Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

$pwd:

spring-security-testing

Name: Spring Security Testing
Author: spring-ai-community

// Spring Security 7 changed method security defaults and CSRF handling — tests using hasRole() or csrf() may need updates. Read before testing authentication, authorization, or secured endpoints. Triggers: @WithMockUser, csrf(), jwt(), oauth2Login(), SecurityFilterChain, @PreAuthorize, AccessDeniedException, @WithUserDetails, @WithSecurityContext, hasRole, hasAuthority, SCOPE_, JwtAuthenticationToken.

Ejecutar en Manus

$ git log --oneline --stat

stars:43

forks:2

updated:8 de abril de 2026, 03:26

Explorador de archivos

2 archivos

SKILL.md

readonly

name	spring-security-testing
description	Spring Security 7 changed method security defaults and CSRF handling — tests using hasRole() or csrf() may need updates. Read before testing authentication, authorization, or secured endpoints. Triggers: @WithMockUser, csrf(), jwt(), oauth2Login(), SecurityFilterChain, @PreAuthorize, AccessDeniedException, @WithUserDetails, @WithSecurityContext, hasRole, hasAuthority, SCOPE_, JwtAuthenticationToken.
version	0.1.0
license	Apache-2.0

Spring Security Testing

Signals: @WithMockUser, @WithUserDetails, csrf(), jwt(), oauth2Login(), mockOidcLogin(), @WithSecurityContext, SecurityMockMvcRequestPostProcessors, AccessDeniedException, SCOPE_

Tested With

Spring Boot 3.2+ / Spring Boot 4.x
Spring Security 6.x / 7.x
Spring Framework 6.x / Spring Framework 7.x
JUnit 5

Do NOT Use This Skill When

Testing REST controller HTTP behavior (status codes, JSON body, headers) without security focus → use spring-mvc-testing
Testing reactive endpoints with security → use spring-webflux-testing
Testing JPA repositories → use spring-jpa-testing
Writing pure unit tests for service logic without security context → use spring-testing-fundamentals

When to Read References

Situation	Read
`@WithMockUser` and `@WithUserDetails` setup	`references/security-testing-patterns.md`
`roles` vs `authorities` and the `ROLE_` prefix trap	`references/security-testing-patterns.md`
Per-request auth with `SecurityMockMvcRequestPostProcessors` (`user()`, `httpBasic()`)	`references/security-testing-patterns.md`
CSRF on POST/PUT/DELETE — preventing 403 in tests	`references/security-testing-patterns.md`
JWT resource server testing with `jwt()` post-processor	`references/security-testing-patterns.md`
OAuth2 login and OIDC testing with `oauth2Login()`, `mockOidcLogin()`	`references/security-testing-patterns.md`
Custom `@WithSecurityContext` for complex JWT scenarios	`references/security-testing-patterns.md`
`@PreAuthorize` method security testing	`references/security-testing-patterns.md`
Boot 3.x → 4.x security testing changes	`references/security-testing-patterns.md`

related-skills.json

mismo repositorio

spring-jpa-testing.md

from "spring-ai-community/spring-testing-skills"

@DataJpaTest requires TestEntityManager + flush()/clear() before assertions — without this, tests read from Hibernate L1 cache and pass falsely. Read before writing any JPA test. Triggers: @DataJpaTest, JpaRepository, TestEntityManager, @ServiceConnection, Testcontainers, @Modifying, Hibernate 6/7, @AutoConfigureTestDatabase, flush and clear in tests, @Transactional in tests, jakarta.persistence.EntityManager.

2026-04-0843

spring-mvc-testing.md

from "spring-ai-community/spring-testing-skills"

Boot 4+ replaced MockMvc assertions with MockMvcTester — incompatible API your training data gets wrong. Read before writing any @WebMvcTest. Triggers: @WebMvcTest, MockMvc, MockMvcTester, @RestController, jsonPath, @GetMapping, @PostMapping, @AutoConfigureMockMvc, MockMvcRequestBuilders, status().isOk(), @RestControllerAdvice, contentType(APPLICATION_JSON).

2026-04-0843

spring-testing-fundamentals.md

from "spring-ai-community/spring-testing-skills"

Boot 4 renamed @MockBean to @MockitoBean, moved test slice annotations to new packages, and changed context caching behavior. Read for correct AssertJ/BDDMockito idioms and Boot 4 migration. Default fallback when no specific slice annotation is present. Triggers: assertThat, BDDMockito, ArgumentCaptor, @MockitoBean, @MockitoSpyBean, @DirtiesContext, UnnecessaryStubbingException, testing pyramid, context cache.

2026-04-0843

spring-webflux-testing.md

from "spring-ai-community/spring-testing-skills"

WebFlux testing requires StepVerifier for reactive streams — standard assertions silently pass on empty Flux. WebTestClient API differs from MockMvc. Read before testing reactive endpoints. Triggers: @WebFluxTest, WebTestClient, StepVerifier, Mono, Flux, mockUser(), mockJwt(), mutateWith, verifyComplete, expectBody, expectStatus, @AutoConfigureWebTestClient.

2026-04-0843

spring-websocket-testing.md

from "spring-ai-community/spring-testing-skills"

WebSocket tests require @SpringBootTest(RANDOM_PORT) and async message handling — @WebMvcTest won't work. Timeout and session leak traps are common. Read before testing STOMP or WebSocket. Triggers: WebSocketStompClient, StompSession, @MessageMapping, @SendToUser, BlockingQueue, /topic/, /queue/, CountDownLatch, session.subscribe, session.send.

2026-04-0843

package.json

"author": "spring-ai-community"

"repository": "spring-ai-community/spring-testing-skills"

Abrir repositorio de GitHub Ver repositorios del creador

$ install --global

$ download --local

Ejecutar en Manus

$ useful --forSOC

Analistas de garantía de calidad de software y probadoresOcupaciones informáticas y matemáticas15-1253L4

name	spring-security-testing
description	Spring Security 7 changed method security defaults and CSRF handling — tests using hasRole() or csrf() may need updates. Read before testing authentication, authorization, or secured endpoints. Triggers: @WithMockUser, csrf(), jwt(), oauth2Login(), SecurityFilterChain, @PreAuthorize, AccessDeniedException, @WithUserDetails, @WithSecurityContext, hasRole, hasAuthority, SCOPE_, JwtAuthenticationToken.
version	0.1.0
license	Apache-2.0

Spring Security Testing

Tested With

Spring Boot 3.2+ / Spring Boot 4.x
Spring Security 6.x / 7.x
Spring Framework 6.x / Spring Framework 7.x
JUnit 5

Do NOT Use This Skill When

Testing REST controller HTTP behavior (status codes, JSON body, headers) without security focus → use spring-mvc-testing
Testing reactive endpoints with security → use spring-webflux-testing
Testing JPA repositories → use spring-jpa-testing
Writing pure unit tests for service logic without security context → use spring-testing-fundamentals

When to Read References

Situation	Read
`@WithMockUser` and `@WithUserDetails` setup	`references/security-testing-patterns.md`
`roles` vs `authorities` and the `ROLE_` prefix trap	`references/security-testing-patterns.md`
Per-request auth with `SecurityMockMvcRequestPostProcessors` (`user()`, `httpBasic()`)	`references/security-testing-patterns.md`
CSRF on POST/PUT/DELETE — preventing 403 in tests	`references/security-testing-patterns.md`
JWT resource server testing with `jwt()` post-processor	`references/security-testing-patterns.md`
OAuth2 login and OIDC testing with `oauth2Login()`, `mockOidcLogin()`	`references/security-testing-patterns.md`
Custom `@WithSecurityContext` for complex JWT scenarios	`references/security-testing-patterns.md`
`@PreAuthorize` method security testing	`references/security-testing-patterns.md`
Boot 3.x → 4.x security testing changes	`references/security-testing-patterns.md`

spring-security-testing

Spring Security Testing

Tested With

Do NOT Use This Skill When

When to Read References

Más de este repositorio

Más de este repositorio

Spring Security Testing

Tested With

Do NOT Use This Skill When

When to Read References