Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

$pwd:

spring-security-testing

Name: Spring Security Testing
Author: spring-ai-community

// Spring Security 7 changed method security defaults and CSRF handling — tests using hasRole() or csrf() may need updates. Read before testing authentication, authorization, or secured endpoints. Triggers: @WithMockUser, csrf(), jwt(), oauth2Login(), SecurityFilterChain, @PreAuthorize, AccessDeniedException, @WithUserDetails, @WithSecurityContext, hasRole, hasAuthority, SCOPE_, JwtAuthenticationToken.

Exécuter dans Manus

$ git log --oneline --stat

stars:43

forks:2

updated:8 avril 2026 à 03:26

Explorateur de fichiers

2 fichiers

SKILL.md

readonly

name	spring-security-testing
description	Spring Security 7 changed method security defaults and CSRF handling — tests using hasRole() or csrf() may need updates. Read before testing authentication, authorization, or secured endpoints. Triggers: @WithMockUser, csrf(), jwt(), oauth2Login(), SecurityFilterChain, @PreAuthorize, AccessDeniedException, @WithUserDetails, @WithSecurityContext, hasRole, hasAuthority, SCOPE_, JwtAuthenticationToken.
version	0.1.0
license	Apache-2.0

Spring Security Testing

Signals: @WithMockUser, @WithUserDetails, csrf(), jwt(), oauth2Login(), mockOidcLogin(), @WithSecurityContext, SecurityMockMvcRequestPostProcessors, AccessDeniedException, SCOPE_

Tested With

Spring Boot 3.2+ / Spring Boot 4.x
Spring Security 6.x / 7.x
Spring Framework 6.x / Spring Framework 7.x
JUnit 5

Do NOT Use This Skill When

Testing REST controller HTTP behavior (status codes, JSON body, headers) without security focus → use spring-mvc-testing
Testing reactive endpoints with security → use spring-webflux-testing
Testing JPA repositories → use spring-jpa-testing
Writing pure unit tests for service logic without security context → use spring-testing-fundamentals

When to Read References

Situation	Read
`@WithMockUser` and `@WithUserDetails` setup	`references/security-testing-patterns.md`
`roles` vs `authorities` and the `ROLE_` prefix trap	`references/security-testing-patterns.md`
Per-request auth with `SecurityMockMvcRequestPostProcessors` (`user()`, `httpBasic()`)	`references/security-testing-patterns.md`
CSRF on POST/PUT/DELETE — preventing 403 in tests	`references/security-testing-patterns.md`
JWT resource server testing with `jwt()` post-processor	`references/security-testing-patterns.md`
OAuth2 login and OIDC testing with `oauth2Login()`, `mockOidcLogin()`	`references/security-testing-patterns.md`
Custom `@WithSecurityContext` for complex JWT scenarios	`references/security-testing-patterns.md`
`@PreAuthorize` method security testing	`references/security-testing-patterns.md`
Boot 3.x → 4.x security testing changes	`references/security-testing-patterns.md`

related-skills.json

même dépôt

spring-jpa-testing.md

from "spring-ai-community/spring-testing-skills"

@DataJpaTest requires TestEntityManager + flush()/clear() before assertions — without this, tests read from Hibernate L1 cache and pass falsely. Read before writing any JPA test. Triggers: @DataJpaTest, JpaRepository, TestEntityManager, @ServiceConnection, Testcontainers, @Modifying, Hibernate 6/7, @AutoConfigureTestDatabase, flush and clear in tests, @Transactional in tests, jakarta.persistence.EntityManager.

2026-04-0843

spring-mvc-testing.md

from "spring-ai-community/spring-testing-skills"

Boot 4+ replaced MockMvc assertions with MockMvcTester — incompatible API your training data gets wrong. Read before writing any @WebMvcTest. Triggers: @WebMvcTest, MockMvc, MockMvcTester, @RestController, jsonPath, @GetMapping, @PostMapping, @AutoConfigureMockMvc, MockMvcRequestBuilders, status().isOk(), @RestControllerAdvice, contentType(APPLICATION_JSON).

2026-04-0843

spring-testing-fundamentals.md

from "spring-ai-community/spring-testing-skills"

Boot 4 renamed @MockBean to @MockitoBean, moved test slice annotations to new packages, and changed context caching behavior. Read for correct AssertJ/BDDMockito idioms and Boot 4 migration. Default fallback when no specific slice annotation is present. Triggers: assertThat, BDDMockito, ArgumentCaptor, @MockitoBean, @MockitoSpyBean, @DirtiesContext, UnnecessaryStubbingException, testing pyramid, context cache.

2026-04-0843

spring-webflux-testing.md

from "spring-ai-community/spring-testing-skills"

WebFlux testing requires StepVerifier for reactive streams — standard assertions silently pass on empty Flux. WebTestClient API differs from MockMvc. Read before testing reactive endpoints. Triggers: @WebFluxTest, WebTestClient, StepVerifier, Mono, Flux, mockUser(), mockJwt(), mutateWith, verifyComplete, expectBody, expectStatus, @AutoConfigureWebTestClient.

2026-04-0843

spring-websocket-testing.md

from "spring-ai-community/spring-testing-skills"

WebSocket tests require @SpringBootTest(RANDOM_PORT) and async message handling — @WebMvcTest won't work. Timeout and session leak traps are common. Read before testing STOMP or WebSocket. Triggers: WebSocketStompClient, StompSession, @MessageMapping, @SendToUser, BlockingQueue, /topic/, /queue/, CountDownLatch, session.subscribe, session.send.

2026-04-0843

package.json

"author": "spring-ai-community"

"repository": "spring-ai-community/spring-testing-skills"

Ouvrir le dépôt GitHub Voir les dépôts du créateur

$ install --global

$ download --local

Exécuter dans Manus

$ useful --forSOC

Analystes en assurance qualité des logiciels et testeursProfessions informatiques et mathématiques15-1253L4

name	spring-security-testing
description	Spring Security 7 changed method security defaults and CSRF handling — tests using hasRole() or csrf() may need updates. Read before testing authentication, authorization, or secured endpoints. Triggers: @WithMockUser, csrf(), jwt(), oauth2Login(), SecurityFilterChain, @PreAuthorize, AccessDeniedException, @WithUserDetails, @WithSecurityContext, hasRole, hasAuthority, SCOPE_, JwtAuthenticationToken.
version	0.1.0
license	Apache-2.0

Spring Security Testing

Tested With

Spring Boot 3.2+ / Spring Boot 4.x
Spring Security 6.x / 7.x
Spring Framework 6.x / Spring Framework 7.x
JUnit 5

Do NOT Use This Skill When

Testing REST controller HTTP behavior (status codes, JSON body, headers) without security focus → use spring-mvc-testing
Testing reactive endpoints with security → use spring-webflux-testing
Testing JPA repositories → use spring-jpa-testing
Writing pure unit tests for service logic without security context → use spring-testing-fundamentals

When to Read References

Situation	Read
`@WithMockUser` and `@WithUserDetails` setup	`references/security-testing-patterns.md`
`roles` vs `authorities` and the `ROLE_` prefix trap	`references/security-testing-patterns.md`
Per-request auth with `SecurityMockMvcRequestPostProcessors` (`user()`, `httpBasic()`)	`references/security-testing-patterns.md`
CSRF on POST/PUT/DELETE — preventing 403 in tests	`references/security-testing-patterns.md`
JWT resource server testing with `jwt()` post-processor	`references/security-testing-patterns.md`
OAuth2 login and OIDC testing with `oauth2Login()`, `mockOidcLogin()`	`references/security-testing-patterns.md`
Custom `@WithSecurityContext` for complex JWT scenarios	`references/security-testing-patterns.md`
`@PreAuthorize` method security testing	`references/security-testing-patterns.md`
Boot 3.x → 4.x security testing changes	`references/security-testing-patterns.md`

spring-security-testing

Spring Security Testing

Tested With

Do NOT Use This Skill When

When to Read References

Plus depuis ce dépôt

Spring Security Testing

Tested With

Do NOT Use This Skill When

When to Read References

Plus depuis ce dépôt