使用spring安全性的java集成测试
我需要向API发送一个get请求,但是尽管已经放置了管理员注释get错误@WithMockUser(roles="ADMINISTRADOR")。
如何发送请求
原料药
@RequestMapping(value = "/{id}", method = RequestMethod.GET)
@PostAuthorize("returnObject.instancia == principal.instancia.instancia")
public Validacao retrieve(@PathVariable("id") String id) {
return validacaoService.retrieve(id);
}
试验
@Test
@WithMockUser(roles = "ADMINISTRADOR")
public void testCRetrieve() throws Exception {
this.mockMvc
.perform(get("/api/validacao/" + id).with(user("daniela.morais@sofist.com.br")))
.andExpect(status().isOk())
.andReturn();
}
日志
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
测试班
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(classes = {ValidacaoAPITest.TestConfiguration.class, WithSecurityConfig.class})
@WebAppConfiguration
public class ValidacaoAPITest {
@EnableWebMvc
@Configuration
public static class TestConfiguration {
Fongo fongo = new Fongo("new server 1");
DB db = fongo.getDB("oknok");
@Bean
ValidacaoAPI getValidacaoAPI() {
return new ValidacaoAPI();
}
@Bean
ActiveUser getActiveUser() {
ActiveUser mock = Mockito.mock(ActiveUser.class);
when(mock.getUser()).thenReturn(new User().setEmail("email@email.com"));
when(mock.getInstancia()).thenReturn(new Instancia().setInstancia("instancia"));
return mock;
}
@Bean
ValidacaoService getValidacaoService() {
return new ValidacaoService();
}
@Bean
MatchService getMatchService() {
return new MatchService();
}
@Bean
PlanilhaReader getPlanilhaReader() {
return new PlanilhaReader();
}
@Bean
AtributoReader getAtributoReader() {
return new AtributoReader();
}
@Bean
AtributoDAO getAtributoDAO() {
return new AtributoDAO();
}
@Bean
UploadService getUploadService() {
return new UploadService();
}
@Bean
ValidacaoResultadoDAO getValidacaoResultadoDAO() {
return new ValidacaoResultadoDAO(db);
}
@Bean
Mapper getMapper() {
return new Mapper(db);
}
@Bean
UploadDAO getUploadDAO() {
return new UploadDAO(db);
}
@Bean
MatchDAO getMatchDAO() {
return new MatchDAO(db);
}
@Bean
ValidacaoDAO getValidacaoDAO() {
return new ValidacaoDAO(db);
}
@Bean
UploadOriginalsDAO getUploadOriginalsDAO() {
return new UploadOriginalsDAO(db);
}
@Bean
AtributoValidator getAtributoValidator() {
return new AtributoValidator();
}
}
@Autowired
MatchService matchService;
@Autowired
private WebApplicationContext context;
private MockMvc mockMvc;
private static String id;
@Before
public void setup() {
mockMvc = MockMvcBuilders.webAppContextSetup(context).build();
}
@Test
public void testACreateValidation() throws Exception {
MvcResult result = this.mockMvc
.perform(post("/api/validacao"))
.andExpect(status().isOk())
.andExpect(jsonPath("$.id", notNullValue()))
.andReturn();
this.id = ((BasicDBObject) JSON.parse(result.getResponse().getContentAsString())).getString("id");
}
@Test
public void testBRetrieveAll() throws Exception {
MvcResult result = this.mockMvc
.perform(get("/api/validacao"))
.andExpect(status().isOk())
.andExpect(jsonPath("$.[0].id", notNullValue()))
.andReturn();
BasicDBList list = (BasicDBList) JSON.parse(result.getResponse().getContentAsString());
this.id = (String) ((BasicDBObject) JSON.parse(list.get(0).toString())).get("id");
}
//FIXME
@Test
@WithMockUser(roles = "ADMINISTRADOR")
public void testCRetrieve() throws Exception {
this.mockMvc
.perform(get("/api/validacao/" + id).with(user("daniela.morais@sofist.com.br")))
.andExpect(status().isOk())
.andReturn();
}
}
# 1 楼答案
在Spring security Reference, section 10.1中指出,为了能够测试Spring的安全功能,您需要在MockMvc对象中集成安全过滤器链,如本例中@Before setup方法所示