Unit Test Controller Layer

Name: Unit Test Controller Layer
Author: giuseppe-trisciuoglio

giuseppe-trisciuoglio/developer-kit

Apply MockMvc-focused patterns to unit-test Spring REST controllers including status codes, security, and multipart uploads.

Overview

Unit Test Controller Layer is an agent skill for the Ship phase that guides MockMvc unit tests for Spring REST controllers including auth and upload cases.

Install

npx skills add https://github.com/giuseppe-trisciuoglio/developer-kit --skill unit-test-controller-layer

What is this skill?

Multiple status code scenarios with mocked UserService (200, 404, 401)
Role-based access tests expecting 403 on admin delete without authority
Bearer token authentication tests for protected routes
File upload testing with MockMultipartFile on controller endpoints
Java Spring MockMvc perform/andExpect patterns ready to paste

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.2k installs on skills.sh; 271 GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

Your REST controllers lack consistent tests for 401/403/404 branches, security rules, and file uploads.

Who is it for?

Solo developers on Spring Boot APIs who want controller tests without full integration suites.

Skip if: Non-Java stacks, pure service-layer testing with no HTTP surface, or E2E browser flows.

When should I use this skill?

You are writing or extending Spring MVC controller tests with MockMvc, security, or file upload scenarios.

What do I get? / Deliverables

You add focused MockMvc tests that mock services and verify HTTP status and security behavior per endpoint.

JUnit test classes with status, security, and upload coverage patterns

Recommended Skills

Agent Browservercel-labs/open-agents

agent-browser is a Vercel Open Agents skill that wraps a CLI for programmatic browser control—ideal when solo builders n…404k installs·5.6k stars

Tddmattpocock/skills

TDD is an agent skill that coaches test-driven development using the red-green-refactor loop for solo and indie builders…214k installs·121k stars

Use My Browserxixu-me/skills

Use My Browser skill forces agents to classify tasks as static-capable or browser-required before choosing tools—staying…198k installs·61 stars

Test Driven Developmentobra/superpowers

Test-Driven Development is an agent skill from obra/superpowers that forces a test-first implementation ritual: write a …118k installs·221k stars

Verification Before Completionobra/superpowers

Verification Before Completion is an agent skill from the Superpowers lineage that blocks premature success claims durin…100k installs·221k stars

Webapp Testinganthropics/skills

webapp-testing is an agent skill for solo builders who need to prove that a local web application actually works—not jus…90.9k installs·148k stars

Journey fit

Primary fit

Ship is where API contracts and auth behavior must be proven before release. Testing subphase covers controller-layer unit tests that mock services and assert HTTP semantics.

How it compares

Controller-layer MockMvc tests instead of only integration tests or untested HTTP glue code.

Common Questions / FAQ

Who is unit-test-controller-layer for?

Indie backend builders using Spring who need reliable HTTP and security assertions at the controller boundary.

When should I use unit-test-controller-layer?

In Ship testing while adding or refactoring REST endpoints, before release, or when fixing auth regressions.

Is unit-test-controller-layer safe to install?

Check the Security Audits panel on this page; the skill is documentation and test snippets with no bundled network calls.

SKILL.md

READMESKILL.md - Unit Test Controller Layer

# Advanced Controller Testing Patterns

## Multiple Status Code Scenarios

```java
@Test
void shouldReturnDifferentStatusCodesForDifferentScenarios() throws Exception {
  // Successful response
  when(userService.getUserById(1L)).thenReturn(new UserDto(1L, "Alice"));
  mockMvc.perform(get("/api/users/1"))
    .andExpect(status().isOk());

  // Not found
  when(userService.getUserById(999L))
    .thenThrow(new UserNotFoundException("Not found"));
  mockMvc.perform(get("/api/users/999"))
    .andExpect(status().isNotFound());

  // Unauthorized
  mockMvc.perform(get("/api/admin/users"))
    .andExpect(status().isUnauthorized());
}
```

## Security Testing

### Testing Role-Based Access

```java
@Test
void shouldReturn403WhenUserLacksRole() throws Exception {
  mockMvc.perform(delete("/api/admin/users/1"))
    .andExpect(status().isForbidden());
}
```

### Testing Authentication

```java
@Test
void shouldReturn401WhenNoTokenProvided() throws Exception {
  mockMvc.perform(get("/api/protected"))
    .andExpect(status().isUnauthorized());
}

@Test
void shouldReturn200WhenValidTokenProvided() throws Exception {
  when(authService.validateToken("valid-token")).thenReturn(true);
  when(userService.getCurrentUser()).thenReturn(new UserDto(1L, "Alice"));

  mockMvc.perform(get("/api/protected")
      .header("Authorization", "Bearer valid-token"))
    .andExpect(status().isOk());
}
```

## File Upload Testing

### MockMultipartFile

```java
@Test
void shouldUploadFileSuccessfully() throws Exception {
  byte[] fileContent = "test file content".getBytes();
  MockMultipartFile file = new MockMultipartFile(
    "file", "test.txt", "text/plain", fileContent);

  when(fileService.store(any())).thenReturn("stored-file-id");

  mockMvc.perform(multipart("/api/files/upload").file(file))
    .andExpect(status().isOk())
    .andExpect(jsonPath("$.fileId").value("stored-file-id"));

  verify(fileService).store(any(MultipartFile.class));
}
```

## Pagination

### Testing Paginated Responses

```java
@Test
void shouldReturnPaginatedUsers() throws Exception {
  Page<UserDto> page = new PageImpl<>(
    List.of(new UserDto(1L, "Alice"), new UserDto(2L, "Bob")),
    PageRequest.of(0, 10), 2);

  when(userService.getUsers(any(Pageable.class))).thenReturn(page);

  mockMvc.perform(get("/api/users")
      .param("page", "0")
      .param("size", "10"))
    .andExpect(status().isOk())
    .andExpect(jsonPath("$.content").isArray())
    .andExpect(jsonPath("$.content.length()").value(2))
    .andExpect(jsonPath("$.totalElements").value(2))
    .andExpect(jsonPath("$.totalPages").value(1));
}
```

## Exception Handling

### Custom Exception Handlers

```java
@Test
void shouldHandleValidationException() throws Exception {
  when(userService.createUser(any()))
    .thenThrow(new MethodArgumentNotValidException(
      null, new BeanPropertyBindingResult(null, "user")));

  mockMvc.perform(post("/api/users")
      .contentType("application/json")
      .content("{\"invalid\":\"data\"}"))
    .andExpect(status().isBadRequest())
    .andExpect(jsonPath("$.errors").isArray());
}
```

## Testing Async Endpoints

```java
@Test
void shouldHandleAsyncResponses() throws Exception {
  CompletableFuture<UserDto> futureUser = CompletableFuture.completedFuture(
    new UserDto(1L, "Alice"));
  when(userService.getUserAsync(1L)).thenReturn(futureUser);

  MvcResult result = mockMvc.perform(get("/api/users/async/1"))
    .andExpect(status().isOk())
    .andReturn();

  // For actual async testing, use withAsyncDispatch()
  String content = result.getResponse().getContentAsString();
  assertThat(content).contains("Alice");
}
```


# Common Pitfalls in Controller Testing

## Testing Business Logic in Controller

**Don't**: Test business logic in controller tests

**Do**: Keep controller tests focused on HTTP handling only

```java
// BAD - Testing business logic
@Test
void shouldCalculateTotalCorrectly() throws Exception {
  // This should be in service tests
  mockMvc.perform(get

What is this skill?

Multiple status code scenarios with mocked UserService (200, 404, 401)

Role-based access tests expecting 403 on admin delete without authority

Bearer token authentication tests for protected routes

File upload testing with MockMultipartFile on controller endpoints

Java Spring MockMvc perform/andExpect patterns ready to paste

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.2k installs on skills.sh; 271 GitHub stars; 3/3 security scanners passed (skills.sh audits).

SKILL.md

READMESKILL.md - Unit Test Controller Layer

# Advanced Controller Testing Patterns

## Multiple Status Code Scenarios

```java
@Test
void shouldReturnDifferentStatusCodesForDifferentScenarios() throws Exception {
  // Successful response
  when(userService.getUserById(1L)).thenReturn(new UserDto(1L, "Alice"));
  mockMvc.perform(get("/api/users/1"))
    .andExpect(status().isOk());

  // Not found
  when(userService.getUserById(999L))
    .thenThrow(new UserNotFoundException("Not found"));
  mockMvc.perform(get("/api/users/999"))
    .andExpect(status().isNotFound());

  // Unauthorized
  mockMvc.perform(get("/api/admin/users"))
    .andExpect(status().isUnauthorized());
}
```

## Security Testing

### Testing Role-Based Access

```java
@Test
void shouldReturn403WhenUserLacksRole() throws Exception {
  mockMvc.perform(delete("/api/admin/users/1"))
    .andExpect(status().isForbidden());
}
```

### Testing Authentication

```java
@Test
void shouldReturn401WhenNoTokenProvided() throws Exception {
  mockMvc.perform(get("/api/protected"))
    .andExpect(status().isUnauthorized());
}

@Test
void shouldReturn200WhenValidTokenProvided() throws Exception {
  when(authService.validateToken("valid-token")).thenReturn(true);
  when(userService.getCurrentUser()).thenReturn(new UserDto(1L, "Alice"));

  mockMvc.perform(get("/api/protected")
      .header("Authorization", "Bearer valid-token"))
    .andExpect(status().isOk());
}
```

## File Upload Testing

### MockMultipartFile

```java
@Test
void shouldUploadFileSuccessfully() throws Exception {
  byte[] fileContent = "test file content".getBytes();
  MockMultipartFile file = new MockMultipartFile(
    "file", "test.txt", "text/plain", fileContent);

  when(fileService.store(any())).thenReturn("stored-file-id");

  mockMvc.perform(multipart("/api/files/upload").file(file))
    .andExpect(status().isOk())
    .andExpect(jsonPath("$.fileId").value("stored-file-id"));

  verify(fileService).store(any(MultipartFile.class));
}
```

## Pagination

### Testing Paginated Responses

```java
@Test
void shouldReturnPaginatedUsers() throws Exception {
  Page<UserDto> page = new PageImpl<>(
    List.of(new UserDto(1L, "Alice"), new UserDto(2L, "Bob")),
    PageRequest.of(0, 10), 2);

  when(userService.getUsers(any(Pageable.class))).thenReturn(page);

  mockMvc.perform(get("/api/users")
      .param("page", "0")
      .param("size", "10"))
    .andExpect(status().isOk())
    .andExpect(jsonPath("$.content").isArray())
    .andExpect(jsonPath("$.content.length()").value(2))
    .andExpect(jsonPath("$.totalElements").value(2))
    .andExpect(jsonPath("$.totalPages").value(1));
}
```

## Exception Handling

### Custom Exception Handlers

```java
@Test
void shouldHandleValidationException() throws Exception {
  when(userService.createUser(any()))
    .thenThrow(new MethodArgumentNotValidException(
      null, new BeanPropertyBindingResult(null, "user")));

  mockMvc.perform(post("/api/users")
      .contentType("application/json")
      .content("{\"invalid\":\"data\"}"))
    .andExpect(status().isBadRequest())
    .andExpect(jsonPath("$.errors").isArray());
}
```

## Testing Async Endpoints

```java
@Test
void shouldHandleAsyncResponses() throws Exception {
  CompletableFuture<UserDto> futureUser = CompletableFuture.completedFuture(
    new UserDto(1L, "Alice"));
  when(userService.getUserAsync(1L)).thenReturn(futureUser);

  MvcResult result = mockMvc.perform(get("/api/users/async/1"))
    .andExpect(status().isOk())
    .andReturn();

  // For actual async testing, use withAsyncDispatch()
  String content = result.getResponse().getContentAsString();
  assertThat(content).contains("Alice");
}
```


# Common Pitfalls in Controller Testing

## Testing Business Logic in Controller

**Don't**: Test business logic in controller tests

**Do**: Keep controller tests focused on HTTP handling only

```java
// BAD - Testing business logic
@Test
void shouldCalculateTotalCorrectly() throws Exception {
  // This should be in service tests
  mockMvc.perform(get

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is unit-test-controller-layer for?

When should I use unit-test-controller-layer?

Is unit-test-controller-layer safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is unit-test-controller-layer for?

When should I use unit-test-controller-layer?

Is unit-test-controller-layer safe to install?

SKILL.md