如何在 mvcmock 单元测试中注入身份验证
How to inject Authentication in mvcmock unit testing
概览
我有一个注入身份验证的 REST 服务,我想使用 mockmvc 为它创建一个单元测试。我的 RestController class 如下:
import java.util.ArrayList;
import java.util.Collection;
import java.util.Set;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import com.blss.security.securityCommon.entities.SecureOperatorDetails;
import com.blss.security.securityGateway.providers.AccAuthenticationProvider;
import lombok.Data;
@RestController
@RequestMapping("/gateway")
public class AuthenticationDetailsRestController {
@RequestMapping(value = "/userdetails", method = RequestMethod.GET)
public UserDetailsResource currentUserName(Authentication authentication) {
ArrayList<String> rolesList = new ArrayList<>();
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
authorities
.forEach(a -> {
if (!a.getAuthority().startsWith(
AccAuthenticationProvider.CAD_TOKEN_AUTHORITY_PREFIX)) {
rolesList.add(a.getAuthority());
}
});
SecureOperatorDetails operator = ((SecureOperatorDetails) authentication.getDetails());
return new UserDetailsResource(
authentication.getName(),
operator.getOperator().getName(),
operator.getOperator().getPermittedRetailerIds(),
operator.getOperator().getStores(),
operator.getOperator().getRetailerId(),
operator.getDefaultStoreId(),
operator.getDeviceId(),
rolesList);
}
@Data
static class UserDetailsResource {
private final String username;
private final String name;
private final Set<String> retailerIds;
private final Set<String> stores;
private final String retailerId;
private final String storeId;
private final String deviceId;
private final ArrayList<String> roles;
}
}
问题
我不知道如何模拟身份验证并将其注入到我的测试中 class 以避免 401 http 异常 或 访问此资源需要完整的身份验证 。
Now I would be grateful if anyone can help me solve this problem
您可以使用 org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers
配置身份验证模拟
那么你应该像下一个一样初始化它:
private MockMvc mockMvc;
@Override
protected void before() {
this.mockMvc = webAppContextSetup(context).apply(SecurityMockMvcConfigurers.springSecurity()).build();
}
我将以下代码片段添加到我的测试中 class,然后身份验证被正确注入:
添加此以获得自定义身份验证:
private MockMvc mockMvc;
@Autowired
private Authentication authentication;
@Bean
public Authentication authentication() {
Collection<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("customUsername", "customPassword", authorities); return authentication; }
在设置方法中添加以下内容:
@之前
public void setUp() 抛出异常 {
SecurityContextHolder.getContext().setAuthentication(认证);
mockMvc = MockMvcBuilders.webAppContextSetup(上下文)
.addFilter(new ShallowEtagHeaderFilter())
.apply(文档配置(restDocumentation))
.apply(springSecurity())
。建造();
}
备注:
springSecurity() 用于启用身份验证注入;否则,身份验证对象在主 class 中将为空(您为它编写的 class 测试)。
SecurityContextHolder.getContext().setAuthentication(认证);用于注入自定义身份验证;否则默认的会被springSecurity()
概览
我有一个注入身份验证的 REST 服务,我想使用 mockmvc 为它创建一个单元测试。我的 RestController class 如下:
import java.util.ArrayList;
import java.util.Collection;
import java.util.Set;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import com.blss.security.securityCommon.entities.SecureOperatorDetails;
import com.blss.security.securityGateway.providers.AccAuthenticationProvider;
import lombok.Data;
@RestController
@RequestMapping("/gateway")
public class AuthenticationDetailsRestController {
@RequestMapping(value = "/userdetails", method = RequestMethod.GET)
public UserDetailsResource currentUserName(Authentication authentication) {
ArrayList<String> rolesList = new ArrayList<>();
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
authorities
.forEach(a -> {
if (!a.getAuthority().startsWith(
AccAuthenticationProvider.CAD_TOKEN_AUTHORITY_PREFIX)) {
rolesList.add(a.getAuthority());
}
});
SecureOperatorDetails operator = ((SecureOperatorDetails) authentication.getDetails());
return new UserDetailsResource(
authentication.getName(),
operator.getOperator().getName(),
operator.getOperator().getPermittedRetailerIds(),
operator.getOperator().getStores(),
operator.getOperator().getRetailerId(),
operator.getDefaultStoreId(),
operator.getDeviceId(),
rolesList);
}
@Data
static class UserDetailsResource {
private final String username;
private final String name;
private final Set<String> retailerIds;
private final Set<String> stores;
private final String retailerId;
private final String storeId;
private final String deviceId;
private final ArrayList<String> roles;
}
}
问题
我不知道如何模拟身份验证并将其注入到我的测试中 class 以避免 401 http 异常 或 访问此资源需要完整的身份验证 。
Now I would be grateful if anyone can help me solve this problem
您可以使用 org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers
那么你应该像下一个一样初始化它:
private MockMvc mockMvc;
@Override
protected void before() {
this.mockMvc = webAppContextSetup(context).apply(SecurityMockMvcConfigurers.springSecurity()).build();
}
我将以下代码片段添加到我的测试中 class,然后身份验证被正确注入:
添加此以获得自定义身份验证:
private MockMvc mockMvc; @Autowired private Authentication authentication; @Bean public Authentication authentication() { Collection<GrantedAuthority> authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority("ROLE_USER")); UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("customUsername", "customPassword", authorities); return authentication; }在设置方法中添加以下内容:
@之前
public void setUp() 抛出异常 {
SecurityContextHolder.getContext().setAuthentication(认证); mockMvc = MockMvcBuilders.webAppContextSetup(上下文) .addFilter(new ShallowEtagHeaderFilter()) .apply(文档配置(restDocumentation)) .apply(springSecurity()) 。建造(); }
备注:
springSecurity() 用于启用身份验证注入;否则,身份验证对象在主 class 中将为空(您为它编写的 class 测试)。
SecurityContextHolder.getContext().setAuthentication(认证);用于注入自定义身份验证;否则默认的会被springSecurity()
注入