Uploaded image for project: 'Spring Security'
  1. Spring Security
  2. SEC-2935

Security context held between multiple MVC requests in one test

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Complete
    • 4.0.0
    • 4.0.1
    • Test
    • None

    Description

      I'm using the new Spring Security test integration features in my Mock MVC tests and noticed that in tests where there are two MVC calls but with different Authentication, the Authentication set in the first MVC call is still present on the second MVC call.

      For example, the first call has only the required update permission and the second call has only the required read permission. The second still has the update permission and can't do the read.

      In order to work around this I created a ResultHandler that will call TestSecurityContext.clearContext().

      Attachments

        Issue Links

          Activity

            People

              rwinch Rob Winch
              dparrella Dan Parrella
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: