问题:当我尝试测试需要身份验证的方法(使用 MockUser)时,它返回 403 错误,我错过了一些东西,尝试了几种方法,但它们不起作用。我不明白为什么会这样,有人能解释一下吗?
例如,我创建简单的应用程序来演示这一点。
Spring-security配置类
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class SpringConfigure extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
configureAuthorization(http);
configureAuthentication(http);
}
private void configureAuthorization(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/api/**").authenticated();
}
private void configureAuthentication(HttpSecurity http) throws Exception {
AuthenticationEntryPoint authenticationEntryPoint = (request, response, e) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED, e.getMessage());
}
}
Controller 类
@RestController
@RequestMapping("api/hello")
public class HelloController {
@RequestMapping(method = RequestMethod.GET)
public String hello(){
return "Hello";
}
}
和我的测试类
@RunWith(SpringRunner.class)
@SpringBootTest(classes = {DemoApplication.class},webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
public class DemoApplicationTests {
RestTemplate restTemplate;
@Before
public void setUp(){
restTemplate = new RestTemplate();
}
@Test
@WithMockUser(username = "user")
public void helloTest() {
System.out.println(SecurityContextHolder.getContext().getAuthentication());
ResponseEntity<String> responseEntity = restTemplate.getForEntity("http://localhost:8080/api/hello",String.class);
}
}
由@WithMockUser创建的用户
Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER
最佳答案
我运行了你的测试代码,看起来没问题。
@Test
@WithMockUser(username = "user")
public void helloTest() {
System.out.println(SecurityContextHolder.getContext().getAuthentication());
ResponseEntity<String> responseEntity = restTemplate.getForEntity("http://localhost:8080/api/hello",String.class);
}
}
System.out.println(responseEntity);
结果:
org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ca25360: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER
<200,Hello
关于java - 无法在 Controller Spring-boot 中测试需要身份验证的方法,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48828926/