【问题标题】:Change authorized user in tests在测试中更改授权用户
【发布时间】:2021-02-24 23:29:21
【问题描述】:

我想在一个测试中测试一组具有不同角色的用户对方法的访问。我正在尝试像这样更改登录用户:

@Test
void allMenusAuthorizePermissions() throws Exception {

        for (User user : ALL_ROLES_USERS) {
            Authentication authentication = new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), user.getAuthorities());
            SecurityContextHolder.clearContext();
            SecurityContextHolder.getContext().setAuthentication(authentication);

            log.debug("User role: " + user.getAuthorities());

            if (user == ADMIN || user == EDITOR) {
                perform(get(MenuEditorController.MENU_EDITOR_URL).principal(authentication))
                        .andExpect(status().isOk());
            }else{
                perform(get(MenuEditorController.MENU_EDITOR_URL).principal(authentication))
                        .andExpect(status().isForbidden());
            }

        }
}

但无论我多么努力,perform(get (...)) 总是从 ALL_ROLES_USERS 数组中的第一个用户开始执行。这可以从日志中看出:

o.s.s.a.i.a.MethodSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@e74255f0: Principal: +79990200001; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: CLIENT

-每次迭代都是同一个用户!

知道为什么会发生这种情况吗?也许 perform(get(...)) 正在传递第一个用户的 JSESSIONID?我不知道在哪里挖了

【问题讨论】:

    标签: spring-security-test


    【解决方案1】:

    你需要使用:

    @Test
        void allMenusAuthorizePermissions() throws Exception {
    
            for (User user : ALL_ROLES_USERS) {
                log.debug("User role: " + user.getAuthorities());
    
                if (user == ADMIN || user == EDITOR) {
    //              perform(get(MenuEditorController.MENU_EDITOR_URL).with(SecurityMockMvcRequestPostProcessors.user(user.getUsername()).authorities(user.getAuthorities())))
                    perform(get(MenuEditorController.MENU_EDITOR_URL).with(SecurityMockMvcRequestPostProcessors.user(user)))
                            .andExpect(status().isOk());
                }else{
                    perform(get(MenuEditorController.MENU_EDITOR_URL).with(SecurityMockMvcRequestPostProcessors.user(user)))
                            .andExpect(status().isForbidden());
                }
    
            }
        }
    

    How to Mock the security context in Spring MVC for testing

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2011-01-08
      • 2019-07-22
      • 2020-12-18
      • 2016-09-26
      • 2021-08-14
      • 2014-07-26
      • 2012-06-05
      • 2019-11-07
      相关资源
      最近更新 更多