【问题标题】:How to mock AuthenticationManager authenticate method using Spring Security and Mockito如何使用 Spring Security 和 Mockito 模拟 AuthenticationManager 身份验证方法
【发布时间】:2022-01-14 21:19:28
【问题描述】:

我正在尝试使用 Mockito 来测试当用户点击登录 api 时,它是否会使用 JWT 令牌进行响应。但是,我不断收到来自 Spring Security 中的 authenticationManager.authenticate() 方法的 Bad Credentials 错误。我现在正在尝试模拟这种方法,但我不断收到各种不同的错误,并且不确定我的方法是否正确。这是我最新的实现,现在由于 You cannot use argument matchers outside of verification or stubbing 失败,因为它不喜欢我使用模拟的方式。

@WebMvcTest(value = UserCommandController.class, includeFilters = {
    // to include JwtUtil in spring context
    @ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, classes = JwtUtil.class)})
class UserCommandControllerTest {

Logger logger = LoggerFactory.getLogger(UserCommandControllerTest.class);

@MockBean
private UserCommandService userCommandService;

@Autowired
private MockMvc mockMvc;

@MockBean
private UserDetailsServiceImpl userDetailsServiceImpl;

@MockBean
private JwtUtil jwtUtil;

@Autowired
private JwtRequestFilter jwtRequestFilter;

@Autowired
AuthenticationManager authenticationManager;

private static UserDetails dummy;
private static String jwtToken;

@BeforeEach
public void setUp() {
    dummy = new User("user@email.com", "123456", new ArrayList<>());
    jwtToken = jwtUtil.generateToken(dummy);
}


@Test
void testLoginReturnsJwt() throws Exception {

    AuthenticationRequest authenticationRequest = new AuthenticationRequest("user@email.com", "123456");
    AuthenticationResponse authenticationResponse = new AuthenticationResponse("anyjwt");

    String jsonRequest = asJsonString(authenticationRequest);
    String jsonResponse = asJsonString(authenticationResponse);

    RequestBuilder request = MockMvcRequestBuilders
            .post("/api/adverts/user/login")
            .content(jsonRequest)
            .contentType(MediaType.APPLICATION_JSON_VALUE)
            .accept(MediaType.APPLICATION_JSON);

    Authentication authentication = mock(Authentication.class);
    authentication.setAuthenticated(true);
    when(authentication.isAuthenticated()).thenReturn(true);

    when(authenticationManager.authenticate(any())).thenReturn(authentication); // Failing here

    when(jwtUtil.generateToken(dummy)).thenReturn("124");
    when(userDetailsServiceImpl.loadUserByUsername(eq("user@email.com"))).thenReturn(dummy);

    MvcResult mvcResult = mockMvc.perform(request)
            .andExpect(status().is2xxSuccessful())
            .andExpect(content().json(jsonResponse, true))
            .andExpect(jsonPath("$.jwt").value(isNotNull()))
            .andReturn();
}

这是我的控制器:

@PostMapping(value = "/login", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<Object> loginUser(@Valid @RequestBody AuthenticationRequest authenticationRequest) throws Exception {

    try {
        Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(authenticationRequest.getUsername(), authenticationRequest.getPassword()));
    } catch (BadCredentialsException e) {
        throw new Exception("incorrect username or password", e);
    }

    UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());

    String jwt = jwtTokenUtil.generateToken(userDetails);

    return ResponseEntity.ok(new AuthenticationResponse(jwt));
}

谢谢。

PS:这是我的仓库和设置 AuthenticationManager 的位置:https://github.com/francislainy/adverts-backend/blob/dev_jwt/src/main/java/com/example/adverts/MyWebSecurity.java#L30

【问题讨论】:

标签: java unit-testing spring-security mockito spring-boot-test


【解决方案1】:

您需要 AuthenticationManager 成为模拟对象,而您的情况并非如此(@Autowired 注入“真实”实例)。您可以使用 MockBean 注释模拟 bean:

@MockBean
AuthenticationManager authenticationManager;

现在您可以随意模拟authenticationManager

您的代码的另一个问题是您在断言中滥用ArgumentMatchers.isNotNull() 匹配器导致异常:

org.mockito.exceptions.misusing.InvalidUseOfMatchersException: 
Misplaced or misused argument matcher detected here:

-> at com.example.adverts.controller.user.UserCommandControllerTest.testLoginReturnsJwt(UserCommandControllerTest.java:356)

You cannot use argument matchers outside of verification or stubbing.
Examples of correct usage of argument matchers:
    when(mock.get(anyInt())).thenReturn(null);
    doThrow(new RuntimeException()).when(mock).someVoidMethod(any());
    verify(mock).someMethod(contains("foo"))

This message may appear after an NullPointerException if the last matcher is returning an object 
like any() but the stubbed method signature expect a primitive argument, in this case,
use primitive alternatives.
    when(mock.get(any())); // bad use, will raise NPE
    when(mock.get(anyInt())); // correct usage use

Also, this error might show up because you use argument matchers with methods that cannot be mocked.
Following methods *cannot* be stubbed/verified: final/private/equals()/hashCode().
Mocking methods declared on non-public parent classes is not supported.

ArgumentMatchers 提供匹配器用于方法调用存根和验证。你应该改用org.hamcrest.CoreMatchers#notNullValue()

通过这些修复,您的测试全部通过绿色。

【讨论】:

  • 太棒了!太感谢了。是的,使用.andExpect(jsonPath("$.jwt").value(is(notNullValue()))) 和@MockBean 解决了这个问题。并且不需要模拟身份验证方法,因此我在相关行中删除了那些。干杯。
猜你喜欢
  • 2020-03-15
  • 2013-02-18
  • 2011-01-20
  • 2011-10-17
  • 2019-08-04
  • 2013-10-30
  • 2014-04-07
  • 2012-02-18
  • 2012-07-05
相关资源
最近更新 更多