客户授权不适用于单元测试

时间:2018-03-08 19:27:34

标签: spring spring-boot spring-junit

好的,首先要知道的是,我可以按预期使用实际的Web客户端。我可以注册用户并使用它登录。

然而,当我尝试实施一些单元测试时,事情对我来说并不适用。这就是我在单元测试中创建用户的方式:

@Autowired
private TestRestTemplate template;

@Value("${security.jwt.client-id}")
private String clientId;

@Value("${security.jwt.client-secret}")
private String clientSecret;

private static String USERS_ENDPOINT = "http://localhost:8081/users/";

public AppUser registerUser(String username, String password) {

    AppUser appUser = new AppUser();
    appUser.setUsername(username);
    appUser.setPassword(password);

    ResponseEntity<AppUser> appUserResponseEntity = template.withBasicAuth(clientId, clientSecret)
            .postForEntity(USERS_ENDPOINT, appUser, AppUser.class);

    AppUser registeredAppUser = appUserResponseEntity.getBody();

    assertNotNull("Trying to register new user but the user ID is null which indicates it didn't work.",
            registeredAppUser.getId());

    return registeredAppUser;
}

问题是我在appUserResponseEntity中读取的状态是HTTP 401,返回的AppUser无效(用户未在数据库中创建)。

我也得到InsufficientScopeException

Caused by: org.springframework.security.oauth2.common.exceptions.InsufficientScopeException: Insufficient scope for this resource
    at org.springframework.security.oauth2.provider.expression.OAuth2SecurityExpressionMethods.throwOnError(OAuth2SecurityExpressionMethods.java:71) ~[spring-security-oauth2-2.2.0.RELEASE.jar:na]
    ... 82 common frames omitted

您可以在下面找到我的AuthorizationServerConfigurerAdapter OAuth2配置。

@Configuration
@EnableAuthorizationServer
@EnableResourceServer
public class OAuth2Configuration extends AuthorizationServerConfigurerAdapter {

    @Configuration
    @EnableResourceServer
    public class ResourceServer extends ResourceServerConfigurerAdapter {

        @Override
        public void configure(HttpSecurity http) throws Exception {
            http
                .requestMatchers().antMatchers("/**")
                .and()
                .authorizeRequests().anyRequest().access("#oauth2.hasScope('write')");
        }

        @Override
        public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
            resources.resourceId(resourceIds);
        }

    }

    @Value("${security.jwt.client-id}")
    private String clientId;

    @Value("${security.jwt.client-secret}")
    private String clientSecret;

    @Value("${security.jwt.grant-type}")
    private String grantType;

    @Value("${security.jwt.scope-read}")
    private String scopeRead;

    @Value("${security.jwt.scope-write}")
    private String scopeWrite;

    @Value("${security.jwt.resource-ids}")
    private String resourceIds;

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private JwtAccessTokenConverter accessTokenConverter;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
        configurer
                .inMemory()
                .withClient(clientId)
                .secret(clientSecret)
                .authorizedGrantTypes(grantType)
                .scopes(scopeRead, scopeWrite)
                .resourceIds(resourceIds);
    }


    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
        enhancerChain.setTokenEnhancers(Arrays.asList(accessTokenConverter));
        endpoints.tokenStore(tokenStore)
                .accessTokenConverter(accessTokenConverter)
                .tokenEnhancer(enhancerChain)
                .authenticationManager(authenticationManager);
    }



}

我不知道为什么这不起作用。有人知道问题可能是什么吗?

我认为奇怪的是它在为匿名用户请求写访问权时失败了。 WebSecurity实际上应该忽略/users端点:

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/pub/**", "/users");
}

所以我不太清楚为什么安全过滤器链在这里实际上是活跃的。

enter image description here

更新

我现在尝试的是我在8080上启动服务器并在同一调试会话期间使用TestRestTemplate template 并尝试将AppUser发送到8080并且8081 - 看看:

enter image description here

enter image description here

正如您所看到的那样,相同的调用在8080(实际的服务器实例运行)上运行但在8081上运行 - 服务器实例已启动以进行单元测试。

显然我的配置存在问题,但我无法将其固定下来..

1 个答案:

答案 0 :(得分:1)

我对此没有更多的话:

  

http://localhost:8081/users