Challenge: Secure and Test an Auction Application with Spring Framework 6

In this module you'll create a JUnit test for the Item class.

File: src/test/java/com/pluralsight/auction/ItemTest.java

Task 1: Define Test Variables In the testItem method, define these variables:

• itemName: Set to "testItem".
• itemDescription: Set to "testDescription".
• itemSeller: Set to "testSeller".
• itemPrice: Set to 100.0.
• itemReserve: Set to 50.0.

Task 2: Instantiate the Item Using the variables from Task 1, instantiate an Item in the testItem method.

Task 3: Assert the Item's Properties In the testItem method, validate the Item's properties using assertEquals statements. Confirm that:

• The item's name matches itemName.
• The item's description matches itemDescription.
• The item's seller matches itemSeller.
• The item's price matches itemPrice.
• The item's reserve matches itemReserve.

Refer to the solution folder for answers.

Test the ItemRepository using Spring's DataJpaTest.

File: src/test/java/com/pluralsight/auction/ItemRepositoryTest.java

Task 1: Create a Test Item In the testSaveAndFind method, instantiate an Item with these parameters:

• Name: "testItem"
• Description: "testDescription"
• Seller: "testSeller"
• Price: 100.0
• Reserve: 50.0

Task 2: Save the Test Item Persist the Item instance using the save method of ItemRepository. Assign the result back to the item variable.

Task 3: Retrieve the Test Item Use the findById method of ItemRepository to retrieve the Item. The argument should be the ID of the saved item.

Task 4: Assert the Retrieved Item

• Use the assertTrue method to assert that the Optional<Item> is not empty.
• Assert that the retrieved item's name matches the original item's name using assertEquals.

Note: get method of Optional throws a NoSuchElementException if Optional is empty. Ensure Optional is not empty before using get.

Run the test using gradle test in the terminal. Refer to the solution folder for answers.

This module focuses on testing the ItemController class using MockMvc for HTTP requests and Mockito for mocking ItemRepository.

File: src/test/java/com/pluralsight/auction/ItemControllerTest.java

Task 1: Create Test Item and Configure Mock Behavior In the testListItems method, create a test Item and a List<Item> containing it. Configure ItemRepository to return this list when findAll is called.

Task 2: Perform Request and Assert Model Use MockMvc to perform a GET request to the root URL ("/"). Validate the response with andExpect to check:

• HTTP status is OK.
• View name is "index".
• Model contains an attribute named "items".
• The "items" attribute matches the defined list.

Task 3: Perform Request and Assert View In testListItemsView, set up the test item, list, and mock behavior as before. Perform a GET request to the root URL ("/"). This time, check:

• HTTP status and view name as before.
• Response content contains "Auction Items".
• Response content includes the test item's name, description, seller, and price.

After completing these tasks, you should have two functional tests for ItemController.

Run the test using gradle test in the terminal. Refer to the solution folder for answers.

Setup Spring Security for the application, including HTTP security, password encoding, and user details service.

File: src/main/java/com/pluralsight/auction/SecurityConfig.java

Task 1: HTTP Security Configuration Define a SecurityFilterChain bean in filterChain method, building a HttpSecurity instance that:

• Disables CSRF protection.
• Permits all requests to static resources and root URL ("/").
• Requires "ADMIN" role for "/admin" URL.
• Configures form-based login and logout with URLs "/login", "/login", and "/admin" respectively, permitting all requests.
• Sets logout request matcher to a new AntPathRequestMatcher for the "/logout" URL, permitting all requests.

Task 2: Password Encoder Configuration Define a PasswordEncoder bean in passwordEncoder method, returning a new BCryptPasswordEncoder instance.

Task 3: User Details Service Configuration Define a UserDetailsService bean in userDetailsService method, creating a UserDetails instance for an admin user with:

• Username: "admin"
• Password: "admin" (encoded with PasswordEncoder)
• Role: "ADMIN"

Return a new InMemoryUserDetailsManager with the admin user.

After these tasks, your application will be secured with Spring Security. Use gradle bootrun in the terminal to run the application. Open the Simple Browser in VS Code to view it. The solution is in the solution folder. If you have closed the Simple Web Browser you can reset the workspace by opening the Command Palette (Ctrl+Shift+P) and searching for Reset Workspace Layout.

Now test the AdminController class using MockMvc for HTTP requests, Mockito for mocking ItemRepository, and @WithMockUser to simulate a logged-in user.

File: src/test/java/com/pluralsight/auction/AdminControllerTest.java

Task 1: Set Up Test Environment Annotate AdminControllerTest class with @SpringBootTest and @AutoConfigureMockMvc. Define fields for MockMvc and ItemRepository, annotated with @Autowired and @MockBean respectively.

Task 2: Create a Test Item and Configure Mock Behavior In the testListItems method, create a test Item and a List<Item> containing it. Configure ItemRepository to return this list when findAll is called.

Task 3: Simulate a Logged-In User Annotate testListItems with @WithMockUser, setting username, password, and role to "admin", "admin", and "ADMIN" respectively.

Task 4: Perform Request and Assert Model Use MockMvc to perform a GET request to "/admin". Use andExpect to validate the response, checking:

• HTTP status is OK.
• View name is "admin".
• Model contains an attribute named "items".
• The "items" attribute matches the defined list.

After completing these tasks, you will have a working test for AdminController.

To run the tests, type gradle test in the terminal. Refer to the solution folder for answers.