Spring MVC测试(安全集成测试),JSESSIONID不存在

时间:2016-04-13 14:01:54

标签: spring spring-security spring-boot mockmvc spring-mvc-test

我为我的春季启动应用创建了自定义登录表单。 在我的表单集成测试中,我想检查收到的cookie是否包含 JSESSIONID XSRF-TOKEN

但是,我只收到 XSRF-TOKEN

这是我的测试:

@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(classes = Application.class)
@WebAppConfiguration
@IntegrationTest("server.port:0")
public class UserIT {

    @Autowired
    private WebApplicationContext context;
    @Autowired
    private FilterChainProxy springSecurityFilterChain;

    @Value("${local.server.port}")
    private Integer port;

    private MockMvc mockMvc;

    @Before
    public void setup() {
        mockMvc =
                MockMvcBuilders.webAppContextSetup(context).addFilters(springSecurityFilterChain)
                        .build();
    }

    @Test
    public void getUserInfoTest() throws Exception {
        disableSslVerification();

        MvcResult result =
                mockMvc.perform(formLogin("/login").user("roy").password("spring")).andExpect(authenticated())
                        .andReturn();
        Cookie sessionId = result.getResponse().getCookie("JSESSIONID");
        Cookie token = result.getResponse().getCookie("XSRF-TOKEN");
}

安全问题:

@Override
    public void configure(HttpSecurity http) throws Exception {
        // @formatter:off   
        http
            //.httpBasic()
            //.and()
                .headers().frameOptions().disable()
            .and()
                .antMatcher("/**").authorizeRequests()
                .antMatchers("/actuator/health").permitAll()
                .antMatchers("/actuator/**").hasAuthority(Authority.Type.ROLE_ADMIN.getName())
                .antMatchers("/login**", "/index.html", "/home.html").permitAll()
                .anyRequest().authenticated()
            .and()
                .formLogin().loginPage("/login.jsp")
                    .usernameParameter("username")
                    .passwordParameter("password")
                    .loginProcessingUrl("/login")
                     .permitAll()
            .and()
                .logout().logoutSuccessUrl("/login.jsp").permitAll()
            .and()
                .csrf().csrfTokenRepository(csrfTokenRepository())
            .and()
                .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
                .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
        // @formatter:on
    }

请帮助我获得所需的结果。

1 个答案:

答案 0 :(得分:2)

您也没有看到Set-Cookie标头。对我而言,这是MockMVC的一个很大的局限。有关解决方法,请参阅Why does Spring MockMvc result not contain a cookie?