Spring Security 5中对authorization_code流的集成测试

时间:2018-08-29 06:12:02

标签: spring-security spring-security-oauth2 spring-test

我的团队正在构建授权服务,并尝试通过集成测试涵盖所有流程。

我可以使用浏览器和邮递员正确使用authorization_code流。但是,在尝试使用集成测试进行验证时遇到了问题。

我进行了此测试,但由于esj0BG无法检索到代码AuthorizationCodeServices

,因此失败了 
  @Test
  public void should_create_token_and_return_200_when_request_is_valid_and_grant_type_is_authorization_code()
      throws Exception {
    final String basicDigestHeaderValue = "Basic " + new String(Base64.encodeBase64(("test_client" + ":" + "password").getBytes()));

    final MockHttpServletRequestBuilder requestBuilder = post(URI)
        .header(AUTHORIZATION, basicDigestHeaderValue)
        .param("grant_type", "authorization_code")
        .param("code", "esj0BG")
        .param("client_id", "test_client")
        .param("redirect_uri", "http://dummy.uri");

    mockMvc.perform(requestBuilder)
        .andExpect(status().isOk())
        .andExpect(jsonPath("$.access_token").exists())
        .andExpect(jsonPath("$.token_type").value("bearer"))
        .andExpect(jsonPath("$.expires_in").exists())
        .andExpect(jsonPath("$.scope").value("read write trust"))
        .andExpect(jsonPath("$.jti").exists());
  }

是否可以设置测试以使代码有效?

更新 

  private String authorizationCode;

  @Autowired
  private AuthorizationCodeServices authorizationCodeServices;

  @Before
  public void setup(){
    super.setup();

    final Map<String, String> requestParameters = new HashMap<>();
    requestParameters.put("grant_type", "authorization_code");
    requestParameters.put("client_id", "test_client");
    requestParameters.put("redirect_uri", "http://dummy.uri");

    final Set<String> authorizationCodeSet = Sets.newHashSet();
    authorizationCode.add("authorization_code");

    final Set<String> scopes = Sets.newHashSet();
    scopes.add("read");
    scopes.add("write");

    final List<GrantedAuthority> roles = Lists.newArrayList(new SimpleGrantedAuthority(ROLE_USER));

    final OAuth2Request oAuth2Request = new OAuth2Request(requestParameters, VALID_CLIENT_ID, roles,true, scopes,null, "http://dummy.uri", authorizationCodeSet, null);
    final Authentication userAuthentication  = new TestingAuthenticationToken("test", "pass", ROLE_USER);
    final OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, userAuthentication);
    this.authorizationCode = authorizationCodeServices.createAuthorizationCode(oAuth2Authentication);
  }

并像这样在测试中使用该authorizationCode 

  @Test
  public void should_create_token_and_return_200_when_request_is_valid_and_grant_type_is_authorization_code()
      throws Exception {
    final String basicDigestHeaderValue = "Basic " + new String(Base64.encodeBase64(("test_client" + ":" + "password").getBytes()));

    final MockHttpServletRequestBuilder requestBuilder = post(URI)
        .header(AUTHORIZATION, basicDigestHeaderValue)
        .param("grant_type", "authorization_code")
        .param("code", this.authorizationCode)
        .param("client_id", "test_client")
        .param("redirect_uri", "http://dummy.uri");

    mockMvc.perform(requestBuilder)
        .andExpect(status().isOk())
        .andExpect(jsonPath("$.access_token").exists())
        .andExpect(jsonPath("$.token_type").value("bearer"))
        .andExpect(jsonPath("$.expires_in").exists())
        .andExpect(jsonPath("$.scope").value("read write trust"))
        .andExpect(jsonPath("$.jti").exists());
  }

这使测试通过了,但是,我仍然想知道是否还有更优雅的方法吗?

0 个答案:

没有答案
相关问题
最新问题