package com.example.demo.controller; import com.fasterxml.jackson.databind.ObjectMapper; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.http.MediaType; import org.springframework.test.web.servlet.MockMvc; import java.util.Map; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @SpringBootTest @AutoConfigureMockMvc class AuthFlowTest { @Autowired private MockMvc mockMvc; @Autowired private ObjectMapper objectMapper; @Test void secureEndpointShouldRejectWithoutToken() throws Exception { mockMvc.perform(get("/api/secure/me")) .andExpect(status().isUnauthorized()) .andExpect(jsonPath("$.code").value(401)); } @Test void shouldAccessSecureEndpointWithValidToken() throws Exception { String loginReq = objectMapper.writeValueAsString(Map.of("username", "admin", "password", "admin123")); String loginResp = mockMvc.perform(post("/api/auth/login") .contentType(MediaType.APPLICATION_JSON) .content(loginReq)) .andExpect(status().isOk()) .andExpect(jsonPath("$.code").value(0)) .andReturn().getResponse().getContentAsString(); String token = objectMapper.readTree(loginResp).path("data").path("token").asText(); mockMvc.perform(get("/api/secure/me") .header("Authorization", "Bearer " + token)) .andExpect(status().isOk()) .andExpect(jsonPath("$.code").value(0)) .andExpect(jsonPath("$.data.principal").value("admin")); } }