我有一个自定义类,用于处理对/actuator端点的安全身份验证,它们都可以正常工作。我只想测试身份验证功能。
package com.netapp.qronicle.config
import org.springframework.beans.factory.annotation.Value
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.authentication.AuthenticationManager
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.crypto.factory.PasswordEncoderFactories
@Configuration
@EnableWebSecurity
class ActuatorSecurity : WebSecurityConfigurerAdapter() {
@Value("\${security.user.username}")
private val actuatorUsername: String? = null
@Value("\${security.user.password}")
private val actuatorPassword: String? = null
@Throws(Exception::class)
override fun configure(http: HttpSecurity) {
http.csrf().disable().requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.httpBasic()
}
@Throws(Exception::class)
override fun configure(auth: AuthenticationManagerBuilder) {
val passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder()
val encodedPassword = passwordEncoder.encode(actuatorPassword)
auth.inMemoryAuthentication()
.withUser(actuatorUsername).password(encodedPassword).roles("USER")
}
@Bean
@Throws(Exception::class)
override fun authenticationManagerBean(): AuthenticationManager {
// ALTHOUGH THIS SEEMS LIKE USELESS CODE,
// IT'S REQUIRED TO PREVENT SPRING BOOT AUTO-CONFIGURATION
return super.authenticationManagerBean()
}
}
application.properties文件中提供了用户名和通行证
# spring boot actuator access control
management.endpoints.web.exposure.include=*
management.endpoint.health.show-details=always
security.user.username=admin
security.user.password=${ACTUATOR_PASSWORD:admin123}
我将如何为此编写身份验证测试? 我已经尝试过类似的方法,但是它不起作用。
package com.netapp.qronicle.web
import org.assertj.core.api.Assertions.assertThat
import org.junit.jupiter.api.Test
import org.junit.runner.RunWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.boot.test.context.SpringBootTest
import org.springframework.boot.test.web.client.TestRestTemplate
import org.springframework.http.HttpStatus
import org.springframework.test.context.junit4.SpringRunner
@RunWith(SpringRunner::class)
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
class ActuatorSecurityApiTest {
@Autowired
private val restTemplate: TestRestTemplate? = null
@Test
fun testHomeIsSecure() {
val entity = this.restTemplate!!.getForEntity("/actuator", Map::class.java)
assertThat(entity.statusCode).isEqualTo(HttpStatus.UNAUTHORIZED)
val body = entity.body
assertThat(body!!["error"]).isEqualTo("Unauthorized")
assertThat(entity.headers).doesNotContainKey("Set-Cookie")
}
}