【发布时间】:2017-08-24 21:11:18
【问题描述】:
基于这个例子https://github.com/royclarkson/spring-rest-service-oauth我已经修改了源代码添加存储库和其他休息控制器。资源和授权服务器在同一个应用程序中运行/配置。
我添加了一个带有请求正文的端点“/api/login”(POST):
{"usernamme":"foo", "password":"bar"}
我想在控制器调用的服务中为该用户获取访问令牌。此实现如下所示:
控制器
public ResponseEntity<OAuth2AccessToken> login(@RequestBody @Valid final LoginCommand credentials)
throws LoginFailedException, UnexpectedErrorException {
try {
final OAuth2AccessToken token = securityService.authenticate(credentials.getUsername(), credentials.getPassword());
return ResponseEntity.ok(token);
} catch (final InvalidGrantException badCredentialExeption) {
throw new LoginFailedException(badCredentialExeption.getMessage());
} catch (final Exception e) {
throw new UnexpectedErrorException(e.getMessage());
}
}
服务
@Autowired
@Qualifier("OAuth2RestOperations")
private OAuth2RestOperations client;
@Override
public OAuth2AccessToken authenticate(final String username, final String password) {
final ResourceOwnerPasswordResourceDetails resourceDetails = (ResourceOwnerPasswordResourceDetails) client.getResource();
resourceDetails.setUsername(username);
resourceDetails.setPassword(password);
return client.getAccessToken();
}
Rest 客户端配置
@Configuration
@Import({ OauthProperties2.class })
@EnableOAuth2Client
public class RestClientConfig {
@Autowired
private OauthProperties2 oauth;
@Bean(name = "OAuth2RestOperations")
public OAuth2RestOperations restTemplate(final OAuth2ClientContext oauth2ClientContext) {
return new OAuth2RestTemplate(resource(), oauth2ClientContext);
}
@Bean
public OAuth2ProtectedResourceDetails resource() {
final ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
resource.setAccessTokenUri(oauth.getClient().getAccessTokenUri());
resource.setClientId(oauth.getClient().getClientId());
resource.setClientSecret(oauth.getClient().getClientSecret());
resource.setGrantType(oauth.getClient().getGrantType());
resource.setScope(oauth.getClient().getScope());
return resource;
}
}
测试
public class SecurityApiControllerTest extends TestBase {
@InjectMocks
private SecurityApiController controller;
@Test
public void loginOK() throws Exception {
final String credentials = FileUtils.readContent("requests/loginOK.json");
// @formatter:off
mvc.perform(post("/api/login")
.contentType(MediaType.APPLICATION_JSON_VALUE)
.content(credentials))
.andExpect(status().isOk());
// @formatter:on
}
}
测试库
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@SpringBootTest(classes = Application.class)
public class TestBase {
@Autowired
protected WebApplicationContext context;
@Autowired
protected FilterChainProxy springSecurityFilterChain;
protected MockMvc mvc;
@Before
public void setUp() {
MockitoAnnotations.initMocks(this);
mvc = MockMvcBuilders.webAppContextSetup(context).addFilter(springSecurityFilterChain).build();
}
}
运行应用程序时,我可以使用 POSTMAN 调用端点。在测试期间,我收到一个连接被拒绝,如问题标题中所述。我试图找出测试不起作用的原因。谁能给我一个提示来解决这个问题?
【问题讨论】:
标签: java rest spring-mvc spring-boot oauth