I’m a bit confused whether this tool supports Spring Security. Here it says it supports Spring Boot and Spring Security Config, but I’m unable to generate meaningful tests for Spring Security-specific code.
Hi @johnmarston
Thanks for getting in touch.
Are you able to share details of the code you are aiming to write tests for?
If you’re able to send any sample code, the tests that are created and the relevant support log file, that will help us to gain a better understanding of what you are seeing.
Best regards
Peter Sear @ Diffblue
Here’s the code
@Configuration
@EnableWebSecurity
public class AuthorizeUrlsSecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authorizeHttpRequests) ->
authorizeHttpRequests
.requestMatchers("/admin/**").hasRole("ADMIN")
.requestMatchers("/**").hasRole("USER")
)
.formLogin(withDefaults());
return http.build();
}
}
@Controller
public class HomeController {
@GetMapping("/admin")
public String admin() {
return SecurityContextHolder.getContext().getAuthentication().getName();
}
@GetMapping("/user")
public String user() {
return SecurityContextHolder.getContext().getAuthentication().getName();
}
}
Here are the generated tests.
class HomeControllerDiffblueTest {
/**
* Method under test: {@link HomeController#admin()}
*/
@Test
@Disabled("TODO: Complete this test")
void testAdmin() {
// TODO: Complete this test.
// Reason: R013 No inputs found that don't throw a trivial exception.
// Diffblue Cover tried to run the arrange/act section, but the method under
// test threw
// jakarta.servlet.ServletException: Request processing failed: java.lang.NullPointerException: Cannot invoke "org.springframework.security.core.Authentication.getName()" because the return value of "org.springframework.security.core.context.SecurityContext.getAuthentication()" is null
// at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564)
// at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
// java.lang.NullPointerException: Cannot invoke "org.springframework.security.core.Authentication.getName()" because the return value of "org.springframework.security.core.context.SecurityContext.getAuthentication()" is null
// at com.example.ssiach16ex1.controllers.HomeController.admin(HomeController.java:13)
// at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564)
// at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
// See https://diff.blue/R013 to resolve this issue.
(new HomeController()).admin();
}
/**
* Method under test: {@link HomeController#user()}
*/
@Test
@Disabled("TODO: Complete this test")
void testUser() {
// TODO: Complete this test.
// Reason: R013 No inputs found that don't throw a trivial exception.
// Diffblue Cover tried to run the arrange/act section, but the method under
// test threw
// jakarta.servlet.ServletException: Request processing failed: java.lang.NullPointerException: Cannot invoke "org.springframework.security.core.Authentication.getName()" because the return value of "org.springframework.security.core.context.SecurityContext.getAuthentication()" is null
// at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564)
// at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
// java.lang.NullPointerException: Cannot invoke "org.springframework.security.core.Authentication.getName()" because the return value of "org.springframework.security.core.context.SecurityContext.getAuthentication()" is null
// at com.example.ssiach16ex1.controllers.HomeController.user(HomeController.java:19)
// at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564)
// at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
// See https://diff.blue/R013 to resolve this issue.
(new HomeController()).user();
}
}
And here is the log
support-20231208T010405.log (81.4 KB)