使用spring security进行集成测试
我需要向API发送一个get请求,但是尽管已经放置了管理员注释 ,但是获取错误 @WithMockUser(roles="ADMINISTRADOR") 。
我如何发送请求?
API
@RequestMapping(value = "/{id}", method = RequestMethod.GET) @PostAuthorize("returnObject.instancia == principal.instancia.instancia") public Validacao retrieve(@PathVariable("id") String id) { return validacaoService.retrieve(id); }
测试
@Test @WithMockUser(roles = "ADMINISTRADOR") public void testCRetrieve() throws Exception { this.mockMvc .perform(get("/api/validacao/" + id).with(user("daniela.morais@sofist.com.br"))) .andExpect(status().isOk()) .andReturn(); }
日志
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
测试类
@FixMethodOrder(MethodSorters.NAME_ASCENDING) @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(classes = {ValidacaoAPITest.TestConfiguration.class, WithSecurityConfig.class}) @WebAppConfiguration public class ValidacaoAPITest { @EnableWebMvc @Configuration public static class TestConfiguration { Fongo fongo = new Fongo("new server 1"); DB db = fongo.getDB("oknok"); @Bean ValidacaoAPI getValidacaoAPI() { return new ValidacaoAPI(); } @Bean ActiveUser getActiveUser() { ActiveUser mock = Mockito.mock(ActiveUser.class); when(mock.getUser()).thenReturn(new User().setEmail("email@email.com")); when(mock.getInstancia()).thenReturn(new Instancia().setInstancia("instancia")); return mock; } @Bean ValidacaoService getValidacaoService() { return new ValidacaoService(); } @Bean MatchService getMatchService() { return new MatchService(); } @Bean PlanilhaReader getPlanilhaReader() { return new PlanilhaReader(); } @Bean AtributoReader getAtributoReader() { return new AtributoReader(); } @Bean AtributoDAO getAtributoDAO() { return new AtributoDAO(); } @Bean UploadService getUploadService() { return new UploadService(); } @Bean ValidacaoResultadoDAO getValidacaoResultadoDAO() { return new ValidacaoResultadoDAO(db); } @Bean Mapper getMapper() { return new Mapper(db); } @Bean UploadDAO getUploadDAO() { return new UploadDAO(db); } @Bean MatchDAO getMatchDAO() { return new MatchDAO(db); } @Bean ValidacaoDAO getValidacaoDAO() { return new ValidacaoDAO(db); } @Bean UploadOriginalsDAO getUploadOriginalsDAO() { return new UploadOriginalsDAO(db); } @Bean AtributoValidator getAtributoValidator() { return new AtributoValidator(); } } @Autowired MatchService matchService; @Autowired private WebApplicationContext context; private MockMvc mockMvc; private static String id; @Before public void setup() { mockMvc = MockMvcBuilders.webAppContextSetup(context).build(); } @Test public void testACreateValidation() throws Exception { MvcResult result = this.mockMvc .perform(post("/api/validacao")) .andExpect(status().isOk()) .andExpect(jsonPath("$.id", notNullValue())) .andReturn(); this.id = ((BasicDBObject) JSON.parse(result.getResponse().getContentAsString())).getString("id"); } @Test public void testBRetrieveAll() throws Exception { MvcResult result = this.mockMvc .perform(get("/api/validacao")) .andExpect(status().isOk()) .andExpect(jsonPath("$.[0].id", notNullValue())) .andReturn(); BasicDBList list = (BasicDBList) JSON.parse(result.getResponse().getContentAsString()); this.id = (String) ((BasicDBObject) JSON.parse(list.get(0).toString())).get("id"); } //FIXME @Test @WithMockUser(roles = "ADMINISTRADOR") public void testCRetrieve() throws Exception { this.mockMvc .perform(get("/api/validacao/" + id).with(user("daniela.morais@sofist.com.br"))) .andExpect(status().isOk()) .andReturn(); } }
在Spring安全性参考中,第10.1节规定,为了能够测试弹簧安全性function,您需要在MockMvc对象中集成安全性filter链,如@Before安装方法中的此示例所示。
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration @WebAppConfiguration public class CsrfShowcaseTests { @Autowired private WebApplicationContext context; private MockMvc mvc; @Before public void setup() { mvc = MockMvcBuilders .webAppContextSetup(context) .apply(springSecurity()) .build(); } ... }