使用 hasAuthority() 测试 @PreAuthorize 注解
Testing @PreAuthorize annotation with hasAuthority()
我正在尝试对具有 @PreAuthorize 注释的 api 进行单元测试。我从 Jwt 获取认知组并将它们用作权威。我在 api 方法的预授权注释中检查了相同的内容。
更新:
我收到 404 没有映射删除 profile/VOlUc3F5A_test.txt 存在
测试class:
import combackend.StorageController;
import com.backend.config.;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@RunWith(SpringRunner.class)
@ContextConfiguration(classes = Config.class)
@SpringBootTest
@AutoConfigureMockMvc
//@WebMvcTest(StorageController.class)
public class Tests {
@Autowired
private MockMvc mockMvc;
@Test
@WithMockUser(username = "admin@domain.com", password = "Password", authorities = "admin")
public void testDeleteCardProfile() throws Exception {
MvcResult result = mockMvc.perform(MockMvcRequestBuilders
.delete("http://localhost:9092/profile/{fileKey}", "VOlUc3F5A_test.txt").with(SecurityMockMvcRequestPostProcessors.csrf())).andReturn();
Assert.assertEquals(200, result.getResponse().getStatus());
// .andExpect(status().isOk());
}
}
控制器方法:
@ApiResponses({ @ApiResponse(responseCode = "204", description = "Returns the delete success message"),
@ApiResponse(responseCode = "400", description = "Failed to delete file : Badrequest"),
@ApiResponse(responseCode = "404", description = "Failed to delete file, NotFound") })
@RequestMapping(value = "/profile/{fileKey}", consumes = MediaType.ALL_VALUE, method = { RequestMethod.DELETE })
@PreAuthorize("hasAuthority('admin')")
public Mono<Boolean> deleteProfile(@AuthenticationPrincipal Jwt jwt, @PathVariable("fileKey") String fileKey) {
return storageService.removeProfile(fileKey);
}
错误消息指出 this.mockMvc 是 null。在您共享的代码中,您没有在任何地方初始化 this.mockMvc。
也许你的意思是自动装配它
@Autowired
private MockMvc mockMvc;
您所做的问题是 mockMvc 未配置为在测试期间使用 spring 安全性。您当前的解决方案仅处理 Method SecuritySee for clarification.
Setup 你的 mockMvc 正确并且它应该工作。
@Before
public void setup() {
mvc = MockMvcBuilders
.webAppContextSetup(context)
.apply(springSecurity())
.build();
}
我正在尝试对具有 @PreAuthorize 注释的 api 进行单元测试。我从 Jwt 获取认知组并将它们用作权威。我在 api 方法的预授权注释中检查了相同的内容。 更新: 我收到 404 没有映射删除 profile/VOlUc3F5A_test.txt 存在
测试class:
import combackend.StorageController;
import com.backend.config.;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@RunWith(SpringRunner.class)
@ContextConfiguration(classes = Config.class)
@SpringBootTest
@AutoConfigureMockMvc
//@WebMvcTest(StorageController.class)
public class Tests {
@Autowired
private MockMvc mockMvc;
@Test
@WithMockUser(username = "admin@domain.com", password = "Password", authorities = "admin")
public void testDeleteCardProfile() throws Exception {
MvcResult result = mockMvc.perform(MockMvcRequestBuilders
.delete("http://localhost:9092/profile/{fileKey}", "VOlUc3F5A_test.txt").with(SecurityMockMvcRequestPostProcessors.csrf())).andReturn();
Assert.assertEquals(200, result.getResponse().getStatus());
// .andExpect(status().isOk());
}
}
控制器方法:
@ApiResponses({ @ApiResponse(responseCode = "204", description = "Returns the delete success message"),
@ApiResponse(responseCode = "400", description = "Failed to delete file : Badrequest"),
@ApiResponse(responseCode = "404", description = "Failed to delete file, NotFound") })
@RequestMapping(value = "/profile/{fileKey}", consumes = MediaType.ALL_VALUE, method = { RequestMethod.DELETE })
@PreAuthorize("hasAuthority('admin')")
public Mono<Boolean> deleteProfile(@AuthenticationPrincipal Jwt jwt, @PathVariable("fileKey") String fileKey) {
return storageService.removeProfile(fileKey);
}
错误消息指出 this.mockMvc 是 null。在您共享的代码中,您没有在任何地方初始化 this.mockMvc。
也许你的意思是自动装配它
@Autowired
private MockMvc mockMvc;
您所做的问题是 mockMvc 未配置为在测试期间使用 spring 安全性。您当前的解决方案仅处理 Method SecuritySee for clarification.
Setup 你的 mockMvc 正确并且它应该工作。
@Before
public void setup() {
mvc = MockMvcBuilders
.webAppContextSetup(context)
.apply(springSecurity())
.build();
}