spring-webflux - Spring webflux restdocs - 通过测试用例的安全性
问题描述
我正在为我的应用程序使用 Spring webflux 安全性并尝试编写 Spring webflux restdocs。为测试用例获取未经授权的错误。无论如何,是否有通过休息文档测试用例的安全性?是否可以通过财产来控制?
@ExtendWith({ SpringExtension.class, RestDocumentationExtension.class })
@WebFluxTest({ RegistrationRequesttHandler.class })
@AutoConfigureWebTestClient(timeout = "100000")
class RegistrationRequestHandlerTest {
@Autowired
ApplicationContext context;
@MockBean
private OrgRepository orgRepository;
@MockBean
private UserRepository usrRepository;
@Captor
private ArgumentCaptor<Organization> orgInputCaptor;
@Captor
private ArgumentCaptor<Mono<Organization>> orgMonoInputCaptor;
@Captor
private ArgumentCaptor<User> usrInputCaptor;
private WebTestClient webTestClient;
@BeforeEach
void setUp(RestDocumentationContextProvider restDocumentation) {
webTestClient = WebTestClient.bindToApplicationContext(context).configureClient()
.filter(documentationConfiguration(restDocumentation)).responseTimeout(Duration.ofMillis(100000))
.build();
}
@Test
public void testRegister() {
final Register register = new Register();
final Organization org = new Organization();
final User usr = new User();
given(orgRepository.save(orgInputCaptor.capture())).willReturn(Mono.just(org));
given(usrRepository.save(usrInputCaptor.capture())).willReturn(Mono.just(usr));
webTestClient.mutateWith(csrf()).post().uri(REGISTER_PATH).contentType(APPLICATION_JSON).bodyValue(register).exchange()
.expectStatus().is2xxSuccessful().expectBody();
StepVerifier.create(orgMonoInputCaptor.getValue()).expectNext(org).expectComplete();
then(usrRepository).should().save(usrInputCaptor.capture());
}
private String buildRegister() {
// TODO Auto-generated method stub
return null;
}
}
在这里,我正在测试设置为 permitAll() 的 /register api。
@Bean
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
return http.authorizeExchange().matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.pathMatchers("/register", "/login").permitAll()
.anyExchange().authenticated()
.and().formLogin()
.securityContextRepository(securityContextRepository())
.and()
.exceptionHandling()
.accessDeniedHandler(new HttpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))
.and().csrf().disable()
.build();
}
但是 testRegister 仍然出现 401 错误。我们是否还需要使用 permitAll 为注册 API 创建 SecurityWebFilterChain 的测试 bean?
解决方案
默认情况下,测试类启用了 spring-security,为了测试公共 API,我们必须通过排除 AutoConfiguration 来跳过安全性。
@ExtendWith(SpringExtension.class)
@WebFluxTest(controllers = AuthController.class, excludeAutoConfiguration = ReactiveSecurityAutoConfiguration.class)
public class AuthControllerTest {
@Autowired
private WebTestClient webClient;
@MockBean
AuthService authService;
@Test
public void shouldSignUp() {
UserDto userDto = UserDto.builder()
.firstName("firstName")
.lastName("lastName")
.phone("phone")
.password("password")
.email(TEST_EMAIL)
.role(UserRoles.ADMIN)
.build();
when(authService.signup(any(UserDto.class))).thenReturn(Mono.just(userDto));
webClient
.post().uri("/auth/v1/signup")
.bodyValue(userDto)
.exchange()
.expectStatus()
.isOk()
.expectBody(UserDto.class);
}
}
https://github.com/Brajendra/springboot-reactive-starter-kit
推荐阅读
- sql - 存储过程:从表“A”中选择数据并在表“B”中插入数据
- javascript - 为什么我的环境变量在反应中未定义?
- android - 如何在 adnroid 中更新 Room 版本?
- python - 为什么我得到不同的 roc_auc_scores?
- javascript - AG Grid 在初始化时展开行
- excel - @ 运算符在不需要时出现
- jsf-2.2 - Mojarra 2.2 中与 Flash 相关的 cookie 问题
- python-3.x - Python:如何为 numpy.int64 打印带有多个参数的 for 循环?
- flutter - CustomPaint 在 Flutter 中设计一个下一个
- r - 在 R 中并行化随机森林学习改变了 RF 对象的类别