0
我正在使用spring-security-oauth2版本2.0.5.RELEASE在我的項目中實現oauth2。由於我需要根據用戶在系統中的狀態返回不同的HTTP響應代碼,因此我需要在TokenEndpoint中使用自己的WebResponseExceptionTranslator。版本2.0.5不允許配置spring安全使用自己的異常轉換程序,但可以在最新版本 - 2.0.9 RELEASE中使用。Spring-security-oauth2 2.0.6 - 從2.0.5更新後嘲笑安全無法運行
但自2.0.6版本以來,我的單元測試不起作用。我使用彈簧安全測試4.0.3發行版本嘲笑呼叫控制器如下:
@SpringApplicationConfiguration(classes = {AuthorizationServer.class, WebSecurityConfig.class, AuthorizationServerConfig.class, SpringSecurityConfiguration.class})
@WebAppConfiguration
@TestExecutionListeners({DependencyInjectionTestExecutionListener.class})
@RunWith(SpringJUnit4ClassRunner.class)
public class SecurityTest {
@Autowired
private WebApplicationContext wac;
@Autowired
private FilterChainProxy filterChainProxy;
private MockMvc mockMvc;
@Before
public void setUp() {
mockMvc = webAppContextSetup(wac)
.addFilters(filterChainProxy)
.build();
}
@Test
public void allowPatientsToAccessSecureData() throws Exception {
mockMvc.perform(get(AUTHORIZATION_SERVER + "/user").with(user("user").roles(PATIENT.toString())).secure(true))
.andExpect(status().isOk());
}
}
,但我得到響應訪問被拒絕 - 日誌說,用戶是匿名的。有沒有解決方案讓我的測試再次運行?看起來好像過濾器鏈處理髮生了一些變化。
2016-04-04 09:34:39.460 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-04-04 09:34:39.463 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-04-04 09:34:39.463 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/users/user'; against '/logout'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.s.o.p.a.BearerTokenExtractor : Token not found in headers. Trying request parameters.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.s.o.p.a.BearerTokenExtractor : Token not found in request parameters. Not an OAuth2 request.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] p.a.OAuth2AuthenticationProcessingFilter : Clearing security context.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] p.a.OAuth2AuthenticationProcessingFilter : No token in request, will continue chain.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-04-04 09:34:39.466 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-04-04 09:34:39.466 DEBUG 8512 --- [ main] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2016-04-04 09:34:39.466 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /oauth/users/user; Attributes: [#oauth2.throwOnError(authenticated)]
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2016-04-04 09:34:39.474 DEBUG 8512 --- [ main] o.s.s.access.vote.AffirmativeBased : Voter: org.sp[email protected]130a6eb9, returned: -1
2016-04-04 09:34:39.479 DEBUG 8512 --- [ main] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
當我部署應用程序安全性確實工作時,所以它只是MockMvc問題。