Why am I receiving a 403 FORBIDDEN for the following test?
@RestController
public class MyServlet {
@PostMapping("/")
public Mono<String> accept(Authentication authentication) {}
}
@WebFluxTest(MyServlet.class)
@WithMockUser
public class MyServletTest {
@Autowired
private WebTestClient webClient;
@Test
public void test() {
webClient.post().url("/")
.exchange()
.expectStatus().isOk();
}
}
Result:
java.lang.AssertionError: Status expected:<200 OK> but was:<403 FORBIDDEN>
> POST /
> WebTestClient-Request-Id: [1]
> Content-Type: [application/json]
No content
< 403 FORBIDDEN Forbidden
< Content-Type: [text/plain]
< Cache-Control: [no-cache, no-store, max-age=0, must-revalidate]
< Pragma: [no-cache]
< Expires: [0]
< X-Content-Type-Options: [nosniff]
< X-Frame-Options: [DENY]
< X-XSS-Protection: [1 ; mode=block]
< Referrer-Policy: [no-referrer]
CSRF Token has been associated to this client
As far as I know, @WebFluxTest disables csrf. So why is it complaining?
webClient.mutateWith(SecurityMockServerConfigurers.csrf()).post()...;