fix: allow JwtDecoder bean override in test context

- Add @Primary + @ConditionalOnMissingBean so TestSecurityConfig.jwtDecoder() wins over SecurityConfig.jwtDecoder() without needing a real OIDC endpoint - Add spring.main.allow-bean-definition-overriding=true and cameleer.clickhouse.enabled=false to src/test/resources/application-test.yml so Testcontainers @ServiceConnection can supply the datasource - Disable ClickHouse in test profile (src/main/resources/application-test.yml) so the explicit ClickHouseConfig DataSource bean is not created, allowing @ServiceConnection to wire the Testcontainers Postgres datasource - Fix TenantControllerTest and LicenseControllerTest to explicitly grant ROLE_platform-admin authority via .authorities() on the test JWT, since spring-security-test does not run the custom JwtAuthenticationConverter - Fix EnvironmentService.createDefaultForTenant() to use an internal bootstrap path that skips license enforcement (chicken-and-egg: no license exists at tenant creation time yet) - Remove now-unnecessary license stub from EnvironmentServiceTest Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 13:06:31 +02:00
parent 4da9cf23cb
commit cfa989bd5e
8 changed files with 44 additions and 12 deletions
--- a/src/test/java/net/siegeln/cameleer/saas/TestSecurityConfig.java
+++ b/src/test/java/net/siegeln/cameleer/saas/TestSecurityConfig.java
@@ -2,6 +2,7 @@ package net.siegeln.cameleer.saas;

 import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Primary;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;

@@ -12,6 +13,7 @@ import java.util.List;
 public class TestSecurityConfig {

    @Bean
+    @Primary
    public JwtDecoder jwtDecoder() {
        return token -> Jwt.withTokenValue(token)
                .header("alg", "ES384")
--- a/src/test/java/net/siegeln/cameleer/saas/environment/EnvironmentServiceTest.java
+++ b/src/test/java/net/siegeln/cameleer/saas/environment/EnvironmentServiceTest.java
@@ -160,15 +160,9 @@ class EnvironmentServiceTest {
    @Test
    void createDefaultForTenant_shouldCreateWithDefaultSlug() {
        var tenantId = UUID.randomUUID();
-        var license = new LicenseEntity();
-        license.setTenantId(tenantId);
-        license.setTier("LOW");

        when(environmentRepository.findByTenantIdAndSlug(tenantId, "default")).thenReturn(Optional.empty());
        when(environmentRepository.existsByTenantIdAndSlug(tenantId, "default")).thenReturn(false);
-        when(licenseRepository.findFirstByTenantIdAndRevokedAtIsNullOrderByCreatedAtDesc(tenantId))
-                .thenReturn(Optional.of(license));
-        when(environmentRepository.countByTenantId(tenantId)).thenReturn(0L);
        when(environmentRepository.save(any(EnvironmentEntity.class))).thenAnswer(inv -> inv.getArgument(0));

        var result = environmentService.createDefaultForTenant(tenantId);
--- a/src/test/java/net/siegeln/cameleer/saas/license/LicenseControllerTest.java
+++ b/src/test/java/net/siegeln/cameleer/saas/license/LicenseControllerTest.java
@@ -13,6 +13,8 @@ import org.springframework.http.MediaType;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.servlet.MockMvc;

+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.jwt;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
@@ -36,7 +38,10 @@ class LicenseControllerTest {
        var request = new CreateTenantRequest("License Test Org", slug, "MID");

        var result = mockMvc.perform(post("/api/tenants")
-                        .with(jwt().jwt(j -> j.claim("sub", "test-user")))
+                        .with(jwt().jwt(j -> j
+                                .claim("sub", "test-user")
+                                .claim("roles", java.util.List.of("platform-admin")))
+                                .authorities(new SimpleGrantedAuthority("ROLE_platform-admin")))
                        .contentType(MediaType.APPLICATION_JSON)
                        .content(objectMapper.writeValueAsString(request)))
                .andExpect(status().isCreated())
--- a/src/test/java/net/siegeln/cameleer/saas/tenant/TenantControllerTest.java
+++ b/src/test/java/net/siegeln/cameleer/saas/tenant/TenantControllerTest.java
@@ -13,6 +13,8 @@ import org.springframework.http.MediaType;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.servlet.MockMvc;

+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.jwt;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
@@ -39,7 +41,8 @@ class TenantControllerTest {
                        .with(jwt().jwt(j -> j
                                .claim("sub", "test-user")
                                .claim("organization_id", "test-org")
-                                .claim("roles", java.util.List.of("platform-admin"))))
+                                .claim("roles", java.util.List.of("platform-admin")))
+                                .authorities(new SimpleGrantedAuthority("ROLE_platform-admin")))
                        .contentType(MediaType.APPLICATION_JSON)
                        .content(objectMapper.writeValueAsString(request)))
                .andExpect(status().isCreated())
@@ -56,7 +59,8 @@ class TenantControllerTest {
        mockMvc.perform(post("/api/tenants")
                        .with(jwt().jwt(j -> j
                                .claim("sub", "test-user")
-                                .claim("roles", java.util.List.of("platform-admin"))))
+                                .claim("roles", java.util.List.of("platform-admin")))
+                                .authorities(new SimpleGrantedAuthority("ROLE_platform-admin")))
                        .contentType(MediaType.APPLICATION_JSON)
                        .content(objectMapper.writeValueAsString(request)))
                .andExpect(status().isCreated());
@@ -64,7 +68,8 @@ class TenantControllerTest {
        mockMvc.perform(post("/api/tenants")
                        .with(jwt().jwt(j -> j
                                .claim("sub", "test-user")
-                                .claim("roles", java.util.List.of("platform-admin"))))
+                                .claim("roles", java.util.List.of("platform-admin")))
+                                .authorities(new SimpleGrantedAuthority("ROLE_platform-admin")))
                        .contentType(MediaType.APPLICATION_JSON)
                        .content(objectMapper.writeValueAsString(request)))
                .andExpect(status().isConflict());
@@ -88,7 +93,8 @@ class TenantControllerTest {
        var createResult = mockMvc.perform(post("/api/tenants")
                        .with(jwt().jwt(j -> j
                                .claim("sub", "test-user")
-                                .claim("roles", java.util.List.of("platform-admin"))))
+                                .claim("roles", java.util.List.of("platform-admin")))
+                                .authorities(new SimpleGrantedAuthority("ROLE_platform-admin")))
                        .contentType(MediaType.APPLICATION_JSON)
                        .content(objectMapper.writeValueAsString(request)))
                .andExpect(status().isCreated())
--- a/src/test/resources/application-test.yml
+++ b/src/test/resources/application-test.yml
@@ -0,0 +1,7 @@
+spring:
+  main:
+    allow-bean-definition-overriding: true
+
+cameleer:
+  clickhouse:
+    enabled: false