방법

Created
2022/07/31
Tags
SpringBoot
SpringSecurity
WebMvcTest
2022-07-31 @이영훈
Spring Security 5.7.0-M2 버전부터 WebSecurityConfigurerAdapter가 Deprecated 되었습니다. (해당 내용)
In Spring Security 5.7.0-M2 we deprecated the WebSecurityConfigurerAdapter, as we encourage users to move towards a component-based security configuration.
WebSecurityConfigurerAdapter 가 deprecated 되었고, component 기반의 설정으로 변경할 것을 권장한다고 되어있습니다.
스프링부트 2.7 버전에서 Spring Security 5.7으로 upgrade 하면서 해당 내용이 포함되었습니다.
Spring Boot 2.7 Release Notes · spring-projects/spring-boot Wiki
Test property sources added by @SpringBootTest using either the properties attribute or the @TestPropertySource annotation are now added above the command line property source. If you are in the unlikely situation of having a @SpringBootTest that uses both properties and args (and with the same property name), you may need to change things around.
https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.7-Release-Notes#migrating-from-websecurityconfigureradapter-to-securityfilterchain

SecurityFilterChain으로 migration guide 공식 문서

WebSecurityConfigurerAdapter 에서 컴포넌트 방법으로 변경 후 테스트 코드를 @WebMvcTest 에서 실패가 뜹니다.
스프링부트 깃헙 위키에 migration guide가 소개되어 있습니다.
Spring Boot 2.7 Release Notes · spring-projects/spring-boot Wiki
Test property sources added by @SpringBootTest using either the properties attribute or the @TestPropertySource annotation are now added above the command line property source. If you are in the unlikely situation of having a @SpringBootTest that uses both properties and args (and with the same property name), you may need to change things around.
https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.7-Release-Notes#migrating-from-websecurityconfigureradapter-to-securityfilterchain
"How-to" Guides
Spring Boot has no mandatory logging dependency, except for the Commons Logging API, which is typically provided by Spring Framework's spring-jcl module. To use Logback, you need to include it and spring-jcl on the classpath. The recommended way to do that is through the starters, which all depend on spring-boot-starter-logging.
https://docs.spring.io/spring-boot/docs/2.7.x/reference/html/howto.html#howto.testing.slice-tests
Migrating From WebSecurityConfigurerAdapter to SecurityFilterChain 내용을 보면
When configuring Spring Security without WebSecurityConfigurerAdapter and using Spring Boot’s sliced tests such as @WebMvcTest, you may need to make some changes to your application to make your SecurityFilterChain beans available to your tests by @Import ing your security configuration class. See the reference documentation for further details.

WebMvcTest 테스트 오류 해결

다음과 같은 SecurityFilterChain 컴포넌트로 만든 Security 설정이 있습니다.
@Configuration class WebSecurityConfig { @Bean fun filterChain(http: HttpSecurity): SecurityFilterChain { http.cors() .and() .csrf().disable() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .exceptionHandling() return http.build() } }
Kotlin
복사
WebMvcTest에서 위에서 만든 Spring Security 설정을 import 합니다.
@WebMvcTest(HealthController::class) @Import(WebSecurityConfig::class) // ⭐️ WebSecurityConfig를 import 했습니다. internal class HealthControllerTest { @Autowired private lateinit var mockMvc: MockMvc @Test fun `test ping`() { mockMvc.perform( get("/").contentType(MediaType.APPLICATION_JSON) ) .andExpect(status().isOk) .andExpect(jsonPath("$.message").value("Hello World")) } }
Kotlin
복사