[英]How to switch user using Spring in Java for testing purposes?
I wrote functionality using Spring Security SwitchUserFilter
. 我使用Spring Security SwitchUserFilter
编写了功能。 In application I can switch user using /j_spring_security_switch_user?j_username=xxx
URL and go back to previous using /j_spring_security_exit_user
. 在实际应用中,我可以使用切换用户/j_spring_security_switch_user?j_username=xxx
的网址,并返回到以前使用/j_spring_security_exit_user
。 I also implemented several methods that depends on fact of switching user, so I want to write unit tests for them. 我还实现了几种取决于切换用户的事实的方法,所以我想为它们编写单元测试。 Therefore my question is how can I switch user in jUnit tests environment? 因此我的问题是如何在jUnit测试环境中切换用户?
I wrote method which is preparing user with SwitchUserGrantedAuthority
and log him in. It seems working fine for my testing purposes, but any tips and comments would be very appreciated. 我编写的方法是使用SwitchUserGrantedAuthority
准备用户并将其登录。对于我的测试目的似乎工作正常,但任何提示和评论都将非常感激。
@SuppressWarnings({ "rawtypes", "unchecked" })
private User logAdminAsUser(User admin, String roleName) {
SecurityContextHolder.getContext().setAuthentication(
new TestingAuthenticationToken(admin, null, "ROLE_ADMIN"));
Authentication adminAuth = SecurityContextHolder.getContext().getAuthentication();
SwitchUserGrantedAuthority switchUserGrantedAuthority =
new SwitchUserGrantedAuthority("ROLE_ADMIN", adminAuth);
List authorities = new LinkedList();
authorities.add(switchUserGrantedAuthority);
User user = populator.storeUser("ROLE_USER");
SecurityContextHolder.getContext().setAuthentication(
new TestingAuthenticationToken(user, null, authorities));
return user;
}
If you want an integrational test, you should consider using a custom http client, or if your test logic depends on it, even GUI drivers like Selenium. 如果您想进行集成测试,您应该考虑使用自定义http客户端,或者如果您的测试逻辑依赖于它,甚至是像Selenium这样的GUI驱动程序。
If we are talking about unit tests, refer to Springs http://spring.io/blog/2014/05/07/preview-spring-security-test-method-security documentation, they support testing heavily, @WithMockUser annotation appears to be what you are looking for, it allows you to specify with which role or user this test should be runned. 如果我们讨论的是单元测试,请参考Springs http://spring.io/blog/2014/05/07/preview-spring-security-test-method-security文档,它们支持大量测试,@ WithMockUser注释出现在是您正在寻找的,它允许您指定应该运行此测试的角色或用户。
I used this: 我用过这个:
private void switchUser(User user, String roleName)
{
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Collection<GrantedAuthority> authorities =
new ArrayList<>();
GrantedAuthority ga = new SimpleGrantedAuthority(roleName);
authorities.add(ga);
Authentication result = new UsernamePasswordAuthenticationTokenExt(
user,
authentication.getCredentials(),
null,
System.currentTimeMillis()
);
SecurityContextHolder.getContext().setAuthentication( result );
}
where User
is the new user, and the roleName
is the new authority to set (of course this method can be modified get more params, etc.) 其中User
是新用户,而roleName
是要设置的新权限(当然这个方法可以修改得更多参数等)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.