[英]Unit test returns 401 Unauthorized on a permitted route in Spring WebFlux Security
I am trying to test a route that returns array of objects but the test fails because it returns Unauthorized instead of 200 OK我正在尝试测试返回对象数组的路由,但测试失败,因为它返回 Unauthorized 而不是 200 OK
My test class我的测试 class
@RunWith(SpringRunner.class)
@WebFluxTest(value = CatController.class)
class ContentManagementTestApplicationTests {
@Autowired
ApplicationContext context;
@Autowired
private WebTestClient webTestClient;
@MockBean
CatRepository catRepository;
@BeforeEach
public void setup(){
webTestClient=WebTestClient.bindToApplicationContext(context)
.apply(SecurityMockServerConfigurers.springSecurity())
.configureClient()
.build();
}
@Test
void contextLoads() {
}
@Test
public void getApprovedCats(){
webTestClient.get()
.uri("/cat")
.accept(MediaType.APPLICATION_JSON)
.exchange()
.expectStatus().isOk();
}
}
And ApplicationSecurityConfig class, has a SecurityWebFilterChain Bean而ApplicationSecurityConfig class,有一个SecurityWebFilterChain Bean
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http, AuthConverter jwtAuthConverter, AuthManager jwtAuthManager){
AuthenticationWebFilter jwtFilter = new AuthenticationWebFilter(jwtAuthManager);
jwtFilter.setServerAuthenticationConverter(jwtAuthConverter);
return http .csrf().disable()
.authorizeExchange()
.pathMatchers(HttpMethod.GET,"/cat").permitAll()
.anyExchange()
.authenticated()
.and()
.addFilterAt(jwtFilter, SecurityWebFiltersOrder.AUTHORIZATION)
.formLogin().disable()
.httpBasic().disable()
.build();
}
The Error on JUint test shows following JUint 测试错误显示如下
java.lang.AssertionError: Status expected:<200 OK> but was:<401 UNAUTHORIZED> Expected:200 OK Actual:401 UNAUTHORIZED java.lang.AssertionError:预期状态:<200 OK> 但为:<401 UNAUTHORIZED> 预期:200 OK 实际:401 UNAUTHORIZED
Before test fails and shows Unauthorized, in console it prints "Using generated security password: 8e5dd468-3fd1-42b6-864a-c4c2ed2227b7" And I believe that should not be printed since I disabled it in securityFilterChain在测试失败并显示未经授权之前,在控制台中打印“使用生成的安全密码:8e5dd468-3fd1-42b6-864a-c4c2ed2227b7”我认为不应该打印,因为我在 securityFilterChain 中禁用了它
From the Javadoc of @WebFluxTest
:来自
@WebFluxTest
的Javadoc :
Annotation that can be used for a Spring WebFlux test that focuses only on Spring WebFlux components.
可用于仅关注 Spring WebFlux 组件的 Spring WebFlux 测试的注释。 Using this annotation will disable full auto-configuration and instead apply only configuration relevant to WebFlux tests
使用此注释将禁用完全自动配置,而是仅应用与 WebFlux 测试相关的配置
If you are looking to load your full application configuration and use WebTestClient, you should consider @SpringBootTest combined with @AutoConfigureWebTestClient rather than this annotation.
如果您希望加载完整的应用程序配置并使用 WebTestClient,则应考虑将 @SpringBootTest 与 @AutoConfigureWebTestClient 结合使用,而不是使用此注释。
In other words, when using @WebFluxTest
in your test, your SecurityWebFilterChain
is not picked up.换句话说,在您的测试中使用
@WebFluxTest
时,您的SecurityWebFilterChain
不会被选中。
Try annotating your class with @SpringBootTest
instead.尝试使用
@SpringBootTest
注释您的 class。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.