我运行了我的Spring Rest服务的AuthenticationCredentialsNotFoundException,应该使用基本身份验证来保护它。这导致HTTP 500而不是预期的403。 配置中缺少什么?
我的Spring安全配置:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("bill").password("abc123").roles("USER");
}
}
我的春天配置:
@Configuration
@ComponentScan(basePackages = {"com.dummy"})
@EnableWebMvc
@Import({MySecurityConfig.class})
public class MySpringConfig extends WebMvcConfigurerAdapter implements WebApplicationInitializer {
@Override
public void onStartup(final ServletContext servletContext) throws ServletException {
final AnnotationConfigWebApplicationContext context = getContext();
servletContext.addListener(new ContextLoaderListener(context));
final ServletRegistration.Dynamic dispatcher = servletContext.addServlet("springDispatcher",
new DispatcherServlet(context));
dispatcher.setLoadOnStartup(0);
dispatcher.addMapping("/");
}
private AnnotationConfigWebApplicationContext getContext() {
final AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
context.register(MySpringConfig.class);
return context;
}
}
我的安全控制器:
@RestController
@RequestMapping("/dummy")
public class MyController {
@PreAuthorize("hasRole('USER')")
@RequestMapping(method = RequestMethod.POST)
public HttpEntity<?> doSomething() {
return new ResponseEntity<>(HttpStatus.CREATED);
}
}
我的失败测试(实际:500,预期:403):
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@ContextConfiguration(classes = MySpringConfig.class)
public class MyControllerTest {
@Autowired
protected WebApplicationContext context;
protected MockMvc mvc;
@Before
public void setUp() throws Exception {
new TestContextManager(getClass()).prepareTestInstance(this);
this.mvc = MockMvcBuilders.webAppContextSetup(this.context).build();
}
@Test
public void doDummy_not_authorized_403() throws Exception {
final MockHttpServletResponse response = this.mvc.perform(post("/dummy")).andDo(MockMvcResultHandlers.print()).andReturn().getResponse();
assertThat(response.getStatus(), equalTo(403));
}
}