Grails SpringSecurity Session testing

by | Dec 15, 2013 | Grails | 0 comments

Today I am going to explain Grails springSecurity Session testing. Let us make a controller and action that is mentioned below. Here I have made a controller named as UserController and a check action that will check for user authentication and I have made the domain class as User

import grails.plugins.springsecurity.Secured
@Secured('IS_AUTHENTICATED_FULLY')
class UserController{
def springSecurityService	
def check(){	
User user =springSecurityService.currentUser as User 
}

and now make IntegrationTest class in 

grails-app/test/integration

and Import IntegrationSpec, SpringSecurityutils,and RequestContextHolder
Here we have to define all Services that we have used in controller in Setup() and make a feature methods like def ‘test for checking user authentication'() {} here we could use character to define feature methods.

import grails.plugin.spock.IntegrationSpec
import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
import org.springframework.web.context.request.RequestContextHolder
class UserControllerIntegrationSpec extends IntegrationSpec
{	
User usercontroller	
def springsecurityService
def Setup()	
{	
usercontroller = new UserControllerName()                    	
usercontroller.SpringSecurityService = springsecurityService
}
def "test for checking user authentication"()
{ 
when:   		
springSecurityService.reauthenticate("username")  	                     		
then:
println "***********Hello test passed***********";
}
}

Now try to run the test-case,see what happens in console.Is it “Hello test passed” printed.

java.lang.NullPointerException: Cannot get property

Now think why, because at the controller it is defined @Secured(‘IS_AUTHENTICATED_FULLY’). So, the user who is logged in and having session provided by spring Security could access the controller,otherwise no. And if you will see in the above code you will find that I have not provided any session to user. Now change the code and add one more line in when field and run again.

RequestContextHolder.currentRequestAttributes().session.User

You will see that test got passed by printing.

***********Hello test passed***********

Here main thing is that if user is logged in than user is provided a session till user does not close his application and it is maintained by SpringSecurity plug-in.

By this process we could test the user session and user authentication