我有一个应用程序,我使用Spring Social Security进行身份验证和授权。不幸的是,我在模拟Spring Security时遇到了一些问题。它似乎根本不起作用。
我有一个REST控制器,如果它应返回的实体的标识符不可用,则返回404 Not Found。如果用户未登录,则任何页面都会重定向到我的应用程序的社交登录页面。
我已阅读here @WithUserDetails
注释最适合我。
所以我的测试方法看起来像这样
@Test
@SqlGroup({
@Sql(executionPhase = ExecutionPhase.BEFORE_TEST_METHOD, statements = "INSERT INTO UserAccount(id, creationtime, modificationtime, version, email, firstname, lastname, role, signinprovider) VALUES (1, '2008-08-08 20:08:08', '2008-08-08 20:08:08', 1, 'user', 'John', 'Doe', 'ROLE_USER', 'FACEBOOK')"), })
@Rollback
@WithUserDetails
public void ifNoTeamsInTheDatabaseThenTheRestControllerShouldReturnNotFoundHttpStatus() {
ResponseEntity<String> response = restTemplate.getForEntity("/getTeamHistory/{team}", String.class, "Team");
Assert.assertEquals(HttpStatus.NOT_FOUND, response.getStatusCode());
}
但这似乎根本不起作用。看起来测试方法是使用匿名用户执行的,因为我得到的状态是200 OK。
我的测试类注释如下
@RunWith(SpringRunner.class)
@ActiveProfiles("dev")
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
@Transactional
public class TeamRestControllerTest {
//...
}
有没有人遇到过Spring Social提供的模拟Spring Security的问题?
答案 0 :(得分:1)
我目前无法测试它,但这是一个可能的解决方案。
查看@WithUserDetails实现:
@WithSecurityContext(factory = WithUserDetailsSecurityContextFactory.class)
public @interface WithUserDetails {
...
}
final class WithUserDetailsSecurityContextFactory implements
WithSecurityContextFactory<WithUserDetails> {
private BeanFactory beans;
@Autowired
public WithUserDetailsSecurityContextFactory(BeanFactory beans) {
this.beans = beans;
}
public SecurityContext createSecurityContext(WithUserDetails withUser) {
String beanName = withUser.userDetailsServiceBeanName();
UserDetailsService userDetailsService = StringUtils.hasLength(beanName)
? this.beans.getBean(beanName, UserDetailsService.class)
: this.beans.getBean(UserDetailsService.class);
String username = withUser.value();
Assert.hasLength(username, "value() must be non empty String");
UserDetails principal = userDetailsService.loadUserByUsername(username);
Authentication authentication = new UsernamePasswordAuthenticationToken(
principal, principal.getPassword(), principal.getAuthorities());
SecurityContext context = SecurityContextHolder.createEmptyContext();
context.setAuthentication(authentication);
return context;
}
}
您可以按照相同的模式创建您选择的安全上下文:
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
@WithSecurityContext(factory = WithoutUserFactory.class)
public @interface WithoutUser {
}
public class WithoutUserFactory implements WithSecurityContextFactory<WithoutUser> {
public SecurityContext createSecurityContext(WithoutUser withoutUser) {
return SecurityContextHolder.createEmptyContext();
}
}
其他可用注释:WithAnonymousUser
,WithMockUser
,WithSecurityContext
(和WithUserDetails
)