Java 如何为Spring安全方法编写TestNG
这就是我的spring安全方法:Java 如何为Spring安全方法编写TestNG,java,unit-testing,spring-security,testng,Java,Unit Testing,Spring Security,Testng,这就是我的spring安全方法: @Override public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) { logger.trace(String.format("hasPermission() - \nAuthentication - %s\nObject - %s\nPermission Reqd -
@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission)
{
logger.trace(String.format("hasPermission() - \nAuthentication - %s\nObject - %s\nPermission Reqd - %s",
authentication.toString(), targetDomainObject.toString(), permission.toString()));
UserDetails principal = (UserDetails) authentication.getPrincipal();
for (GrantedAuthority authority : principal.getAuthorities()) {
if(authority.getAuthority().equalsIgnoreCase((String)permission)) {
logger.debug("Allowing user to perform operation");
logger.debug("Setting userId {} in the RO", principal.getUsername());
if(targetDomainObject.getClass().isArray()) {
AbstractRO[] domainObjectArray = (AbstractRO[]) targetDomainObject;
for (AbstractRO abstractRO : domainObjectArray) {
abstractRO.setUserId(principal.getUsername());
}
}
return true;
}
}
logger.debug("Dis-allowing user to perform operation. User does not have '{}' granted authority.", permission);
return false;
}
我调用这个函数,如下所示:
@PreAuthorize("isAuthenticated() and hasPermission(#request, 'CREATE_REQUISITION')")
@RequestMapping(method = RequestMethod.POST, value = "/trade/createrequisition")
public
@ResponseBody
void createRequisition(@RequestBody CreateRequisitionRO[] request);
这就是我的testNG类:
package in.hexgen.api.facade;
import javax.annotation.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.testng.annotations.Test;
import com.hexgen.api.facade.security.HexGenPermissionEvaluator;
public class HexGenPermissionEvaluatorTest {
private static final Logger logger = LoggerFactory.getLogger(HexGenPermissionEvaluatorTest.class);
Object name="akash";
Object permission="CREATE_REQUISITION";
Authentication authentication;
@Resource(name = "permissionEval")
private HexGenPermissionEvaluator permissionEval;
@Test
public void hasPermission() {
//authentication.setAuthenticated(true);
logger.debug("HexGenPermissionEvaluator Generate - starting ...");
permissionEval.hasPermission(authentication,name, permission);
logger.debug("HexGenPermissionEvaluator Generate - completed ...");
}
}
但是当我运行测试时,我得到了这个异常
FAILED: hasPermission
java.lang.NullPointerException
at in.hexgen.api.facade.HexGenPermissionEvaluatorTest.hasPermission(HexGenPermissionEvaluatorTest.java:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:80)
at org.testng.internal.Invoker.invokeMethod(Invoker.java:714)
at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:901)
at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1231)
at org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:128)
at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:111)
at org.testng.TestRunner.privateRun(TestRunner.java:767)
at org.testng.TestRunner.run(TestRunner.java:617)
at org.testng.SuiteRunner.runTest(SuiteRunner.java:334)
at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:329)
at org.testng.SuiteRunner.privateRun(SuiteRunner.java:291)
at org.testng.SuiteRunner.run(SuiteRunner.java:240)
at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
at org.testng.TestNG.runSuitesSequentially(TestNG.java:1203)
at org.testng.TestNG.runSuitesLocally(TestNG.java:1128)
at org.testng.TestNG.run(TestNG.java:1036)
at org.testng.remote.RemoteTestNG.run(RemoteTestNG.java:111)
at org.testng.remote.RemoteTestNG.initAndRun(RemoteTestNG.java:204)
at org.testng.remote.RemoteTestNG.main(RemoteTestNG.java:175)
我犯了什么错误,请帮我找到并开除罪犯
致以最诚挚的问候您需要手动设置一个对象,并在全局模式中进行设置。您可以将初始化移到类的测试方法之前、每个方法之前或作为每个测试方法的一部分
@Before
public void setupAuth(){
//password actually doesn't matter, meanwhile GrantedAuthorities should be necessary,
//if you are using built-in checking functions such as "hasAnyRole" etc.
List<GrantedAuthority> grantedAuthorities = Collections.emptyList();
authentication = new UsernamePasswordAuthenticationToken(name, null, grantedAuthorities);
//set authentication into static security context for proper handling by annotations
SecurityContextHolder.getContext().setAuthentication(authentication);
}
@之前
公共void setupAuth(){
//密码其实并不重要,同时授权机构应该是必要的,
//如果您使用的是内置的检查功能,如“hasAnyRole”等。
List grantedAuthories=Collections.emptyList();
authentication=新用户名PasswordAuthenticationToken(名称,null,授权机构);
//将身份验证设置为静态安全上下文,以便通过注释进行正确处理
SecurityContextHolder.getContext().setAuthentication(身份验证);
}
编辑:OP提供了一种有趣的方法,上面描述的方法与之配合使用,它允许对身份验证
对象进行基于注释的控制