question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Spring Security Test 4.1.0 changes the order of `WithSecurityContextTestExecutionListener`

See original GitHub issue

I updated an app I develop to Spring Boot 1.4.0.RC1.

Since the update to Spring Security Test 4.1.0 the order of WithSecurityContextTestExecutionListener is now implemented with the Ordered interface instead of @Order, see https://github.com/spring-projects/spring-security/issues/2933.

I understand the order did not work as intended before this bugfix. But now that it is evaluated the behaviour of some of my tests changes so they break. SqlScriptsTestExecutionListener has a priority of 5000, so it is executed after the security listener. I load the Spring Security users into the database via @Sql and set them on test methods via @WithUserDetails, but this is now broken because the SQL files are not evaluated yet (so I get a UsernameNotFoundException).

I’m not sure where to report this, I guess this is not a bug or a question. But maybe it helps other people to understand this problem as well. For now I don’t have a good migration solution to circumvent this.

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:6 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
FrontierPsychiatristcommented, Jul 7, 2016

Can confirm it works now.

0reactions
rwinchcommented, Jul 7, 2016

@FrontierPsychiatrist Just as an FYI, Spring Security 4.1.1.RELEASE is available in Maven Central and resolves this.

Read more comments on GitHub >

github_iconTop Results From Across the Web

17.1 Testing Method Security - Spring
Spring Security hooks into Spring Test support using the WithSecurityContextTestExecutionListener which will ensure our tests are ran with the correct user.
Read more >
Issue with @WithUserDetails and spring boot 1.4 ...
@WithUserDetails is supported by the Spring Security's WithSecurityContextTestExecutionListener which will never run after a @Before method.
Read more >
Spring Security Test - Maven Repository
Spring Security Test. Spring Security. License, Apache 2.0. Tags, securityspringtesting ... Jul 07, 2016. 4.1.0.RELEASE · Central.
Read more >
Spring Security for Spring Boot Integration Tests | Baeldung
In addition, we'll bring in spring-security-test in order to get access to the @WithMockUser annotation that we'll be using.
Read more >
Search Results - CVE
Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found