手动Spring Security登录的集成测试

如何解决手动Spring Security登录的集成测试

我正在尝试对我的手动Spring Security登录进行集成测试。下面是测试类：

@RunWith(springrunner.class)
@ContextConfiguration
@WebAppConfiguration
@SpringBoottest
@DirtiesContext(methodMode = DirtiesContext.MethodMode.AFTER_METHOD)
class UserIT {


    private mockmvc mockmvc;

    @Autowired
    private ObjectMapper objectMapper;

    @Autowired
    private UserService userService;

    @Autowired
    private WebApplicationContext context;

    @Autowired
    private TestRestTemplate restTemplate;

    @LocalServerPort
    private int port;

    UserDTO userDTO = new UserDTO();
    String username = "user";
    Authorities userAuthorities = new Authorities();
    Set<Authorities> grantedAuthorities = new HashSet<>();

    @BeforeEach
    void setup() {

        mockmvc = mockmvcBuilders
                .webAppContextSetup(context)
                .apply(springSecurity())
                .build();

        userDTO.setUsername(username);
        userDTO.setPassword(username);

        userAuthorities.setUsername(username);
        userAuthorities.setAuthority("ROLE_USER");
        grantedAuthorities.add(userAuthorities);
        userDTO.setAuthorities(grantedAuthorities);


    }

    @Test
    void userLogin() throws Exception {

        mockmvc.perform(post("/user/register/")
                .contentType("application/json")
                .content(objectMapper.writeValueAsstring(userDTO)))
                .andExpect(status().isOk());

        mockmvc.perform(post("/user/login/")
                .contentType("application/json")
                .content(objectMapper.writeValueAsstring(userDTO)))
                .andExpect(status().isOk());

        Collection<GrantedAuthority> authorities = new HashSet<>();
        SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority("ROLE_USER");
        authorities.add(simpleGrantedAuthority);

        MvcResult mvcResult = mockmvc.perform(get("/user/authority/")
                .contentType("application/json"))
                .andReturn();


        assertEquals(authorities,mvcResult.getResponse().getContentAsstring());
    }

}

问题是mvcResult.getResponse().getContentAsstring()返回ROLE_ANONYMOUS而不是ROLE_USER的集合，因为我正在用ROLE_USER权限用户调用登录端点。

下面是我的UserService类：

@Service
@AllArgsConstructor
public class UserServiceImpl implements UserService {
    private final UserRepository userRepository;
    private final AuthenticationManager authenticationManager;

    public UserDetails loadUserByUsername(String username){
        Users user = userRepository.findByUsername(username);
        if (user == null)
            throw new UsernameNotFoundException("Username Not Found");

        UserDetails springUser =
                org.springframework.security.core.userdetails.User.builder()
                .authorities(this.getAuthorities(user))
                .username(username)
                .password(user.getpassword())
                .build();

        return springUser;
    }

    public Collection<? extends GrantedAuthority> getAuthoritiesFromContext(){
        Collection<SimpleGrantedAuthority> authorities = (Collection<SimpleGrantedAuthority>)
                SecurityContextHolder.getContext().getAuthentication().getAuthorities();
        return authorities;
    }

    public Collection<? extends GrantedAuthority> getAuthorities(Users user){
        Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
        user.getAuthorities().forEach(authority ->
                authorities.add(new SimpleGrantedAuthority(authority.getAuthority())));
        return authorities;
    }

    public Users saveUser(UserDTO userDTO){
        Users user = new Users(userDTO.getUsername(),userDTO.getpassword(),userDTO.getAuthorities());
        return userRepository.save(user);
    }

    public UserDetails login(UserDTO userDTO){
        UserDetails userDetails = this.loadUserByUsername(userDTO.getUsername());
        if(userDetails.getpassword().equals(userDTO.getpassword())){
            Authentication authentication =
                    new UsernamePasswordAuthenticationToken(userDetails.getUsername(),userDetails.getAuthorities());

            authentication = authenticationManager.authenticate(authentication);
            SecurityContextHolder.getContext().setAuthentication(authentication);
            return userDetails;
        } else {
            throw new BadCredentialsException("Username and password do not match!");
        }
    }

}

当我尝试通过Postman调用端点时，它们都可以正常工作，但是在测试中，SecurityContext会丢失，并返回ROLE_ANONYMOUS而不是ROLE_USER。我是否在测试课程中缺少一些注释，或者仅仅是我无法为手动登录进行集成测试？

提前谢谢！

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。