Category Archives: Testing

RestTemplateBuilder and @RestClientTest in Spring Boot 1.4.0

Spring Boot 1.4.0 is now available. Among the enhancements are new mechanisms to build and test RestTemplates used to make calls to RESTful web services.

User Impersonation with Spring Security

A common requirement for secured applications is that admin / super users are able to login as any other user. For example, it may be helpful for a customer support analyst to access a system as if they were a real specific customer. The obvious way to do this is for the admin user to ask for the customer’s password or look it up in the password database. This is usually an unacceptable security compromise – no one should know a customer’s password except for the customer. And if the password database is implemented correctly it should be technically impossible for anyone – not even a system admin or DBA – to discover a user’s password.

An alternative solution is to allow admin users to login with their own unique username and password but allow them to then impersonate any other user. After the admin user has logged in, they can enter the username of another user and then view the application as if they were logged in as that user. Implementing user impersonation in this way also has the advantage that the system knows who has really logged in. If the system has an audit log, we can audit actions against the real admin user, rather than the impersonated user.

Testing with mock users in Spring / Spring MVC

A common unit test scenario for Spring / Spring MVC applications is to verify behavior when logged in as a particular user. The new spring-security-test library available with Spring Security version 4 makes testing user access controls in Spring and Spring MVC applications far simpler.

Building Unit Test Data

In the book Growing Object-Oriented Software, Guided by Tests, authors Steve Freeman and Nat Pryce suggest a neat pattern for cleanly creating test data for unit tests. They suggest using the builder pattern to build test objects which are as simple or as complicated as necessary for the test. The builder can set default data in fields meaning that only data significant to the result of the test needs to be set.


ZeroTurnaround, the smart kids behind JRebel, have launched a new product: XRebel. And boy, it’s a good one! It’s described as “X-Ray glasses for your webapp”. It’s a performance profiler with features previously only seen in serious application performance monitoring (APM) solutions such as AppDynamics and New Relic.

Testing for SimpleDateFormat thread safety

Declaring an instance of SimpleDateFormat as a constant (static final class member) is usually bad. But then again, it’s a very obvious thing to do.

MockMVC to test Spring MVC form validation

The MockMVC class allows tests to be run against a real Spring application context without actually having to run the complete application in a Servlet container

Coding in the Age of Distraction

I’ve started adopting Test Driven Development (TDD) practices over the last year or so and discovered an unexpected benefit: failing tests are a great placeholder for your thoughts when you get distracted.

Integration Tests with Selenium and tomcat7-maven-plugin

To create an automated integration test of my spanners-struts webapp, I need a way of launching it as part of the Maven build process.

Protecting Service Methods with Spring Security Annotations

Any class or method can be protected with Spring Security using either AOP interceptors or expression based annotations on the class or method.