why @WithMockUser still got 401 unauthorized

why @WithMockUser still got 401 unauthorized
Photo by TOMOKO UJI / Unsplash


for none reactive spring application, the Servlet API and Servlet containers, spring-boot-starter-web, please use MockMvc.

import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
@DirtiesContext(classMode = ClassMode.AFTER_EACH_TEST_METHOD)
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
public class IntegrationTestsBase {
    protected MockMvc mockMvc;
                .header(HttpHeaders.AUTHORIZATION, "authorization")
                .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)


for reactive spring application, The reactive-stack web framework, spring-boot-starter-webflux, please use WebTestClient.

@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@DirtiesContext(classMode = ClassMode.AFTER_EACH_TEST_METHOD)
@AutoConfigureWebTestClient(timeout = "100000")
public class IntegrationTests {
    protected WebTestClient webTestClient;
                .uri(uriBuilder -> 

                .header(Headers.LANGUAGE, "EN")
                .header(Headers.AUTHORIZATION, "authorization")


@MockWithUser is a custom annotation used in Spring Boot tests to simplify the process of mocking user authentication. This annotation is typically used in conjunction with Spring Security tests to automatically mock user authentication details, such as username, roles, and authorities, allowing for easier testing of secured endpoints and methods.

When applied to a test method or class, @MockWithUser populates the security context with a mocked user, eliminating the need for manual setup of authentication details in each test case.

By using @MockWithUser, you can streamline your Spring Security tests and focus on testing the behavior of your application without worrying about setting up user authentication details manually in each test case.

class UserControllerIntegrationTest {

    @MockWithUser(username = "testuser", roles = {"USER", "ADMIN"})
    void testGetUserDetails() throws Exception {
        // use MockMvc or WebTestClient


In conclusion, when using the Servlet API and Servlet containers with WebTestClient, or when employing MockMvc in reactive-stack web frameworks, encountering persistent 401 unauthorized responses in test cases is a common occurrence. This behavior arises due to the inherent differences in how authentication is handled between these components. As such, developers need to be aware of these nuances and adapt their testing strategies accordingly. Strategies such as configuring authentication mechanisms appropriately for the chosen testing framework or utilizing custom authentication mechanisms can help mitigate these challenges and ensure successful test execution.

Subscribe to Post, Code and Quiet Time.

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.