Guided: Secure and Test an Auction Application with Spring Framework 6

In this module, you will be learning how to write a simple JUnit test for the Item class. JUnit is a popular testing framework for Java, and it's an essential tool for any Java developer. The goal of this module is to help you understand how to create tests that validate the behavior of your code.

Relevant File: src/test/java/com/pluralsight/auction/ItemTest.java

Task 1: Define Test Variables

Let's start with defining some data that we'll use for testing. In the testItem method, create the following variables:

1. itemName: a String representing the name of the item. Set it to "testItem".
2. itemDescription: a String representing the item's description. Set it to "testDescription".
3. itemSeller: a String representing the seller's name. Set it to "testSeller".
4. itemPrice: a double representing the item's price. Set it to 100.0.
5. itemReserve: a double representing the item's reserve price. Set it to 50.0.

The purpose of these variables is to act as "test data". We will use them to create an instance of Item and check if the item's properties match these values.

Task 2: Instantiate the Item

Now that you have your test data, let's create an instance of Item. In the testItem method, instantiate an Item with the variables you defined in Task 1.

Remember, the constructor of the Item class should look something like this:

• Item(String name, String description, String seller, double price, double reserve).

Use the variables you defined earlier as arguments when creating the Item.

This Item instance will be the "system under test". It's the object that we're going to test in this module.

Task 3: Assert the Item's Properties

The final part is to validate that the Item's properties match the values we passed to it. We do this with assertions.

In the testItem method, write five assertEquals statements to verify that:

1. The item's name matches itemName.
2. The item's description matches itemDescription.
3. The item's seller matches itemSeller.
4. The item's price matches itemPrice.
5. The item's reserve matches itemReserve.

Remember, assertEquals takes two arguments: the expected value and the actual value. The expected value should be the test data, and the actual value should be the corresponding property of the Item.

Important Note: Make sure to not mix up the order of the arguments in assertEquals. The first argument is the expected value (your test data), and the second argument is the actual value (the Item property). Mixing up these arguments won't cause your test to fail, but it can make the error messages confusing if a test does fail.

After you complete these tasks, you should have a working JUnit test for the Item class. This test validates that the Item's properties are correctly set during instantiation.

To run the tests type the comand gradle test in the terminal The solution can be found in the solution folder.

In this module, you'll delve into data persistence testing using Spring's DataJpaTest annotation. You'll be testing the ItemRepository, which is an interface for generic CRUD operations on our Item entity.

Relevant File: src/test/java/com/pluralsight/auction/ItemRepositoryTest.java

Task 1: Create a Test Item

First, you need to create an instance of Item that will be used for testing. Within the testSaveAndFind method, instantiate an Item with the following parameters:

• Name: "testItem"
• Description: "testDescription"
• Seller: "testSeller"
• Price: 100.0
• Reserve: 50.0

This Item instance will be the "system under test". It's the object that we're going to persist and retrieve from the database.

Task 2: Save the Test Item

Now, let's persist the Item instance you created in the previous task. Use the save method of the ItemRepository to save the Item instance to the database.

Remember to assign the result of the save method back to the item variable. This is because the save method returns a new instance that represents the persisted state (including the generated ID).

Task 3: Retrieve the Test Item

After persisting the Item instance, you'll want to retrieve it to ensure it was saved correctly.

Use the findById method of the ItemRepository to retrieve the Item from the database. The argument should be the ID of the item you just saved.

Remember, findById returns an Optional<Item>, so you'll need to handle the possibility that the item might not be found.

Task 4: Assert the Retrieved Item

The final part of this task is to validate that the item retrieved from the database matches the item you saved.

First, assert that the Optional<Item> is not empty using the assertTrue method and the isPresent method of Optional. This ensures that an item was actually returned from the database.

Next, assert that the name of the retrieved item matches the name of the item you saved. Use the get method of Optional to retrieve the Item and the getName method of Item to get its name. Then, use assertEquals to compare it to the name of the item you saved.

Important Note: Be cautious when using the get method of Optional. It throws a NoSuchElementException if the Optional is empty. In this case, it's safe to use because you've already checked that the Optional is not empty.

After completing these tasks, you should have a working test that validates the basic functionality of the ItemRepository. This test ensures that an Item can be successfully saved and retrieved from the database.

To run the tests type the comand gradle test in the terminal The solution can be found in the solution folder.

In this module, you'll be testing the ItemController class, which is responsible for handling HTTP requests related to Item instances. The MockMvc class will be used to perform HTTP requests, and the ItemRepository will be mocked using Mockito.

Relevant File: src/test/java/com/pluralsight/auction/ItemControllerTest.java

Task 1: Create a Test Item and Configure Mock Behavior

First, create a test Item instance within the testListItems method, similar to what you've done in previous modules.

Next, define a List<Item> containing the test item. This list will represent the items in the repository.

Then, configure the mock ItemRepository to return this list when its findAll method is called. Mockito's when method lets you define what should be returned when a certain method is called on a mock object.

Task 2: Perform Request and Assert Model

Now, use MockMvc to perform a GET request to the root URL ("/").

Use the andExpect method to validate the response. You should check the following:

• The HTTP status is OK.
• The view name is "index".
• The model contains an attribute named "items".
• The "items" attribute equals the list of items you defined earlier.

The status, view, and model methods are static imports from MockMvcResultMatchers. They return ResultMatcher instances that can be used to verify different aspects of the HTTP response.

Task 3: Perform Request and Assert View

Create another test method, testListItemsView, to validate the content of the view.

Set up the test item, the list of items, and the mock behavior exactly like in the previous task.

Use MockMvc to perform a GET request to the root URL ("/") again.

This time, check the following in addition to the HTTP status and view name:

• The response content contains the string "Auction Items".
• The response content contains the name, description, seller, and price of the test item.

The content method is another static import from MockMvcResultMatchers. It returns ResultMatcher instances that verify the content of the HTTP response.

After completing these tasks, you should have two working tests for the ItemController. testListItems checks that the model contains the correct items, while testListItemsView ensures that these items are correctly displayed in the view.

To run the tests type the comand gradle test in the terminal The solution can be found in the solution folder.

In this module, you'll be setting up Spring Security to secure your application. You'll configure HTTP security, password encoding, and user details service.

Relevant File: src/main/java/com/pluralsight/auction/SecurityConfig.java

Task 1: HTTP Security Configuration

First, define a SecurityFilterChain bean to set up HTTP security. In the filterChain method, build a HttpSecurity instance that defines which requests should be authorized and how users should authenticate themselves.

Disable CSRF protection for simplicity, as it's not the focus of this module.

Permit all requests to static resources and the root URL ("/"). Requests to the "/admin" URL will require the user to have the "ADMIN" role.

Configure form-based login and logout. The login page URL, login processing URL, and default success URL will be "/login", "/login", and "/admin", respectively. You'll also permit all requests to these URLs.

The logout request matcher will be a new AntPathRequestMatcher for the "/logout" URL. All requests to this URL will also be permitted.

Finally, build the HttpSecurity instance and return it.

Task 2: Password Encoder Configuration

Next, define a PasswordEncoder bean. The passwordEncoder method will return a new BCryptPasswordEncoder instance.

The BCryptPasswordEncoder uses the BCrypt hashing algorithm to encode passwords. It's a good choice for password encoding because it's computationally expensive, which makes it difficult for attackers to crack the hashed passwords.

Task 3: User Details Service Configuration

The last task is to define a UserDetailsService bean. This service is responsible for loading user-specific data during authentication.

In the userDetailsService method, you'll create an UserDetails instance for an admin user. The username and password will both be "admin", and the user will have the "ADMIN" role. The password will be encoded using the PasswordEncoder you defined earlier.

Finally, return a new InMemoryUserDetailsManager with the admin user. The InMemoryUserDetailsManager is a simple UserDetailsService implementation that stores user details in memory.

After completing these tasks, your application will be secured with Spring Security. Users will need to log in to access the "/admin" URL, and their passwords will be securely encoded.

To run view the application in the browser run the comand gradle bootrun in the terminal. Open the Simple Browser in VS Code by opening the command palette and typing Simple Browser The solution can be found in the solution folder.

In this module, you'll be testing the AdminController class, which is responsible for handling HTTP requests related to admin operations. The MockMvc class will be used to perform HTTP requests, and the ItemRepository will be mocked using Mockito. The @WithMockUser annotation will be used to simulate a logged-in user.

Relevant File: src/test/java/com/pluralsight/auction/AdminControllerTest.java

Task 1: Set Up Test Environment

First, annotate the AdminControllerTest class with @SpringBootTest and @AutoConfigureMockMvc to set up a Spring Boot test environment with a MockMvc instance.

Then, define fields for MockMvc and ItemRepository and annotate them with @Autowired and @MockBean, respectively. @Autowired will inject the MockMvc instance, and @MockBean will create a mock ItemRepository instance.

Task 2: Create a Test Item and Configure Mock Behavior

Next, create a test method, testListItems, to validate the model and view.

In the test method, you'll create a test Item instance and a List<Item> containing the test item. This list will represent the items in the repository.

Then, configure the mock ItemRepository to return this list when its findAll method is called. Mockito's when method lets you define what should be returned when a certain method is called on a mock object.

Task 3: Simulate a Logged-In User

Annotate the test method with @WithMockUser to simulate a logged-in user. The username, password, and role will be "admin", "admin", and "ADMIN", respectively. This means the test will be run as if an admin user is logged in.

Task 4: Perform Request and Assert Model

Now, use MockMvc to perform a GET request to the "/admin" URL.

Use the andExpect method to validate the response. You should check the following:

• The HTTP status is OK.
• The view name is "admin".
• The model contains an attribute named "items".
• The "items" attribute equals the list of items you defined earlier.

The status, view, and model methods are static imports from MockMvcResultMatchers. They return ResultMatcher instances that can be used to verify different aspects of the HTTP response.

After completing these tasks, you should have a working test for the AdminController. The testListItems method checks that the model contains the correct items when an admin user is logged in.

To run the tests type the comand gradle test in the terminal The solution can be found in the solution folder.