Preview Spring Security Test: HtmlUnit

Engineering | Rob Winch | May 23, 2014 | ...

[callout title=Updated March 31 2015]This blog is outdated and no longer maintained. Please refer to the Test Section of the reference documentation for updated documentation. [/callout]

In my previous blog we explored how we can use the testing support with Spring MVC Test. We will now see how the same support works with Spring Test MVC HtmlUnit.

[callout title=Minimum Versions]The Spring Security testing support does not work with spring-test-mvc-htmlunit-1.0.0.M1.jar. Instead, you just use the latest snapshot. This is due to some slight modifications to allow Spring Security and the MockMvcHtmlUnitDriver to work together. [/callout]

Setting Up HtmlUnit and Spring Security

The setup for HtmlUnit and Spring Security integration is very similar to that of using Spring MVC Test and HtmlUnit. Below we highlight the differences:

@ContextConfiguration(classes = {WebMvcConfig.class, WebSecurityConfig.class, MockDataConfig.class})
public class MockMvcHtmlUnitCreateMessageTest {
  private Filter springSecurityFilterChain;

  private WebApplicationContext context;

  private WebClient webClient;

  public void setup() {
      MockMvc mockMvc = MockMvcBuilders
      driver = new MockMvcHtmlUnitDriver(mockMvc, true);

[callout title=Source Code]You can find the complete source code for this blog on github [/callout]

  • The first difference is to ensure we add our Security configuration, WebSecurityConfig, to the @ContextConfiguration
  • The next difference is to ensure to add the WithSecurityContextTestExcecutionListener just as we did when testing method based security.
  • We then need to use a Spring Security WithSecurityContext annotation. In this instance we used @WithMockUser, but any of the annotations used in the method security section can be leveraged.
  • We need to get the springSecurityFilterChain and add it to the MockMvcBuilders filters.

Now we can run our tests assuming we are authenticated with the username "user" and the role "ROLE_USER". Of course, just as we did in method security, we could easily change the annotation to reflect the user we want to run as.

Without needing to explicitly authenticate before our tests we can be sure to isolate our tests more easily. By simply running as a user we drastically simplify testing (this is especially true when authentication is complex like a SSO workflow). We also drastically speed up our tests by eliminating the need to actually authenticate. What's more, we can integrate Spring Security Test support with HtmlUnit/WebDriver or HtmlUnit/Geb using the same steps outlined above.


We have now gone over how Spring Security Testing support can make testing of method security, web security, and HtmlUnit based testing easier. We hope you enjoyed this blog series.

If you have feedback on this blog series or the Spring Security Test support, I encourage you to reach out via JIRA, via the comments section, or ping me on twitter @rob_winch. Of course the best feedback comes in the form of contributions.

Get the Spring newsletter

Thank you!

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all