I'm pleased to announce the release of Spring Security 3.2.4. This release includes a number of bug fixes. To view a list of changes see the changelog.

Reference | Javadoc | Guides

[callout title=Updated March 31 2015]This blog is outdated and no longer maintained. Please refer to the Test Section of the reference documentation for updated documentation. [/callout]

On Monday I announced the release of Spring Security 4.0.0.M1. This is the first of a three part blog series introducing the Spring Security Testing support. The series outline can be seen below:

• In this post we will discuss how spring-security-test makes method based security testing easier
• Our second post will demonstrate how to use spring-security-test with Spring MVC Test
• Our final post will demonstrate how to use spring-security-test with Spring Test MVC HtmlUnit
…

I'm pleased to announce the release of Spring Security 4.0.0.M1 available in the Spring Milestone repository. The primary component of this first milestone is testing support. Stay tuned to the spring.io blog for a blog series introducing the test support. If you can't wait to try it out, see the tests in the showcase package which demonstrate some of the highlights.

Reference | Javadoc | Guides

In my third post I discussed how to use WebDriver to make designing our tests easier with the Page Object Pattern. In this post, I'm going to discuss how to use Geb to make our testing with MockMvc more Groovy.

Why Geb and MockMvc

Geb is backed by WebDriver, so it offers many of the same benefits we got from WebDriver. However, Geb makes things even easier by taking care of some of the boiler plate code for us. Of course we want to use MockMvc so that we do no need to deploy our code to a server. The easiest way to understand the benefits of using Geb is to jump into an example.

NOTE: Another great feature of Geb is its exceptional documentation…

Spring Security 3.2.3 has been released and is now available from Maven Central. This release brings a number of bug fixes including:

• A fix to Java Configuration to work with Spring Boot. See SEC-2531
• A fix to Java Configuration that when CSRF protection is disabled allows remembering the last page prior to authenticating when it is a POST to work with JSF. See SEC-2498

You can find additional details within the changelog .

In my second post I described how to use Spring MVC Test with HtmlUnit. In this post we will leverage additional abstractions within WebDriver to make things even easier.

Why WebDriver?

We can already use HtmlUnit and MockMvc, so why would we want to use WebDriver? WebDriver provides a very elegant API and allows us to easily organize our code. To better understand, let's explore an example.

NOTE Despite being a part of Selenium, WebDriver does not require a Selenium Server to run your tests.

Suppose we need to ensure that a message is created properly. The tests involve finding the html…

In my previous post I introduced Spring Test MVC HtmlUnit and explained the motivation behind the project. In this post I will describe how to use Spring MVC Test with HtmlUnit.

Updating Dependencies

Before you use the project, you must ensure to update your dependencies. Instructions for both Maven and Gradle can be found on the site documentation.

Using HtmlUnit

Now that we have the correct dependencies, we can use HtmlUnit in our unit tests. Our example assumes you already have JUnit as a dependency. If you have not added it, please update your classpath accordingly. The complete code sample for using HtmlUnit and Spring MVC Test can be found in MockMvcHtmlUnitCreateMessageTest…

On Monday I announced the release of the first milestone of Spring Test MVC HtmlUnit with the promise of a blog series that would introduce it. This is the first of a four part blog series introducing Spring Test MVC HtmlUnit. The series outline can be seen below:

• In this first post we will explore the motivation behind Spring Test MVC HtmlUnit.
• The second post will demonstrate how we can integrate Spring MVC Test and HtmlUnit.
• Our third post will demonstrate how we can integrate Spring MVC Test with WebDriver.
• Finally, we will demonstrate how we can integrate Spring MVC Test with Geb.

Why…

I'm pleased to announce the first milestone release of Spring Test MVC HtmlUnit.

The project’s aim is to provide integration between Spring MVC Test and HtmlUnit. This simplifies performing end to end testing when using HTML based views.

Stay tuned to the Spring Blog for a mini blog series introducing this exciting new library. If you can't wait to get your feet wet, refer to the project's Getting Started section on GitHub.

Spring Security 3.2.2 (change log) and 3.1.6 (change log) have been released and are available in Maven Central.

Among the highlights, these two releases resolve CVE-2014-0097 which allows a malicious user to impersonate a user with an empty password if ALL of the following hold true:

• The application is using ActiveDirectoryLdapAuthenticator
• The directory allows anonymous binds (not recommended)

NOTE: This does NOT impact users of LdapAuthenticationProvider or <ldap-authentication-provider>

For full details on the releases, please refer to the previously mentioned change logs.