Spring Security
mockk
Our great sponsors
Spring Security | mockk | |
---|---|---|
10 | 17 | |
8,406 | 5,280 | |
1.6% | 0.6% | |
9.9 | 8.6 | |
7 days ago | 18 days ago | |
Java | Kotlin | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Spring Security
-
Spring Security private_key_jwt with AWS KMS
Spring security has long had great OAuth2.0 support from both the server and client elements. Recently spring security added support for the private_key_jwt client authentication method as part of the authorization code grant flow. Spring Security GitHub ref
- Issue since upgrading to Spring Boot 3 - 2: cannot access H2-console
-
Spring with java vs Spring with kotlin
To be fair there were quite some unexpected surprises in the past with Spring and Kotlin (e.g. the Cachable annotation did not work with suspend functions, not all Spring security annotations were supported with coroutines), but most of them were ironed out already.
-
Spring Security WebSecurityConfigurerAdapter deprecated
They recently updated all the examples in the javadocs if you wanna bump your Spring Security version to 5.7.3 (see here). Otherwise the reference docs all reflect the non-deprecated approach that uses SecurityFilterChain and supporting beans.
-
๐ Spring Boot 2.7.0 Released
Spring Security 5.7
-
Spring Security without the WebSecurityConfigurerAdapter
Since Spring Security 5.7.0-M2 the use of WebSecurityConfigurerAdapter was deprecated (link to GitHub - https://github.com/spring-projects/spring-security/issues/10822) to move to component-based security configuration.
-
Spring Reactive Oauth2 Webclient not using configured proxy
When i start the flow, no proxy is used and even the WebClient is not used to get access token. And i get a timeout exception for that. The same issue was discussed in Github: https://github.com/spring-projects/spring-security/issues/8966
-
How to ignore Url from Once per request filter
You can extract (and validate) the JWT token into the Principal by implementing the getPreAuthenticatedPrincipal method, and map the claims to user details by providing through a custom implementation of AuthenticationUserDetailsService.
-
Dynamically updating user roles.
Or, maybe simpler, is to create your own filter and add it after the SecurityContextPersistenceFilter. Here, just recreate the authentication token from the database, which is what token based authentication does (token based authentication has to preauthenticated authentication from the token for the actual user authentication with the user details).
mockk
-
For those DAO, Services, how about using static objects with mockk for test
The official suggests using dagger/hilt to inject them. However, they could be static based on the static ApplicationContext. Although Dagger/hilt aids in unit testing, mockk can accomplish this easily as well by modifying bytecode during run time. As for the stability, `mockk` has 5000+ stars on GitHub and keeps renewing.
-
Tests Everywhere - Kotlin
We can create it as a class as MockK is able to mock final classes.
-
๐งช **Demystifying Kotlin Unit Testing**: Your Odyssey to Code Confidence! ๐
Mockk Documentation
-
Best practices for Unit Testing Android Apps with Mockk, Kotest and others
Mockk is a rather new framework; it was originally designed for Kotlin, although it supports Java as well. Before mockito-kotlin was released, using Mockk was much easier and beneficial for Kotlin developers, but right now both these frameworks have nearly the same set of features and similar syntax. For example, assume that our function loadUsers is no longer synchronous, but rather suspended:
-
LocalDateTime.now() mockk
You can use mockkStatic for that, see docs. Also don't forget to unmockkStatic afterwards.
-
reflective-mockk: Stub methods programmatically using kotlin-reflect
WARNING: reflective-mockk is currently powered by a reflective โhackโ on mockK, and is thereby subject to removal/breakage by the mockK team at any time. If you enjoy this library & want it to be officially supported, post a comment saying so on this PR: https://github.com/mockk/mockk/pull/1005.
-
mockk VS mockative - a user suggested alternative
2 projects | 9 Nov 2022
- Are there any plans to make a better build system for Kotlin than Gradle?
-
Spring with java vs Spring with kotlin
https://mockk.io/ is great, too.
-
From Java to Kotlin. There and back again
Mockito does not work correctly with Kotlin types out of the box. Spring recommends using Mockk. There is also a special module for Mockito, which adds support for Kotlin - Mockito-Kotlin.
What are some alternatives?
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
mockito-kotlin - Using Mockito with Kotlin
Bouncy Castle - Bouncy Castle Java Distribution (Mirror)
Kotest - Powerful, elegant and flexible test framework for Kotlin with additional assertions, property testing and data driven testing
Apache Shiro - Apache Shiro
spek - A specification framework for Kotlin
jCasbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Java
mock-fuel - JUnit 5 extension to easily test with the http client Fuel for Kotlin
Nimbus JOSE+JWT - JSON Web Token (JWT) implementation for Java with support for signatures (JWS), encryption (JWE) and web keys (JWK).
Kluent - Fluent Assertion-Library for Kotlin
jjwt - Java JWT: JSON Web Token for Java and Android
kotlin-logging - Lightweight Multiplatform logging framework for Kotlin. A convenient and performant logging facade.