In order to test controllers and methods from an application secured by Spring Security 4.x, it is required to build a Spring TestContext that employs Spring Security into the test suite. One way is to instantiate MockMvc with WebApplicationText by applying the springSecurity()mock method from SecurityMockMvcConfigurers.

Using the application from Chapter 4, Applying Aspect-Oriented Programming, we tested /deptform.html bypassing /login.html, which results in using the appropriate user credentials and role to successfully run the request. On the other hand, the @WithMockUser annotation from the Spring Security Test module that provides utilities to mock secured methods. The test will be successful only given the proper login credentials which must be provided to, SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("admin", "admin"));. This authentication API must always be the first line to be executed in any test cases involving secured methods.