我有一个使用以下依赖项的spring应用程序:
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.3.RELEASE</version>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-tools</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
安全应用程序配置如下:
@Configuration
public class SecurityConfiguration {
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
http.csrf().disable()
.authorizeExchange()
.pathMatchers("/**").hasAuthority("myAuthority")
.anyExchange().authenticated()
.and()
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(converter());
return http.build();
}
@Bean
public Converter<Jwt, Mono<AbstractAuthenticationToken>> converter() {
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new GrantedAuthoritiesExtractor());
return new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter);
}
static class GrantedAuthoritiesExtractor implements Converter<Jwt, Collection<GrantedAuthority>> {
public Collection<GrantedAuthority> convert(Jwt jwt) {
Collection<String> authorities = (Collection<String>) jwt.getClaims().get("roles");
if(authorities == null) {
authorities = List.of();
}
return authorities.stream()
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
}
}
}
所以我需要经过身份验证的用户来请求api和权限myAuthority
。
我想为此编写一些测试,以确保如果有人更改了安全配置,则测试失败。 我用这个:
protected WebTestClient webTestClient(Object controller) {
return WebTestClient.bindToController(controller)
.apply(springSecurity())
.configureClient()
.build()
.mutateWith(mockJwt().authorities(new SecurityConfiguration.GrantedAuthoritiesExtractor()));
}
,但所有测试均通过,并且不需要身份验证的用户或权限。
我想使用@MockUser
测试角色。
编辑以获取有关测试的更多信息
这是测试班
@ExtendWith(SpringExtension.class)
@WebFluxTest(controllers = MyController.class)
@Import({MyRepository.class, ValidationConfiguration.class})
public class MyControllerTest extends BaseControllerTest {
@Autowired
MyController controller;
@Test
public void test() {}
}