@WithMockUser 不起作用,仍然收到 401

问题描述 投票:0回答:1

这是我的春季测试,我正在测试一个为给定用户创建食谱的安全端点。 测试安全端点的正确方法是什么? @WithMockUser 注解还不够吗? 我仍然收到 401。

package com.joaogoncalves.recipes.controller;

import com.joaogoncalves.recipes.model.RecipeCreate;
import com.joaogoncalves.testcontainers.EnableTestContainers;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.web.server.LocalServerPort;
import org.springframework.http.HttpStatus;
import org.springframework.security.test.context.support.WithMockUser;

import java.util.List;

import static io.restassured.RestAssured.given;

@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@EnableTestContainers
@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
public class RecipeControllerIT {

    @LocalServerPort
    private Integer port;

    @BeforeEach
    void setUp() {
        RestAssured.baseURI = "http://localhost:" + port;
    }

    @Test
    @Order(1)
    @WithMockUser
    public void testRecipeCreateOk() {
        final RecipeCreate recipeCreate = new RecipeCreate(
                "tomato soup",
                "tomato soup with anchovies",
                List.of("tomato", "water", "anchovies"),
                List.of("peel the tomatoes", "add water", "boil for 30 minutes", "add the anchovies"),
                "soup"
        );
        given()
                .contentType(ContentType.JSON)
                .body(recipeCreate)
                .when()
                .post("/api/recipe/new")
                .then()
                .statusCode(HttpStatus.OK.value());
    }
}

提前致谢。

java spring spring-boot spring-security
1个回答
0
投票

我不确定,因为我没有看到您的安全过滤器链设置。让我猜猜。

您的请求是POST方法。如果您的 CSRF 配置已启用,您可以更改服务器状态(如 POST、PUT、DELETE)的请求需要 CSRF 令牌来保护攻击。

如果你不需要CSRF保护,那么在你的配置过滤链中进行这样的设置。根据Spring Security版本的不同有所不同,最新版本的代码是这样的。如果您使用其他版本,请找到如何禁用 CSRF 配置的方法。

package com.example.demo.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(
            HttpSecurity httpSecurity
    ) throws Exception {
    
        // ... other configuration

        httpSecurity.csrf(
                AbstractHttpConfigurer::disable
        );
        return httpSecurity.build();
    }
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.