[英]How to use Spring MockMVC with custom Spring Security WebSecurityConfigurerAdapter
我有一个WebSecurityConfigurerAdapter的自定义实现,我在其中覆盖config()方法以使用匹配器授权请求。
我需要创建单元测试,使用模拟mvc向我的控制器发送请求,以确保它们被正确阻止。 但是当我运行我的测试时,他们不会加载我的WebSecurityConfigurerAdapter实现。
从我的SecurityConfigSso.class覆盖WebSecurityConfigurerAdapter :: configure()方法:
@Override
protected void configure( HttpSecurity http ) throws Exception {
http.authorizeRequests()
.antMatchers( "/img/**", "lib/**", "/api/event**", "/api/event/**","/login/cas**" ).permitAll()
.antMatchers(HttpMethod.GET, "/**").hasAnyAuthority(AvailableRoles.ANY)
.antMatchers(HttpMethod.POST, "/**").hasAnyAuthority(AvailableRoles.ADMIN, AvailableRoles.GIS_ANALYST)
.antMatchers(HttpMethod.PUT, "/**").hasAnyAuthority(AvailableRoles.ADMIN, AvailableRoles.GIS_ANALYST)
.antMatchers(HttpMethod.DELETE, "/**").hasAnyAuthority(AvailableRoles.ADMIN, AvailableRoles.GIS_ANALYST)
.anyRequest().authenticated();
}
这是我的单元测试:
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@ContextConfiguration(classes = { SecurityConfigSso.class })
public class SecurityTestControllerTests {
private final String SECURITY_URL = "/security";
private MockMvc mockMvc;
@Autowired
private WebApplicationContext context;
@Before
public void init() {
Assert.assertNotNull(context);
mockMvc = MockMvcBuilders.webAppContextSetup(context).build();
}
@Test
public void postMethodShouldBeForbiddenToGuest() throws Exception {
this.mockMvc.perform(post(SECURITY_URL).with(user("test").roles(AvailableRoles.GUEST)))
.andExpect(status().isForbidden()).andReturn();
}
}
这个测试的结果应该是来自服务器的403,但它仍然是200 ...... :(
您需要为mockMvc添加安全性:
mockMvc = MockMvcBuilders.webAppContextSetup(context)
.apply(org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity())
.build();
没有 WebSecurityConfigurerAdapter 的 Spring Security
[英]Spring Security without the WebSecurityConfigurerAdapter
如何在MockMvc测试期间使用正确的Spring Security配置
[英]How to use the right Spring Security configuration during a MockMvc test
Spring Security WebSecurityConfigurerAdapter特殊字符
[英]Spring Security WebSecurityConfigurerAdapter special characters
Spring Security WebSecurityConfigurerAdapter配置问题
[英]Spring security WebSecurityConfigurerAdapter configuration issue
如何在 Spring 应用程序中同时使用 GlobalMethodSecurityConfiguration 和 WebSecurityConfigurerAdapter
[英]How to use both GlobalMethodSecurityConfiguration and a WebSecurityConfigurerAdapter in a Spring application
使用 MockMvc 测试 spring 安全性时未调用自定义身份验证提供程序
[英]Custom Authentication Provider not called when testing spring security with MockMvc
MockMvc和Spring Security - Null FilterChainProxy
[英]MockMvc and Spring Security - Null FilterChainProxy
无法在自定义 spring 引导启动器中使用 WebSecurityConfigurerAdapter
[英]Can't use WebSecurityConfigurerAdapter in a custom spring boot starter
用于CSRF的Spring Boot Security XML与WebSecurityConfigurerAdapter
[英]Spring Boot Security XML vs WebSecurityConfigurerAdapter for CSRF
Spring 安全性弃用配置 class WebSecurityConfigurerAdapter
[英]Spring Security deprecate the configuration class WebSecurityConfigurerAdapter
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.