我有多个服务:ServiceA
,ServiceB
,ServiceC
,并且启用了JWT身份验证和传播。负责验证用户身份的服务为ServiceA
。
那么,如果启用了身份验证并且该服务不知道如何进行身份验证,该如何测试(JUnit5)我的服务B
和C
?
[main] INFO i.m.context.env.DefaultEnvironment - Established active environments: [test]
[nioEventLoopGroup-1-3] DEBUG i.m.http.client.DefaultHttpClient - Sending HTTP Request: POST /serviceB/order/item
[nioEventLoopGroup-1-3] DEBUG i.m.http.client.DefaultHttpClient - Chosen Server: localhost(33006)
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzaGVybG9jayIsIm5iZiI6MTU4MTI3NjA2NSwicm9sZXMiOltdLCJpc3MiOiJ1c2VyIiwiZXhwIjoxNTgxMjc5NjY1LCJpYXQiOjE1ODEyNzYwNjV9.yrVqAluyZvKIGjtu4tDVSnZZiZ8kdhduN20n1xd1z6U
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - host: localhost:33006
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - connection: close
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - content-type: application/json
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - content-length: 2
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - Request Body
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - HTTP Client Response Received for Request: POST http://localhost:33006/serviceB/order/item
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - Status Code: 403 Forbidden
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - Date: Sun, 9 Feb 2020 19:23:08 GMT
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - connection: close
使用:Micronaut 1.3.0
,JDK 1.8
答案 0 :(得分:0)
在gitter.im/micronautfw中,有一个答案是使用MockAuthenticationProvider implements AuthenticationProvider
和SecurityBypassFilter implements HttpClientFilter
模拟身份验证逻辑。
package demo
import io.micronaut.context.annotation.Requires
import io.micronaut.context.env.Environment
import io.micronaut.security.authentication.AuthenticationFailed
import io.micronaut.security.authentication.AuthenticationProvider
import io.micronaut.security.authentication.AuthenticationRequest
import io.micronaut.security.authentication.AuthenticationResponse
import io.micronaut.security.authentication.UserDetails
import io.reactivex.Flowable
import org.reactivestreams.Publisher
import javax.inject.Singleton
@Requires(env = Environment.TEST)
@Requires(property = 'spec.name', notEquals = 'SecuritySpec')
@Singleton
class MockAuthenticationProvider implements AuthenticationProvider {
@Override
Publisher<AuthenticationResponse> authenticate(AuthenticationRequest authenticationRequest) {
if ( authenticationRequest.identity == 'user' && authenticationRequest.secret == 'password' ) {
return Flowable.just(new UserDetails('user', []))
}
return Flowable.just(new AuthenticationFailed())
}
}
和
package groovycalamari.bookmark
import io.micronaut.context.annotation.Requires
import io.micronaut.context.env.Environment
import io.micronaut.http.HttpResponse
import io.micronaut.http.MutableHttpRequest
import io.micronaut.http.annotation.Filter
import io.micronaut.http.filter.ClientFilterChain
import io.micronaut.http.filter.HttpClientFilter
import org.reactivestreams.Publisher
@Filter('/**')
@Requires(env = Environment.TEST)
@Requires(property = 'spec.name', notEquals = 'SecuritySpec')
class SecurityBypassFilter implements HttpClientFilter {
@Override
Publisher<? extends HttpResponse<?>> doFilter(MutableHttpRequest<?> request, ClientFilterChain chain) {
request.basicAuth('user', 'password')
return chain.proceed(request)
}
}
答案 1 :(得分:0)
这是使用JWT令牌的一种方式:
@Filter("/**")
@Requires(env = Environment.TEST)
@Requires(property = "spec.name", notEquals = "SecuritySpec")
public class MockSecurityBypassFilter implements HttpClientFilter
{
private final static Logger LOG = LoggerFactory.getLogger(MockSecurityBypassFilter.class);
@Override
public Publisher<? extends HttpResponse<?>> doFilter(MutableHttpRequest<?> request, ClientFilterChain chain)
{
LOG.info(">>> Mock Security Filter automatic sign in");
// token expire at -> Saturday, April 20, 2030 9:39:44 PM GMT-03:00
final String JWT_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzdXBlcmFkbWluQG5vaG9tZS5jb20iLCJyb2xlcyI6WyJST09UIiwiU1VQRVJfQURNSU4iLCJVU0VSU19BRE1JTiIsIlVTRVJTX1JFQUQiLCJVU0VSU19XUklURSIsIkFDQ1RTX0FETUlOIiwiQUNDVFNfUkVBRCIsIkFDQ1RTX1dSSVRFIiwiQ1VTVFNfQURNSU4iLCJDVVNUU19SRUFEIiwiQ1VTVFNfV1JJVEUiLCJMQUJPUl9BRE1JTiIsIkxBQk9SX1JFQUQiLCJMQUJPUl9XUklURSIsIlNBTEVTUkVQIl0sImlzcyI6InVzZXJzIiwiYWNjdElkIjoiQWNjdFZwVWdxSzBOIiwib3duZXJJZCI6Ik93bmN5YWZ0Q2giLCJsb2NhbGUiOiJwdCIsIm1vZHVsZXMiOlsiU0FMRVNfUkVQIl0sInNpZCI6ImplczV3U2doemNodiIsIm5iZiI6MTU5NDI3MTEzOCwic2VyaWFsIjoiNTY3ODkiLCJhY2Nlc3NDb2RlIjoiUjEwMCIsIm5hbWUiOiJMdWtlIFNreXdhbGtlciIsInpvbmVJZCI6IlVUQy0zIiwiZXhwIjoxOTA5NjMxMTM4LCJpYXQiOjE1OTQyNzExMzh9.-MXKLJe7iqpAcdViFtcHFg2Yvcypf9E3KVLyxc";
request.bearerAuth(JWT_TOKEN);
return chain.proceed(request);
}
}