spring - Spring Security WebTestClient 在模拟 JWT 时不调用 OncePerRequestFilter
问题描述
Spring Boot 版本:2.4.2
我的应用程序实现了以下工作流程:
- 外部客户端发送 HTTP 请求,
Authorization
标头中包含 JWT 令牌。 JwtRequestfilter
扩展并从令牌中OncePerRequestFilter
提取信息。- 这将传递给
CustomUserDetailsService
which 检查具有此信息的用户是否存在于数据库中。 @AuthenticationPrincipal
仅当此检查通过时,才会使用作为参数调用控制器方法。
现在我想用 Spring 测试这个控制器方法@WebTestClient
并用mockJwt()
. 我成功地设法让测试请求调用CustomUserDetailsService
但似乎有两个问题:
JwtRequestFilter
根本不调用,即不调用方法loadUserById()
。- 没有找到该用户
CustomUserDetailsService
。由于我想依赖实际的数据库,我的想法是用 Mockito 模拟存储库,但它总是抛出UsernameNotFoundException
.
这是测试实现:
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
public class UserControllerIT {
@Autowired
private WebApplicationContext context;
private WebTestClient webTestClient;
@MockBean
private UserRepo userRepo;
@BeforeEach
public void setup() {
webTestClient = MockMvcWebTestClient
.bindToApplicationContext(this.context)
.apply(springSecurity())
.build();
}
@Test
@WithUserDetails
public void testIt() {
final User user = createUser("foo@bar.com", "my-password");
when(userRepo.findByEmail(anyString())).thenReturn(Optional.of(user));
when(userRepo.findById(anyLong())).thenReturn(Optional.of(user));
webTestClient
.mutateWith(mockJwt())
.get()
.uri("/services/user")
.accept(MediaType.APPLICATION_JSON)
.exchange()
.expectStatus().is2xxSuccessful();
}
}
以下是相关类:
JwtRequestFilter
@Component
@Slf4j
public class JwtRequestFilter extends OncePerRequestFilter {
private static final String BEARER_PREFIX = "Bearer ";
private final HandlerExceptionResolver resolver;
private final JwtService jwtService;
private final CustomUserDetailsService userDetailsService;
public JwtRequestFilter(@Qualifier("handlerExceptionResolver") HandlerExceptionResolver resolver, JwtService jwtService, CustomUserDetailsService userDetailsService) {
this.resolver = resolver;
this.jwtService = jwtService;
this.userDetailsService = userDetailsService;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
try {
String token = parseTokenFromRequest(request);
if (isNotBlank(token)) {
String subject = jwtService.getSubject(token);
if (isNotBlank(subject) && isNull(SecurityContextHolder.getContext().getAuthentication())) {
final MyaUserDetails userDetails = userDetailsService.loadUserById(Long.valueOf(subject));
if (jwtService.validateToken(token, userDetails)) {
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
}
}
filterChain.doFilter(request, response);
} catch (JwtException e) {
resolver.resolveException(request, response, null, e);
}
}
private String parseTokenFromRequest(HttpServletRequest request) {
String token = request.getHeader(HttpHeaders.AUTHORIZATION);
if (isNotBlank(token) && token.startsWith(BEARER_PREFIX)) {
return token.substring(BEARER_PREFIX.length());
} else {
return null;
}
}
}
CustomUserDetailsService
@Service
@RequiredArgsConstructor
public class CustomUserDetailsService implements UserDetailsService {
private static final String USER_NOT_FOUND = "User not found";
private final UserRepo userRepo;
@Override
public CustomUserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
final User user = userRepo.findByEmail(username)
.orElseThrow(() -> new UsernameNotFoundException(USER_NOT_FOUND));
return buildUserDetails(user);
}
public CustomUserDetails loadUserById(Long id) throws UsernameNotFoundException {
final User user = userRepo.findById(id)
.orElseThrow(() -> new UsernameNotFoundException(USER_NOT_FOUND));
return buildUserDetails(user);
}
}
用户控制器
@GetMapping
public ResponseEntity<UserData> getUserData(@AuthenticationPrincipal CustomUserDetails userDetails) {
try {
final UserData userData = userService.getUser(userDetails.getId());
return ResponseEntity.ok(userData);
} catch (UserNotFoundException e) {
log.error("User with id {} not found", userDetails.getId());
return ResponseEntity.notFound().build();
}
}
解决方案
推荐阅读
- sql-server - 外键引用无效表。无法创建约束或索引
- xcode - 代码设计抛出错误'errSecInternalComponent'
- java - Swing - 如何制作具有不透明内容的透明 JFrame?
- firebase - Google Firebase SSL 证书 - 我的证书列出了大量其他网站
- java - 运行 jar - JSONObject 抛出 IllegalArgumentException
- c# - 如何从 webresponse/streamreader 捕获数据并将其写回控制台?
- java - 在 Java 中覆盖树节点引用的问题
- typescript - TypeScript 递归条件映射类型
- c++ - 将 const *char[] 变量与 char[] 连接起来
- kubernetes - master会知道k8s中workers/nodes上的数据吗