ITLoginTest.java

package net.petrikainulainen.springdata.jpa.web.security;

import com.github.springtestdbunit.annotation.DbUnitConfiguration;
import net.petrikainulainen.springdata.jpa.Users;
import net.petrikainulainen.springdata.jpa.config.ExampleApplicationContext;
import net.petrikainulainen.springdata.jpa.config.Profiles;
import net.petrikainulainen.springdata.jpa.web.ColumnSensingReplacementDataSetLoader;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestExecutionListeners;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.support.DependencyInjectionTestExecutionListener;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.context.WebApplicationContext;

import java.sql.SQLException;

import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

/**
 * @author Petri Kainulainen
 */
@RunWith(SpringJUnit4ClassRunner.class)
@ActiveProfiles(Profiles.INTEGRATION_TEST)
@ContextConfiguration(classes = {ExampleApplicationContext.class})
@DbUnitConfiguration(dataSetLoader = ColumnSensingReplacementDataSetLoader.class)
@TestExecutionListeners({DependencyInjectionTestExecutionListener.class,
        WithSecurityContextTestExecutionListener.class
})
@WebAppConfiguration
public class ITLoginTest {

    private static final String INVALID_PASSWORD = "invalidPassword";
    private static final String INVALID_USERNAME = "invalidUsername";

    private static final String PARAM_NAME_PASSWORD = "password";
    private static final String PARAM_NAME_USERNAME = "username";

    @Autowired
    private WebApplicationContext webAppContext;

    private MockMvc mockMvc;

    @Before
    public void setUp() throws SQLException {
        mockMvc = MockMvcBuilders.webAppContextSetup(webAppContext)
                .apply(springSecurity())
                .build();
    }

    @Test
    public void logIn_WhenUsernameIsIncorrect_ShouldReturnResponseStatusForbidden() throws Exception {
        mockMvc.perform(post("/api/login")
                        .contentType(MediaType.APPLICATION_FORM_URLENCODED)
                        .param(PARAM_NAME_USERNAME, INVALID_USERNAME)
                        .param(PARAM_NAME_PASSWORD, Users.USER.getPassword())
                        .with(csrf())
        )
                .andExpect(status().isForbidden());
    }

    @Test
    public void logIn_WhenPasswordIsIncorrect_ShouldReturnResponseStatusForbidden() throws Exception {
        mockMvc.perform(post("/api/login")
                        .contentType(MediaType.APPLICATION_FORM_URLENCODED)
                        .param(PARAM_NAME_USERNAME, Users.USER.getUsername())
                        .param(PARAM_NAME_PASSWORD, INVALID_PASSWORD)
                        .with(csrf())
        )
                .andExpect(status().isForbidden());
    }

    @Test
    public void logIn_WhenUsernameAndPasswordAreCorrect_ShouldReturnResponseStatusFound() throws Exception {
        mockMvc.perform(post("/api/login")
                .contentType(MediaType.APPLICATION_FORM_URLENCODED)
                .param(PARAM_NAME_USERNAME, Users.USER.getUsername())
                .param(PARAM_NAME_PASSWORD, Users.USER.getPassword())
                .with(csrf())
        )
                .andExpect(status().isFound());
    }

    @Test
    public void logIn_WhenUsernameAndPasswordAreCorrect_ShouldRedirectClientToControllerMethodThatReturnsAuthenticatedUser() throws Exception {
        mockMvc.perform(post("/api/login")
                        .contentType(MediaType.APPLICATION_FORM_URLENCODED)
                        .param(PARAM_NAME_USERNAME, Users.USER.getUsername())
                        .param(PARAM_NAME_PASSWORD, Users.USER.getPassword())
                        .with(csrf())
        )
                .andExpect(redirectedUrl("/api/authenticated-user"));
    }
}