我在使用远程oauth2服务器的spring boot中遇到了集成测试问题。
还有一个名为 test 的个人资料。
以下是具有oauth2配置的类:
@Configuration
public class Oauth2serverconf {
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Autowired
private ServiceProperties serviceProperties;
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
final RemoteTokenServices tokenServices = new RemoteTokenServices();
tokenServices.setClientId(myConfig.getClientId());
tokenServices.setClientSecret(myConfig.getClientSecret());
tokenServices.setCheckTokenEndpointUrl(myConfig.getAuthServiceUrl());
resources.tokenServices(tokenServices);
resources.resourceId(myConfig.getAuthResourceId());
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/some_record/**")
.hasAnyAuthority("ADMIN", "USER")
.anyRequest()
.permitAll();
}
}
}
对于测试,我使用假的Oauth服务器,这意味着我可以在测试中获得REST GET(和其他)方法的响应并获得假令牌:
@RestController
@Profile("test")
public class AuthMockController {
@RequestMapping("/oauth/token")
public String getToken() {
return "TEST_TOKEN";
}
@RequestMapping(value = "/oauth/check_token", method = RequestMethod.GET)
public String GETcheckToken() {
return validateToken();
}
private String validateToken() {
//there is real response from real oauth server
return "....";
}
@RequestMapping(value = "/oauth/check_token", method = RequestMethod.DELETE)
public String DELETEcheckToken() {
return validateToken();
}
@RequestMapping(value = "/oauth/check_token", method = RequestMethod.HEAD)
public String HEADcheckToken() {
return validateToken();
}
@RequestMapping(value = "/oauth/check_token", method = RequestMethod.OPTIONS)
public String OPTIONScheckToken() {
return validateToken();
}
@RequestMapping(value = "/oauth/check_token", method = RequestMethod.PATCH)
public String PATCHcheckToken() {
return validateToken();
}
@RequestMapping(value = "/oauth/check_token", method = RequestMethod.POST)
public String POSTcheckToken() {
return validateToken();
}
@RequestMapping(value = "/oauth/check_token", method = RequestMethod.PUT)
public String PUTcheckToken() {
return validateToken();
}
@RequestMapping(value = "/oauth/check_token", method = RequestMethod.TRACE)
public String TRACEcheckToken() {
return validateToken();
}
}
这是我的application-test.properties:
clientSecret= secret //required for access token
clientId= id
authServiceUrl = http://localhost:${server.port}/oauth/check_token
authResourceId = some_resource_id
所以,当我运行这个测试时:
@Test
public void test1() {
String response = template.getForObject("http://localhost:"+port+"/oauth/token", String.class);
System.err.println(response);
}
我在响应中得到了TEST_TOKEN,因此REST工作正常。
问题是,当我在我的应用程序中调用真正的REST服务时,需要oauth2令牌,我得到401错误代码。当我手动运行应用程序并传递有效的访问令牌时,一切正常。 这是失败的测试:
@Test
public void test() throws Exception {
final String pageSize = "1";
final String resource = base.toString() + "/some_record?pageSize=" + pageSize;
final ResponseEntity<String> response = template.exchange(resource, HttpMethod.GET, null, someResponseType);
assertThat(response.getBody()).isNotEmpty();
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
}
如果有任何帮助,我将不胜感激。