时间戳

首页 > 解决方案 > Spring Security WebTestClient 在模拟 JWT 时不调用 OncePerRequestFilter

spring - Spring Security WebTestClient 在模拟 JWT 时不调用 OncePerRequestFilter

问题描述

Spring Boot 版本:2.4.2

我的应用程序实现了以下工作流程:

  1. 外部客户端发送 HTTP 请求,Authorization标头中包含 JWT 令牌。
  2. JwtRequestfilter扩展并从令牌中OncePerRequestFilter提取信息。
  3. 这将传递给CustomUserDetailsServicewhich 检查具有此信息的用户是否存在于数据库中。
  4. @AuthenticationPrincipal仅当此检查通过时,才会使用作为参数调用控制器方法。

现在我想用 Spring 测试这个控制器方法@WebTestClient并用mockJwt(). 我成功地设法让测试请求调用CustomUserDetailsService但似乎有两个问题:

  1. JwtRequestFilter根本不调用,即不调用方法loadUserById()
  2. 没有找到该用户CustomUserDetailsService。由于我想依赖实际的数据库,我的想法是用 Mockito 模拟存储库,但它总是抛出UsernameNotFoundException.

这是测试实现:

@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
public class UserControllerIT {

    @Autowired
    private WebApplicationContext context;

    private WebTestClient webTestClient;

    @MockBean
    private UserRepo userRepo;

    @BeforeEach
    public void setup() {
        webTestClient = MockMvcWebTestClient
                .bindToApplicationContext(this.context)
                .apply(springSecurity())
                .build();
    }

    @Test
    @WithUserDetails
    public void testIt() {
        final User user = createUser("foo@bar.com", "my-password");

        when(userRepo.findByEmail(anyString())).thenReturn(Optional.of(user));
        when(userRepo.findById(anyLong())).thenReturn(Optional.of(user));

        webTestClient
                .mutateWith(mockJwt())
                .get()
                .uri("/services/user")
                .accept(MediaType.APPLICATION_JSON)
                .exchange()
                .expectStatus().is2xxSuccessful();
    }
}

以下是相关类:

JwtRequestFilter

@Component
@Slf4j
public class JwtRequestFilter extends OncePerRequestFilter {

    private static final String BEARER_PREFIX = "Bearer ";

    private final HandlerExceptionResolver resolver;

    private final JwtService jwtService;
    private final CustomUserDetailsService userDetailsService;

    public JwtRequestFilter(@Qualifier("handlerExceptionResolver") HandlerExceptionResolver resolver, JwtService jwtService, CustomUserDetailsService userDetailsService) {
        this.resolver = resolver;
        this.jwtService = jwtService;
        this.userDetailsService = userDetailsService;
    }

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        try {
            String token = parseTokenFromRequest(request);
            if (isNotBlank(token)) {
                String subject = jwtService.getSubject(token);
                if (isNotBlank(subject) && isNull(SecurityContextHolder.getContext().getAuthentication())) {
                    final MyaUserDetails userDetails = userDetailsService.loadUserById(Long.valueOf(subject));
                    if (jwtService.validateToken(token, userDetails)) {
                        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
                    }
                }
            }
            filterChain.doFilter(request, response);
        } catch (JwtException e) {
            resolver.resolveException(request, response, null, e);
        }
    }

    private String parseTokenFromRequest(HttpServletRequest request) {
        String token = request.getHeader(HttpHeaders.AUTHORIZATION);
        if (isNotBlank(token) && token.startsWith(BEARER_PREFIX)) {
            return token.substring(BEARER_PREFIX.length());
        } else {
            return null;
        }
    }
}

CustomUserDetailsS​​ervice

@Service
@RequiredArgsConstructor
public class CustomUserDetailsService implements UserDetailsService {

    private static final String USER_NOT_FOUND = "User not found";

    private final UserRepo userRepo;

    @Override
    public CustomUserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        final User user = userRepo.findByEmail(username)
                .orElseThrow(() -> new UsernameNotFoundException(USER_NOT_FOUND));
        return buildUserDetails(user);
    }

    public CustomUserDetails loadUserById(Long id) throws UsernameNotFoundException {
        final User user = userRepo.findById(id)
                .orElseThrow(() -> new UsernameNotFoundException(USER_NOT_FOUND));
        return buildUserDetails(user);
    }
}

用户控制器

@GetMapping
public ResponseEntity<UserData> getUserData(@AuthenticationPrincipal CustomUserDetails userDetails) {
    try {
        final UserData userData = userService.getUser(userDetails.getId());
        return ResponseEntity.ok(userData);
    } catch (UserNotFoundException e) {
        log.error("User with id {} not found", userDetails.getId());
        return ResponseEntity.notFound().build();
    }
}

标签: springspring-bootspring-securityspring-test

解决方案

推荐阅读