Java 用于测试的 Spring Boot 设置安全性
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23335200/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Spring Boot setup security for testing
提问by user3168219
I'm unable to configure correctly the security in my tests. My web security configuration:
我无法在测试中正确配置安全性。我的网络安全配置:
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/api/**").hasRole("USER")
.and()
.httpBasic()
;
}
}
And my test class:
还有我的测试课:
@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration
@ContextConfiguration(classes = {Application.class, AppConfig.class, WebMvcConfig.class, WebSecurityConfig.class})
@WebAppConfiguration
public class TestControllerTest {
@Autowired
private WebApplicationContext wac;
private MockMvc mockMvc;
@Before
public void setUp() {
MockitoAnnotations.initMocks(this);
this.mockMvc = webAppContextSetup(wac).dispatchOptions(true).build();
}
@Test
public void getTest() throws Exception {
mockMvc
.perform(get("/api/test"))
.andExpect(status().isForbidden())
;
}
}
I get a 404 status code meaning the security layer is not executed, so it is not configured correctly in my test class.
I tried to switch the classes from @ContextConfigurationto @SpringApplicationConfigurationwithout success.
我得到一个 404 状态代码,这意味着安全层没有被执行,所以它在我的测试类中没有正确配置。我试图将课程从 切换@ContextConfiguration到@SpringApplicationConfiguration没有成功。
采纳答案by geoand
Make the following modifications to your code:
对您的代码进行以下修改:
@Autowired
private FilterChainProxy filterChainProxy;
@Before
public void setUp() {
MockitoAnnotations.initMocks(this);
this.mockMvc = webAppContextSetup(wac).dispatchOptions(true).addFilters(filterChainProxy).build();
}
回答by nivash
As said in referencefor Spring Security 4.0.4:
正如Spring Security 4.0.4参考中所说:
In order to use Spring Security with Spring MVC Test it is necessary to add the Spring Security
FilterChainProxyas aFilter. It is also necessary to add Spring Security'sTestSecurityContextHolderPostProcessorto support Running as a User in Spring MVC Test with Annotations. This can be done using Spring Security'sSecurityMockMvcConfigurers.springSecurity().
为了将 Spring Security 与 Spring MVC Test 一起使用,必须将 Spring Security 添加
FilterChainProxy为Filter. 还需要添加 Spring SecurityTestSecurityContextHolderPostProcessor以支持在带有注释的 Spring MVC 测试中以用户身份运行。这可以使用 Spring Security 的SecurityMockMvcConfigurers.springSecurity().
Example:
例子:
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration
@WebAppConfiguration
public class TestControllerTest {
@Autowired
private WebApplicationContext wac;
private MockMvc mockMvc;
@Before
public void setup() {
mockMvc = MockMvcBuilders
.webAppContextSetup(wac)
.apply(springSecurity()) //will perform all of the initial setup to integrate Spring Security with Spring MVC Test
.build();
}
