在 Spring Boot 1.4.1 中,我想对使用 @PreAuthorize 访问受限的服务方法进行单元测试(而不是集成测试)。问题是从 Eclipse 启动测试独奏时似乎没有检查 @PreAuthorize (尚未尝试使用 mvn test)。然后,如果我奇迹般地设法正确运行测试,我将尝试使用 StudyService 接口,而不是 impl。这是我的测试课:@RunWith(MockitoJUnitRunner.class)public class TestMethodSecurity { private static final Long STUDY_ID = 1L; @Mock private StudyRepository studyRepository; @InjectMocks private StudyServiceImpl studyService; @Before public void setup() { given(studyRepository.findOne(STUDY_ID)).willReturn(ModelsUtil.createStudy()); } @Test public void findByIdWithoutAccessRightTest() { Study study = studyService.findById(STUDY_ID); }}这是服务:@Servicepublic class StudyServiceImpl implements StudyService { @Autowired private StudyRepository studyRepository; @Override @PreAuthorize("hasAnyRole('DOES NOT EVENT CHECK SYNTAX") public Study findById(final Long id) { return studyRepository.findOne(id); }}测试成功,这是失败。
3 回答
拉丁的传说
TA贡献1789条经验 获得超8个赞
用注释你的测试类
@RunWith(SpringRunner.class)
@ContextConfiguration
你的方法应该是这样的
@Test(expected = AccessDeniedException.class)
@WithAnonymousUser
@Test
public void findByIdWithoutAccessRightTest() {
Study study = studyService.findById(STUDY_ID);
}
如果不至少加载安全上下文,您将无法测试安全性。
你可能想看看这个例子:
public ApplicationUser getApplicationUser() {
ApplicationUser applicationUser = (ApplicationUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
return applicationUser;
}
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import static org.mockito.Mockito.when;
import static org.mockito.Mockito.mock;
import org.mockito.MockitoAnnotations;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import com.arpit.security.user.ApplicationUser;
public class BaseTest {
@Before
public void setupMock() {
MockitoAnnotations.initMocks(this);
}
@Test
public void mockApplicationUser() {
ApplicationUser applicationUser = mock(ApplicationUser.class);
Authentication authentication = mock(Authentication.class);
SecurityContext securityContext = mock(SecurityContext.class);
when(securityContext.getAuthentication()).thenReturn(authentication);
SecurityContextHolder.setContext(securityContext);
when(SecurityContextHolder.getContext().getAuthentication().getPrincipal()).thenReturn(applicationUser);
}
}
取自:https ://www.javacodegeeks.com/2017/05/mocking-spring-security-context-unit-testing.html
而且我想您的服务方法故意有语法错误?(缺少括号和错误的引号?)
忽然笑
TA贡献1806条经验 获得超5个赞
这就是我让它工作的方式:
@RunWith(SpringRunner.class)
@SpringBootTest
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ActiveProfiles("test")
public class StudySecurityTest {
@Autowired
private StudyService service;
@MockBean
private StudyRepository repository;
@Test
@WithAnonymousUser
public void testAsAnonymous() {
...
}
@Test
@WithMockKeycloakUser(id = LOGGED_USER_ID, username = LOGGED_USER_USERNAME, authorities = { "ROLE_USER" })
public void testAsUser() {
...
}
}
如果你有兴趣@WithMockKeycloakUser,问我。
慕码人8056858
TA贡献1803条经验 获得超6个赞
如果要测试 Spring Security 注释,则需要使用SpringRunner它将创建 Spring Context 并将 Spring Security 代码注入代理类。
如何测试 Spring Security 你可以在这里找到。
添加回答
举报
0/150
提交
取消