unit-testing - @WithUserDetails 似乎不起作用

Question

我有一个应用程序，我在其中使用 Spring Social Security 进行身份验证和授权。不幸的是，我在模拟 Spring Security 时遇到了一些问题。似乎它根本不起作用。

我有一个 REST Controller ，如果它应该返回的实体标识符不可用，它会返回 404 Not Found。如果用户未登录，则任何页面都会重定向到我的应用程序的社交登录页面。

我已阅读 here @WithUserDetails注释最适合我。

所以我的测试方法看起来像这样

@Test
@SqlGroup({
    @Sql(executionPhase = ExecutionPhase.BEFORE_TEST_METHOD, statements = "INSERT INTO UserAccount(id, creationtime, modificationtime, version, email, firstname, lastname, role, signinprovider) VALUES (1, '2008-08-08 20:08:08', '2008-08-08 20:08:08', 1, 'user', 'John', 'Doe', 'ROLE_USER', 'FACEBOOK')"), })
@Rollback
@WithUserDetails
public void ifNoTeamsInTheDatabaseThenTheRestControllerShouldReturnNotFoundHttpStatus() {
    ResponseEntity<String> response = restTemplate.getForEntity("/getTeamHistory/{team}", String.class, "Team");
    Assert.assertEquals(HttpStatus.NOT_FOUND, response.getStatusCode());
}

但这似乎根本不起作用。看起来测试方法是用匿名用户执行的，因为我得到的状态是200 OK。

我的测试类是这样注释的

@RunWith(SpringRunner.class)
@ActiveProfiles("dev")
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
@Transactional
public class TeamRestControllerTest {
    //...
}

有没有人在模拟 Spring Social 提供的 Spring Security 时遇到过这样的问题？

Answer 1

我目前无法对其进行测试，但这是一个可能的解决方案。

查看@WithUserDetails 实现:

@WithSecurityContext(factory = WithUserDetailsSecurityContextFactory.class)
public @interface WithUserDetails {
    ...
}

final class WithUserDetailsSecurityContextFactory implements
        WithSecurityContextFactory<WithUserDetails> {

    private BeanFactory beans;

    @Autowired
    public WithUserDetailsSecurityContextFactory(BeanFactory beans) {
        this.beans = beans;
    }

    public SecurityContext createSecurityContext(WithUserDetails withUser) {
        String beanName = withUser.userDetailsServiceBeanName();
        UserDetailsService userDetailsService = StringUtils.hasLength(beanName)
                ? this.beans.getBean(beanName, UserDetailsService.class)
                : this.beans.getBean(UserDetailsService.class);
        String username = withUser.value();
        Assert.hasLength(username, "value() must be non empty String");
        UserDetails principal = userDetailsService.loadUserByUsername(username);
        Authentication authentication = new UsernamePasswordAuthenticationToken(
                principal, principal.getPassword(), principal.getAuthorities());
        SecurityContext context = SecurityContextHolder.createEmptyContext();
        context.setAuthentication(authentication);
        return context;
    }
}

您可以按照相同的模式创建您选择的安全上下文:

@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
@WithSecurityContext(factory = WithoutUserFactory.class)
public @interface WithoutUser {
}

public class WithoutUserFactory implements WithSecurityContextFactory<WithoutUser> {
    public SecurityContext createSecurityContext(WithoutUser withoutUser) {
        return SecurityContextHolder.createEmptyContext();
    }
}

其他可用的注释: WithAnonymousUser , WithMockUser , WithSecurityContext (和 WithUserDetails)