我有一个带有自定义过滤器的自定义批注,用于授权传入的请求。问题是,当我尝试使用MockMvc测试控制器时,每次使用MockMvc后都会重置Spring Security Context,因此我只能在仅调用一个端点的情况下运行测试。
控制器:
@RestController
class ElementController {
@RequestMapping(value = ["getElement/{id}"], produces = [APPLICATION_XML_VALUE], method = [GET])
@PreAuthorize("authentication.superUser")
fun getElement(
@PathVariable id: UUID
): String? {
return // call service
}
// For brevity I've removed the other endpoint but it's declaration is similar.
}
测试类:
@SpringBootTest
@AutoConfigureMockMvc
@ActiveProfiles(INTEGRATION_TESTS)
@DirtiesContext
class ElementTest {
@Autowired
private lateinit var mockMvc: MockMvc
@Test
@WithMockCustomUser(superUser = true) // Custom Annotation created via Spring Docs
fun `Given When Then`() {
// Passes with correct authentication
mockMvc.perform(
put("putElement").content(/*data*/)
).andDo(print()).andExpect(status().isOk)
// Fails because authentication context is empty
val resultGet = mockMvc.perform(
get("getElement/someId")
).andDo(print()).andExpect(status().isOk)
}
}
由于org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
我尝试浏览代码,好像MockMvc在每次调用后都在重置安全上下文。我查看了所有文档,似乎一切设置正确。
我还查看了this GitHub issue的状态:
@WithUserDetails将为同一请求建立相同的用户。这是按设计的。
这是否意味着我的自定义注释应该以相同的方式工作?
我非常感谢您的帮助。
更新:
作为一种变通办法,我将在第二个呼叫之前手动设置Sprint安全上下文,但我想找到一个永久解决方案。
val authentication = // set authentication
SecurityContextHolder.getContext().authentication = authentication
val resultGet = mockMvc.perform(
get("getElement/someId")
).andDo(print()).andExpect(status().isOk)