如何在 mvcmock 单元测试中注入身份验证

How to inject Authentication in mvcmock unit testing

概览

我有一个注入身份验证的 REST 服务,我想使用 mockmvc 为它创建一个单元测试。我的 RestController class 如下:

import java.util.ArrayList;
import java.util.Collection;
import java.util.Set;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import com.blss.security.securityCommon.entities.SecureOperatorDetails;
import com.blss.security.securityGateway.providers.AccAuthenticationProvider;

import lombok.Data;

@RestController
@RequestMapping("/gateway")
public class AuthenticationDetailsRestController {

    @RequestMapping(value = "/userdetails", method = RequestMethod.GET)
    public UserDetailsResource currentUserName(Authentication authentication) {

        ArrayList<String> rolesList = new ArrayList<>();
        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
        authorities
            .forEach(a -> {
                if (!a.getAuthority().startsWith(
                    AccAuthenticationProvider.CAD_TOKEN_AUTHORITY_PREFIX)) {
                    rolesList.add(a.getAuthority());
                }
            });

        SecureOperatorDetails operator = ((SecureOperatorDetails) authentication.getDetails());

        return new UserDetailsResource(
                authentication.getName(),
                operator.getOperator().getName(),
                operator.getOperator().getPermittedRetailerIds(),
                operator.getOperator().getStores(),
                operator.getOperator().getRetailerId(),
                operator.getDefaultStoreId(),
                operator.getDeviceId(),
                rolesList);
    }

    @Data
    static class UserDetailsResource {
        private final String username;
        private final String name;
        private final Set<String> retailerIds;
        private final Set<String> stores;
        private final String retailerId;
        private final String storeId;
        private final String deviceId;
        private final ArrayList<String> roles;
    }
}

问题

我不知道如何模拟身份验证并将其注入到我的测试中 class 以避免 401 http 异常 访问此资源需要完整的身份验证

Now I would be grateful if anyone can help me solve this problem

您可以使用 org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers

配置身份验证模拟

那么你应该像下一个一样初始化它:

private MockMvc mockMvc;

@Override
protected void before() {
    this.mockMvc = webAppContextSetup(context).apply(SecurityMockMvcConfigurers.springSecurity()).build();
}

我将以下代码片段添加到我的测试中 class,然后身份验证被正确注入:

  1. 添加此以获得自定义身份验证:

    private MockMvc mockMvc;

@Autowired
private Authentication authentication;   
@Bean
public Authentication authentication() {
    Collection<GrantedAuthority> authorities = new ArrayList<>();
    authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
    UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("customUsername", "customPassword", authorities); return authentication; }

    • 在设置方法中添加以下内容:

      @之前
      public void setUp() 抛出异常 {
      SecurityContextHolder.getContext().setAuthentication(认证); mockMvc = MockMvcBuilders.webAppContextSetup(上下文) .addFilter(new ShallowEtagHeaderFilter()) .apply(文档配置(restDocumentation)) .apply(springSecurity()) 。建造(); }

备注:

  • springSecurity() 用于启用身份验证注入;否则,身份验证对象在主 class 中将为空(您为它编写的 class 测试)。

  • SecurityContextHolder.getContext().setAuthentication(认证);用于注入自定义身份验证;否则默认的会被springSecurity()

    • 注入