unit-test-security-authorization

Solid

Provides patterns for unit testing Spring Security with `@PreAuthorize`, `@Secured`, `@RolesAllowed`. Validates role-based access control and authorization policies. Use when testing security configurations and access control logic.

Testing & QA 261 stars 29 forks Updated 1 weeks ago MIT

Install

View on GitHub

Quality Score: 89/100

Stars 20%
81
Recency 20%
90
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Unit Testing Security and Authorization ## Overview This skill provides patterns for unit testing Spring Security authorization logic using `@PreAuthorize`, `@Secured`, `@RolesAllowed`, and custom permission evaluators. It covers testing role-based access control (RBAC), expression-based authorization, custom permission evaluators, and verifying access denied scenarios without full Spring Security context. ## When to Use Use this skill when: - Testing `@PreAuthorize` and `@Secured` method-level security - Testing role-based access control (RBAC) - Testing custom permission evaluators - Verifying access denied scenarios - Testing authorization with authenticated principals - Want fast authorization tests without full Spring Security context ## Instructions Follow these steps to test Spring Security authorization: ### 1. Set Up Security Testing Dependencies Add spring-security-test to your test dependencies: ```xml <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> ``` ### 2. Enable Method Security in Test Configuration ```java @Configuration @EnableMethodSecurity class TestSecurityConfig { } ``` ### 3. Test with `@WithMockUser` ```java @Test @WithMockUser(roles = "ADMIN") void shouldAllowAdminAccess() { assertThatCode(() -> service.deleteUser(1L)) .doesNotThrowAnyException(); } @Test @WithMockUser(roles = "USER") void shouldDenyUserAccess() { assertThatThrownBy(...

Details

Author
giuseppe-trisciuoglio
Repository
giuseppe-trisciuoglio/developer-kit
Created
7 months ago
Last Updated
1 weeks ago
Language
Python
License
MIT

Integrates with

LangChain · AI

Similar Skills

Semantically similar based on skill content — not just same category

Testing & QA Listed

testing-patterns

Backend testing patterns with JUnit 6, Mockito 6, Testcontainers 2.0, Spring Boot slice tests, RestTestClient, and security testing. Use when user mentions testing, coverage, TDD, integration tests, or "write tests for".

0 Updated today
IuliaIvanaPatras
API & Backend Listed

spring-security

Spring Boot security review — Spring Security config (SecurityFilterChain), OAuth2/OIDC client and resource-server, method-level @PreAuthorize, JWT validation, actuator endpoint lockdown, CSRF model for web vs API, and recent Spring CVE patterns (Spring4Shell, SpEL injection, authorization bypasses).

4 Updated 1 weeks ago
roodlicht
AI & Automation Solid

304-frameworks-spring-boot-security

Use when you need to design, review, or improve security in Spring Boot applications — including SecurityFilterChain, OAuth2/JWT resource server patterns, form login basics, method security (@PreAuthorize), CSRF and CORS for APIs, session fixation, security headers, exception handling, password encoding, and sensitive-data-safe logging. This should trigger for requests such as Add Spring Boot security support; Review Spring Boot security configuration; Improve API authorization in Spring Boot; Add JWT resource server security in Spring Boot; Harden Spring Boot security headers and CSRF settings. Part of cursor-rules-java project

393 Updated today
jabrena
Testing & QA Solid

unit-test-config-properties

Provides patterns for unit testing `@ConfigurationProperties` classes with `@ConfigurationPropertiesTest`. Validates property binding, tests validation constraints, verifies default values, checks type conversions, and mocks property sources for Spring Boot configuration properties. Use when testing application configuration binding, validating YAML or application.properties files, verifying environment-specific settings, or testing nested property structures.

261 Updated 1 weeks ago
giuseppe-trisciuoglio
Testing & QA Solid

321-frameworks-spring-boot-testing-unit-tests

Use when you need to write unit tests for Spring Boot applications — including pure unit tests with @ExtendWith(MockitoExtension.class) for @Service/@Component, slice tests with @WebMvcTest and @MockitoBean for controllers, @JsonTest for JSON serialization, parameterized tests with @CsvSource/@MethodSource, test profiles, and @TestConfiguration. For framework-agnostic Java use @131-java-testing-unit-testing. For integration tests use @322-frameworks-spring-boot-testing-integration-tests. Part of the skills-for-java project

393 Updated today
jabrena