Spring 安全测试期间的空身份验证

Null Authentication during Spring Security test

我想集成测试 Spring 安全认证。只要登录有效。但是在测试过程中出现了如下错误:

java.lang.AssertionError: Authentication should not be null

我的自定义 UserDetailsS​​ervice 只是从数据库中获取用户并将其映射到我的自定义 UserDetails。我在这里做错了什么?这是我还有的:

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(classes = {Application.class})
@WebAppConfiguration
public class SecurityConfigTest {

    @Autowired
    private WebApplicationContext context;

    private MockMvc mockMvc;

    @Before
    public void setUp() throws Exception {
        mockMvc = MockMvcBuilders
            .webAppContextSetup(context)
            .apply(springSecurity())
            .build();
    }
    @Test
    public void shouldAuthenticate() throws Exception {
        mockMvc
            .perform(formLogin())
            .andExpect(authenticated());
    }
}

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    UserDetailsService userDetailsService;

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
            .userDetailsService(userDetailsService)
            .passwordEncoder(new BCryptPasswordEncoder());
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
    http
            .httpBasic()
            .and()
            .authorizeRequests()
                .antMatchers("/", "/login").permitAll()
            .and()
            .csrf().disable();
    }
}

@Configuration
@EnableAutoConfiguration
@ComponentScan
public class Application extends SpringBootServletInitializer{
    @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(Application.class);
    }
    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

Spring Security Reference Manual 中所述,mockMvc.perform(formLogin())

will submit a POST to "/login" with the username "user", the password "password", and a valid CSRF token.

因此,如果您的登录名 URL 不是 /login,用户名不是 user,或者密码不是 password,您不应该期待它的工作。

要为数据库中实际存在的用户提供 username/password 组合,您应该能够使用 mockMvc.perform(formLogin("/auth").user("admin").password("pass"))(假设登录 URL 是 /auth , 用户名为 admin, 密码为 pass).

查看参考手册以获取更多详细信息和示例。