logo标签列表

使用Spring Security进行集成测试

javaspring-mvcspring-securityintegration-testing
21

我需要向API发送GET请求,但是即使我已经添加了管理员注释获取错误@WithMockUser(roles="ADMINISTRADOR"),我还是遇到问题。
我该如何发送请求?

API

@RequestMapping(value = "/{id}", method = RequestMethod.GET)
@PostAuthorize("returnObject.instancia == principal.instancia.instancia")
public Validacao retrieve(@PathVariable("id") String id) {
    return validacaoService.retrieve(id);
}

测试

@Test
@WithMockUser(roles = "ADMINISTRADOR")
public void testCRetrieve() throws Exception {
        this.mockMvc
                .perform(get("/api/validacao/" + id).with(user("daniela.morais@sofist.com.br")))
                .andExpect(status().isOk())
                .andReturn();
}

日志

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext

测试类

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(classes = {ValidacaoAPITest.TestConfiguration.class, WithSecurityConfig.class})
@WebAppConfiguration
public class ValidacaoAPITest {
    @EnableWebMvc
    @Configuration
    public static class TestConfiguration {
        Fongo fongo = new Fongo("new server 1");
        DB db = fongo.getDB("oknok");

        @Bean
        ValidacaoAPI getValidacaoAPI() {
            return new ValidacaoAPI();
        }

        @Bean
        ActiveUser getActiveUser() {
            ActiveUser mock = Mockito.mock(ActiveUser.class);

            when(mock.getUser()).thenReturn(new User().setEmail("email@email.com"));
            when(mock.getInstancia()).thenReturn(new Instancia().setInstancia("instancia"));
            return mock;
        }

        @Bean
        ValidacaoService getValidacaoService() {
            return new ValidacaoService();
        }

        @Bean
        MatchService getMatchService() {
            return new MatchService();
        }

        @Bean
        PlanilhaReader getPlanilhaReader() {
            return new PlanilhaReader();
        }


        @Bean
        AtributoReader getAtributoReader() {
            return new AtributoReader();
        }

        @Bean
        AtributoDAO getAtributoDAO() {
            return new AtributoDAO();
        }

        @Bean
        UploadService getUploadService() {
            return new UploadService();
        }


        @Bean
        ValidacaoResultadoDAO getValidacaoResultadoDAO() {
            return new ValidacaoResultadoDAO(db);
        }


        @Bean
        Mapper getMapper() {
            return new Mapper(db);
        }

        @Bean
        UploadDAO getUploadDAO() {
            return new UploadDAO(db);
        }

        @Bean
        MatchDAO getMatchDAO() {
            return new MatchDAO(db);
        }

        @Bean
        ValidacaoDAO getValidacaoDAO() {
            return new ValidacaoDAO(db);
        }

        @Bean
        UploadOriginalsDAO getUploadOriginalsDAO() {
            return new UploadOriginalsDAO(db);
        }

        @Bean
        AtributoValidator getAtributoValidator() {
            return new AtributoValidator();
        }

    }

    @Autowired
    MatchService matchService;

    @Autowired
    private WebApplicationContext context;

    private MockMvc mockMvc;

    private static String id;

    @Before
    public void setup() {
        mockMvc = MockMvcBuilders.webAppContextSetup(context).build();
    }

    @Test
    public void testACreateValidation() throws Exception {
        MvcResult result = this.mockMvc
                .perform(post("/api/validacao"))
                .andExpect(status().isOk())
                .andExpect(jsonPath("$.id", notNullValue()))
                .andReturn();
        this.id = ((BasicDBObject) JSON.parse(result.getResponse().getContentAsString())).getString("id");
    }

    @Test
    public void testBRetrieveAll() throws Exception {
        MvcResult result = this.mockMvc
                .perform(get("/api/validacao"))
                .andExpect(status().isOk())
                .andExpect(jsonPath("$.[0].id", notNullValue()))
                .andReturn();

        BasicDBList list = (BasicDBList) JSON.parse(result.getResponse().getContentAsString());
        this.id = (String) ((BasicDBObject) JSON.parse(list.get(0).toString())).get("id");
    }

    //FIXME
    @Test
    @WithMockUser(roles = "ADMINISTRADOR")
    public void testCRetrieve() throws Exception {
            this.mockMvc
                    .perform(get("/api/validacao/" + id).with(user("daniela.morais@sofist.com.br")))
                    .andExpect(status().isOk())
                    .andReturn();
    }

}
你使用过WithSecurityContextTestExecutionListener吗?你能提供完整的测试类吗? - coder
您有一个角色打字错误,@WithMockUser(roles = "ADMINISTRADOR"),应该是 @WithMockUser(roles = "ADMINISTRATOR")。 - Eddie Jaoude
1个回答
26

在Spring安全性参考手册中的第10.1节中指出,为了能够测试Spring安全特性,您需要将安全过滤器链集成到MockMvc对象中,就像@Before设置方法中的示例一样。

import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*;

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration
@WebAppConfiguration
public class CsrfShowcaseTests {

    @Autowired
    private WebApplicationContext context;
    private MockMvc mvc;

    @Before
    public void setup() {
        mvc = MockMvcBuilders
            .webAppContextSetup(context)
            .apply(springSecurity())
            .build();
    }

...

}
忘了提到,更具体地说,如果您想将Spring安全测试与Spring MVC测试框架集成,如果您不想使用Spring MVC测试框架,则不需要这样做。 - saljuama
在spring-security的早期版本中,这种方法是有效的:https://dev59.com/qH_aa4cB1Zd3GeqPzSaK - Shannon
1
SecurityMockMvcConfigurers在v5中不存在?!那么,这里有一个更好的解决方案。https://dev59.com/5WUq5IYBdhLWcg3wXvMC#23665427 - Mostafa Barmshory
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接