我有一个ActuatorSecurity类,用于对/actuator动作进行身份验证。
package com.netapp.qronicle.config
import org.springframework.beans.factory.annotation.Value
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.authentication.AuthenticationManager
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.crypto.factory.PasswordEncoderFactories
@Configuration
@EnableWebSecurity
class ActuatorSecurity : WebSecurityConfigurerAdapter() {
@Value("\${security.user.actuator-username}")
private val actuatorUsername: String? = null
@Value("\${security.user.actuator-password}")
private val actuatorPassword: String? = null
@Throws(Exception::class)
override fun configure(http: HttpSecurity) {
http.csrf().disable().requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.httpBasic()
}
@Throws(Exception::class)
override fun configure(auth: AuthenticationManagerBuilder) {
val passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder()
val encodedPassword = passwordEncoder.encode(actuatorPassword)
auth.inMemoryAuthentication()
.withUser(actuatorUsername).password(encodedPassword).roles("USER")
}
@Bean
@Throws(Exception::class)
override fun authenticationManagerBean(): AuthenticationManager {
// ALTHOUGH THIS SEEMS LIKE USELESS CODE,
// IT'S REQUIRED TO PREVENT SPRING BOOT AUTO-CONFIGURATION
return super.authenticationManagerBean()
}
}
我已在application.properties文件中配置了所有内容
# spring boot actuator access control
management.endpoints.web.exposure.include=*
security.user.actuator-username=admin
security.user.actuator-password=admin123
我只想为authentication做基本的/actuator/** api测试,但是还没有做到,这是我的测试类
package com.netapp.qronicle.web
import com.netapp.qronicle.config.ActuatorSecurity
import org.junit.jupiter.api.Assertions
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest
import org.springframework.test.context.ContextConfiguration
import org.springframework.test.context.junit.jupiter.SpringExtension
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders
import org.springframework.test.web.servlet.result.MockMvcResultMatchers
import javax.inject.Inject
@ExtendWith(SpringExtension::class)
@WebMvcTest(ActuatorSecurity::class)
@ContextConfiguration(classes = [ActuatorSecurity::class])
class ActuatorTest {
@Inject
lateinit var mockMvc: MockMvc
@Test
fun `Basic authentication actuator test`() {
val result = mockMvc.perform(
MockMvcRequestBuilders.get("/actuator"))
.andExpect(MockMvcResultMatchers.status().isOk)
Assertions.assertNotNull(result)
}
}
引发的错误是:
2019-02-26 17:07:26.062 INFO 34766 --- [ main] com.netapp.qronicle.web.ActuatorTest : Starting ActuatorTest on jmasson-mac-0 with PID 34766 (started by jonma in /Users/jonma/Development/java/report-generator)
2019-02-26 17:07:26.099 INFO 34766 --- [ main] com.netapp.qronicle.web.ActuatorTest : No active profile set, falling back to default profiles: default
2019-02-26 17:07:29.324 INFO 34766 --- [ main] com.netapp.qronicle.web.ActuatorTest : Started ActuatorTest in 4.468 seconds (JVM running for 6.427)
MockHttpServletRequest:
HTTP Method = GET
Request URI = /actuator
Parameters = {}
Headers = {}
Body = <no character encoding set>
Session Attrs = {}
Handler:
Type = org.springframework.web.servlet.resource.ResourceHttpRequestHandler
Async:
Async started = false
Async result = null
Resolved Exception:
Type = null
ModelAndView:
View name = null
View = null
Model = null
FlashMap:
Attributes = null
MockHttpServletResponse:
Status = 404
Error message = null
Headers = {}
Content type = null
Body =
Forwarded URL = null
Redirected URL = null
Cookies = []