Disable Spring Security Config Class for @Webmvctest in Spring Boot

Disable Spring Security config class for @WebMvcTest in Spring Boot

You can set secure=false in the @WebMvcTest annoation.
It will skip the spring security MockMvc auto configuration in your Test

@WebMvcTest(controllers = SomeController.class, secure = false)
public class SomeControllerTest {

Note by the author:
As of 2021, this answer has been obsolete for a few years and it probably won't work for you.

Spring Boot 2.1 - @WebMvcTest without Spring Security Auto-Configuration

Yes, rather than working around the fact the flag is deprecated, you should embrace the fact that this is going in that direction going forward.

As of Spring Boot 2.1, if you have Spring Security, your tests will be secured using your custom configuration. What is the actual problem with that?

If you don't want to authenticate for certain tests, just use Spring Security's test infrastructure and add @WithMockUser.

Spring Boot: Disable security for Spring Boot Unit Test

Using both @SpringBootTest with a random port and @AutoConfiguration might be an issue.
Can you try:

@RunWith(SpringRunner.class)
@WebMvcTest(App.class)
@AutoConfigureMockMvc(secure = false)
public class ExampleTest{}

or

@RunWith(SpringRunner.class)
@SpringBootTest
@EnableAutoConfiguration(exclude = { SecurityAutoConfiguration.class, ManagementSecurityAutoConfiguration.class })
public class ExampleTest{}

You can event add a custom profile(integration_test) and make:

security:
      basic:
        enabled: false

@RunWith(SpringRunner.class)
@SpringBootTest
@ActiveProfiles(value="integration_test")
public class ExampleTest{}

Update: Just found similar answer already in another SO question : Disable security for unit tests with spring boot

Disable security for unit tests with spring boot

FmpdfApplication is likely annotated with @EnableAutoConfiguration (or with @SpringBootApplication which is meta-annotated with @EnableAutoConfiguration), and this will lead to Spring Security being picked up and configured via auto-configuration.

If you want to see what's being auto-configured, launch your web app and access the autoconfig endpoint (e.g., http://localhost:8080/autoconfig). Then search for 'Security' to see which 'AutoConfiguration' classes are being detected.

You can then disable auto-configuration of security by excluding those classes like this:

@EnableAutoConfiguration(exclude = { SecurityAutoConfiguration.class, ManagementSecurityAutoConfiguration.class })

Of course, you won't want to exclude them for production deployments. Thus you'll need to have a separate @Configuration class for production and tests.

Regards,

Sam

p.s. You might also find my answer to the following question useful as well: Spring-Boot module based integration testing

Spring Boot 2.2.4 - disable security

I found a working solution in the spring boot github issues.

Disable security for the entire application:

@SpringBootApplication ( exclude = {SecurityAutoConfiguration.class} )
@Import(MySecurityConfiguration.class)
public class MyApplication{
 }

... and enable via parameter in the security configuration:

@Configuration
@ConditionalOnProperty (  "my.security.enabled" )
@Import ( SecurityAutoConfiguration.class 
public class MySecurityConfiguration extends WebSecurityConfigurerAdapter {

}

Source: https://github.com/spring-projects/spring-boot/issues/12323#issuecomment-370519882

---

Related Topics