一键在 Manus 中运行任何 Skill

$pwd:

spring-security-testing

Name: Spring Security Testing
Author: spring-ai-community

// Spring Security 7 changed method security defaults and CSRF handling — tests using hasRole() or csrf() may need updates. Read before testing authentication, authorization, or secured endpoints. Triggers: @WithMockUser, csrf(), jwt(), oauth2Login(), SecurityFilterChain, @PreAuthorize, AccessDeniedException, @WithUserDetails, @WithSecurityContext, hasRole, hasAuthority, SCOPE_, JwtAuthenticationToken.

在 Manus 中运行

$ git log --oneline --stat

stars:43

forks:2

updated:2026年4月8日 03:26

文件资源管理器

2 个文件

SKILL.md

readonly

name	spring-security-testing
description	Spring Security 7 changed method security defaults and CSRF handling — tests using hasRole() or csrf() may need updates. Read before testing authentication, authorization, or secured endpoints. Triggers: @WithMockUser, csrf(), jwt(), oauth2Login(), SecurityFilterChain, @PreAuthorize, AccessDeniedException, @WithUserDetails, @WithSecurityContext, hasRole, hasAuthority, SCOPE_, JwtAuthenticationToken.
version	0.1.0
license	Apache-2.0

Spring Security Testing

Signals: @WithMockUser, @WithUserDetails, csrf(), jwt(), oauth2Login(), mockOidcLogin(), @WithSecurityContext, SecurityMockMvcRequestPostProcessors, AccessDeniedException, SCOPE_

Tested With

Spring Boot 3.2+ / Spring Boot 4.x
Spring Security 6.x / 7.x
Spring Framework 6.x / Spring Framework 7.x
JUnit 5

Do NOT Use This Skill When

Testing REST controller HTTP behavior (status codes, JSON body, headers) without security focus → use spring-mvc-testing
Testing reactive endpoints with security → use spring-webflux-testing
Testing JPA repositories → use spring-jpa-testing
Writing pure unit tests for service logic without security context → use spring-testing-fundamentals

When to Read References

Situation	Read
`@WithMockUser` and `@WithUserDetails` setup	`references/security-testing-patterns.md`
`roles` vs `authorities` and the `ROLE_` prefix trap	`references/security-testing-patterns.md`
Per-request auth with `SecurityMockMvcRequestPostProcessors` (`user()`, `httpBasic()`)	`references/security-testing-patterns.md`
CSRF on POST/PUT/DELETE — preventing 403 in tests	`references/security-testing-patterns.md`
JWT resource server testing with `jwt()` post-processor	`references/security-testing-patterns.md`
OAuth2 login and OIDC testing with `oauth2Login()`, `mockOidcLogin()`	`references/security-testing-patterns.md`
Custom `@WithSecurityContext` for complex JWT scenarios	`references/security-testing-patterns.md`
`@PreAuthorize` method security testing	`references/security-testing-patterns.md`
Boot 3.x → 4.x security testing changes	`references/security-testing-patterns.md`

related-skills.json

同仓库

spring-jpa-testing.md

from "spring-ai-community/spring-testing-skills"

@DataJpaTest requires TestEntityManager + flush()/clear() before assertions — without this, tests read from Hibernate L1 cache and pass falsely. Read before writing any JPA test. Triggers: @DataJpaTest, JpaRepository, TestEntityManager, @ServiceConnection, Testcontainers, @Modifying, Hibernate 6/7, @AutoConfigureTestDatabase, flush and clear in tests, @Transactional in tests, jakarta.persistence.EntityManager.

2026-04-0843

spring-mvc-testing.md

from "spring-ai-community/spring-testing-skills"

Boot 4+ replaced MockMvc assertions with MockMvcTester — incompatible API your training data gets wrong. Read before writing any @WebMvcTest. Triggers: @WebMvcTest, MockMvc, MockMvcTester, @RestController, jsonPath, @GetMapping, @PostMapping, @AutoConfigureMockMvc, MockMvcRequestBuilders, status().isOk(), @RestControllerAdvice, contentType(APPLICATION_JSON).

2026-04-0843

spring-testing-fundamentals.md

from "spring-ai-community/spring-testing-skills"

Boot 4 renamed @MockBean to @MockitoBean, moved test slice annotations to new packages, and changed context caching behavior. Read for correct AssertJ/BDDMockito idioms and Boot 4 migration. Default fallback when no specific slice annotation is present. Triggers: assertThat, BDDMockito, ArgumentCaptor, @MockitoBean, @MockitoSpyBean, @DirtiesContext, UnnecessaryStubbingException, testing pyramid, context cache.

2026-04-0843

spring-webflux-testing.md

from "spring-ai-community/spring-testing-skills"

WebFlux testing requires StepVerifier for reactive streams — standard assertions silently pass on empty Flux. WebTestClient API differs from MockMvc. Read before testing reactive endpoints. Triggers: @WebFluxTest, WebTestClient, StepVerifier, Mono, Flux, mockUser(), mockJwt(), mutateWith, verifyComplete, expectBody, expectStatus, @AutoConfigureWebTestClient.

2026-04-0843

spring-websocket-testing.md

from "spring-ai-community/spring-testing-skills"

WebSocket tests require @SpringBootTest(RANDOM_PORT) and async message handling — @WebMvcTest won't work. Timeout and session leak traps are common. Read before testing STOMP or WebSocket. Triggers: WebSocketStompClient, StompSession, @MessageMapping, @SendToUser, BlockingQueue, /topic/, /queue/, CountDownLatch, session.subscribe, session.send.

2026-04-0843

package.json

"author": "spring-ai-community"

"repository": "spring-ai-community/spring-testing-skills"

打开 GitHub 仓库查看创作者相关仓库

$ install --global

$ download --local

在 Manus 中运行

$ useful --forSOC

软件质量保证分析师与测试员计算机与数学类职业15-1253L4

name	spring-security-testing
description	Spring Security 7 changed method security defaults and CSRF handling — tests using hasRole() or csrf() may need updates. Read before testing authentication, authorization, or secured endpoints. Triggers: @WithMockUser, csrf(), jwt(), oauth2Login(), SecurityFilterChain, @PreAuthorize, AccessDeniedException, @WithUserDetails, @WithSecurityContext, hasRole, hasAuthority, SCOPE_, JwtAuthenticationToken.
version	0.1.0
license	Apache-2.0

Spring Security Testing

Tested With

Spring Boot 3.2+ / Spring Boot 4.x
Spring Security 6.x / 7.x
Spring Framework 6.x / Spring Framework 7.x
JUnit 5

Do NOT Use This Skill When

Testing REST controller HTTP behavior (status codes, JSON body, headers) without security focus → use spring-mvc-testing
Testing reactive endpoints with security → use spring-webflux-testing
Testing JPA repositories → use spring-jpa-testing
Writing pure unit tests for service logic without security context → use spring-testing-fundamentals

When to Read References

Situation	Read
`@WithMockUser` and `@WithUserDetails` setup	`references/security-testing-patterns.md`
`roles` vs `authorities` and the `ROLE_` prefix trap	`references/security-testing-patterns.md`
Per-request auth with `SecurityMockMvcRequestPostProcessors` (`user()`, `httpBasic()`)	`references/security-testing-patterns.md`
CSRF on POST/PUT/DELETE — preventing 403 in tests	`references/security-testing-patterns.md`
JWT resource server testing with `jwt()` post-processor	`references/security-testing-patterns.md`
OAuth2 login and OIDC testing with `oauth2Login()`, `mockOidcLogin()`	`references/security-testing-patterns.md`
Custom `@WithSecurityContext` for complex JWT scenarios	`references/security-testing-patterns.md`
`@PreAuthorize` method security testing	`references/security-testing-patterns.md`
Boot 3.x → 4.x security testing changes	`references/security-testing-patterns.md`

spring-security-testing

Spring Security Testing

Tested With

Do NOT Use This Skill When

When to Read References

同仓库更多 Skills

同仓库更多 Skills

Spring Security Testing

Tested With

Do NOT Use This Skill When

When to Read References