我有一项受 oAuth 保护的服务。这是我的 RestController 的结构:
@CrossOrigin(origins = "*", allowedHeaders = "*")
@RestController
public class MainController {
@PostMapping("/v1/api")
@CustomAuthorizer(RequestURI = "api", ResourceType = ResourceType.API, GrantAccess = GrantAccess.EXECUTE)
public ResponseEntity<List<Details>> api(
@ApiParam(value = "Provide here request body", required = true) @Valid @RequestBody Input input,
@Valid @RequestParam("tId") String tenantId, @RequestHeader("Authorization") String auth) {
}
这是我的测试
@RunWith(SpringRunner.class)
@SpringBootTest
public class MainControllerMockTest {
@WithMockUser( username = "test")
@Test
public void testApi() throws Exception {
Input input = new Input();
//Set input here
MvcResult result = mockMvc.perform(post("/v1/api?tId=test")
.content(inputJson).contentType(MediaType.APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJsd2lsbGlhbXMxNiIsInJvbGVzIjoidXNlciIsImlhdCI6MTUxNDQ0OTgzM30.WKMQ_oPPiDcc6sGtMJ1Y9hlrAAc6U3xQLuEHyAnM1FU")
.with(SecurityMockMvcRequestPostProcessors.csrf()))
.andExpect(status().isOk()).andReturn();
System.out.println(result.getResponse().getContentAsString());
assertEquals(200, result.getResponse().getStatus());
}
}
身份验证是由我们的自定义 oAuth 库完成的,所以当 /api 被调用时,它会检查权限,有什么办法可以绕过它?我也尝试嘲笑该代码,但没有奏效。任何建议都会很棒。