安全控制器的测试

Question

我正在尝试测试以下控制器

@Secured(SecurityRule.IS_AUTHENTICATED)
@Controller
class UserController(private val userService: UserService) {
    @Get("/principal")
    fun getPrincipal(principal: Principal): Principal = principal
}

我的测试如下所示

class Credentials(val username: String, val password: String)

class LoginResponse(
    @JsonProperty("access_token") val accessToken: String,
    @JsonProperty("expires_in") val expiresIn: Int,
    @JsonProperty("refresh_token") val refreshToken: String,
    @JsonProperty("token_type") val tokenType: String,
    @JsonProperty("username") val username: String)

@Client("/")
interface Client {
    @Post("/login")
    fun login(@Body credentials: Credentials): LoginResponse

    @Get("/principal")
    fun getPrincipal(@Header authorizationHeader: String): Principal
}

@MicronautTest
internal class UserControllerTest {
    @Inject
    lateinit var authenticationConfiguration: AuthenticationConfiguration

    @Inject
    lateinit var client: Client

    @Test
    fun getPrincipal() {
        val credentials = Credentials(authenticationConfiguration.testUserEmail, authenticationConfiguration.testUserPassword)
        val loginResponse = client.login(credentials)
        val authorizationHeader = "Authorization:Bearer ${loginResponse.accessToken}"
        val principal = client.getPrincipal(authorizationHeader)
    }
}

登录正常。我得到一个不记名令牌并且 authorizationHeader 看起来很好。但是对 client.getPrincipal(authorizationHeader) 的调用失败 io.micronaut.http.client.exceptions.HttpClientResponseException: Unauthorized

知道哪里出了问题吗？

Answer 1

事实证明，我可以按照以下方式声明我的客户。通过命名参数来匹配实际的 http header.

@Client("/")
interface Client {
    ...
    @Get("/principal")
    fun getPrincipal(@Header authorization: String): Principal
}

但也可以让 @Header 注释采用一个参数来指定目标 header 的 http

@Client("/")
interface Client {
    ...
    @Get("/principal")
    fun getPrincipal(@Header("Authorization") authorizationValue: String): Principal
}

安全控制器的测试

Testing of secured controller

kotlin

micronaut

micronaut-client