Spring Boot WebMvc测试不包括Spring Security [英] Spring Boot WebMvc Tests not including Spring Security

问题描述

我正在开发一个具有一定数量控制器的Spring Boot MVC应用程序. 我的根控制器是:

I am developing a Spring Boot MVC application which has a certain number of controllers. My root controller is:

@Controller
@RequestMapping("/")
public class RootController {

    @GetMapping
    public String showStartPage() {
        log.info("GET: Show home page");
        return "index";
    }
}

我已经成功地为控制器实施了MVC测试.我的RootController的测试是:

I have successfully implemented MVC tests for the controllers. The test for my RootController is:

@RunWith(SpringRunner.class)
@WebMvcTest(RootController.class)
public class RootControllerMvcTest {

    @Autowired
    private MockMvc mvc;

    @Test
    public void testRoot() throws Exception {
        mvc.perform(get("/").accept(MediaType.TEXT_HTML))
            .andExpect(status().isOk())
            .andExpect(view().name("index"));
    }
}

问题:

但是，当我引入Spring Security身份验证和授权时，所有的mvc控制器测试都失败了.根控制器测试的断言错误是:

Problem:

But, when I introduced Spring Security authentication and authorization, all the mvc controller tests broke down. Assertion error for the root controller test is:

java.lang.AssertionError: Status 
Expected :200
Actual   :401

我的安全配置为:

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .antMatchers("/", "/fonts/*").permitAll()
            .antMatchers("/user/**").hasAuthority("ADMIN")
            .anyRequest().fullyAuthenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .failureUrl("/login?error")
            .usernameParameter("email")
            .permitAll()
            .and()
            .logout()
            .logoutUrl("/logout")
            .deleteCookies("remember-me")
            .logoutSuccessUrl("/")
            .permitAll()
            .and()
            .rememberMe();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .userDetailsService(userDetailsService)
            .passwordEncoder(new BCryptPasswordEncoder());
    }
}

解决方案:

然后，我设法用以下方法解决了这个问题:

Solution:

Then, I managed to solve the problem with:

@RunWith(SpringRunner.class)
@SpringBootTest
@AutoConfigureMockMvc
public class RootControllerMvcTest {
...
}

在这种情况下，我的测试将加载整个应用程序上下文.

In this case, my tests load the entire Application context.

1. 如何使我的mvc测试与身份验证和授权过程分开，并仅测试控制器的逻辑?
2. 测试身份验证和授权实施的最佳实践是什么?为此，我必须使用@SpringBootTest吗?
3. 单独测试我的控制器和安全逻辑是否是一个明智的决定?

谢谢.

推荐答案

之前提出的方法似乎是在较新版本的spring中已弃用.

The methods proposed before seem to be deprecated in newer versions of spring.

另一方面，现在可以将相同的功能用作附加参数.

On the other hand, the same functionality now can be used as additional arguments.

例如，在我以WebMvcTest为例的情况下，我从

For example, in my case with WebMvcTest I moved from

@RunWith(SpringRunner.class)
@WebMvcTest(ImportController.class)

至

@RunWith(SpringRunner.class)
@WebMvcTest(value = ImportController.class, secure = false)

一切正常.

这篇关于Spring Boot WebMvc测试不包括Spring Security的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！