我使用Spring Boot和Spring Security。我想禁用安全性,以便@PreAuthorize。我部分地做到了,但仍然有一个错误。
安全性被部分禁用。但是有些部分是包含在内的。最后,我想禁用某些测试的安全性
org.springframework.security.access.AccessDeniedException: Access denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:73) ~[spring-security-core-5.5.3.jar:5.5.3]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.attemptAuthorization(AbstractSecurityInterceptor.java:238) ~[spring-security-core-5.5.3.jar:5.5.3]
这是我的控制器
@PreAuthorize("hasAnyAuthority('ADMIN')")
@GetMapping("/hello")
fun hello(): String {
return "Hello"
}
这是我的Spring配置。
@TestConfiguration
@Order(1)
class TestSecurityConfig : WebSecurityConfigurerAdapter() {
@Override
override fun configure(httpSecurity: HttpSecurity) {
http.authorizeRequests()
.anyRequest().permitAll();
http.csrf().disable()
.httpBasic().disable()
.formLogin().disable()
.logout().disable();
}
}
最后是测试类:
@TestInstance(TestInstance.Lifecycle.PER_CLASS)
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = [TestSecurityConfig::class])
@ActiveProfiles("test")
@ExtendWith(SpringExtension::class)
class HelloControllerTest {
@LocalServerPort
private var port: Int = 8281
@Value("#{servletContext.contextPath}")
private lateinit var contextPath: String
private lateinit var url: String
@Autowired
private lateinit var testRestTemplate: TestRestTemplate
@BeforeAll
fun setUp() {
url = UriComponentsBuilder
.fromUriString("http://localhost")
.port(port)
.path(contextPath)
.pathSegment("hello")
.toUriString()
}
@Test
fun hello() {
val responseEntity = testRestTemplate.getForEntity(url, String::class.java)
assertNotNull(responseEntity)
assertEquals(HttpStatus.OK, responseEntity.statusCode)
val response = responseEntity.body
}
通常可以通过spring-test使用mock系统进行授权
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-test</artifactId>
<scope>test</scope>
</dependency>
For web FLUX
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
import org.springframework.beans.factory.annotation.Autowired;
@WithMockUser
@SpringBootTest
@AutoConfigureWebTestClient
class MyTest {
@Autowired
WebTestClient rest;
@Test
void fooTest() {
StatusAssertions.isOk(rest.get().uri(path).exchange().expectStatus())
}
}
For web MVC
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.beans.factory.annotation.Autowired;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@WithMockUser
@AutoConfigureMockMvc
@SpringBootTest
class MyTest {
@Autowired
private MockMvc mvc;
@Test
void fooTest() {
mvc.perform(get("path")).andExpect(status().isOk())
}
}