Spring security 如何在Spring Security中测试AuthenticationPrincipal并获取ID令牌?
我有下面的Spring security 如何在Spring Security中测试AuthenticationPrincipal并获取ID令牌?,spring-security,spring-security-oauth2,openid-connect,Spring Security,Spring Security Oauth2,Openid Connect,我有下面的LogoutResource类,它返回一个ID令牌 package com.mycompany.myapp.web.rest; import org.springframework.http.ResponseEntity; import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.security.oauth2.client.regis
LogoutResourcepackage com.mycompany.myapp.web.rest;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;
/**
* REST controller for managing global OIDC logout.
*/
@RestController
public class LogoutResource {
private ClientRegistration registration;
public LogoutResource(ClientRegistrationRepository registrations) {
this.registration = registrations.findByRegistrationId("oidc");
}
/**
* {@code POST /api/logout} : logout the current user.
*
* @param request the {@link HttpServletRequest}.
* @param idToken the ID token.
* @return the {@link ResponseEntity} with status {@code 200 (OK)} and a body with a global logout URL and ID token.
*/
@PostMapping("/api/logout")
public ResponseEntity<?> logout(HttpServletRequest request,
@AuthenticationPrincipal(expression = "idToken") OidcIdToken idToken) {
String logoutUrl = this.registration.getProviderDetails()
.getConfigurationMetadata().get("end_session_endpoint").toString();
Map<String, String> logoutDetails = new HashMap<>();
logoutDetails.put("logoutUrl", logoutUrl);
logoutDetails.put("idToken", idToken.getTokenValue());
request.getSession().invalidate();
return ResponseEntity.ok().body(logoutDetails);
}
}
package com.mycompany.myapp.web.rest;
导入org.springframework.http.ResponseEntity;
导入org.springframework.security.core.annotation.AuthenticationPrincipal;
导入org.springframework.security.oauth2.client.registration.ClientRegistration;
导入org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
导入org.springframework.security.oauth2.core.oidc.OidcIdToken;
导入org.springframework.web.bind.annotation.PostMapping;
导入org.springframework.web.bind.annotation.RestController;
导入javax.servlet.http.HttpServletRequest;
导入java.util.HashMap;
导入java.util.Map;
/**
*用于管理全局OIDC注销的REST控制器。
*/
@RestController
公共类LogoutResource{
私人客户登记;
公共登录资源(ClientRegistrationRepository注册){
this.registration=registrations.findByRegistrationId(“oidc”);
}
/**
*{@code POST/api/logout}:注销当前用户。
*
*@param请求{@link HttpServletRequest}。
*@param idToken标识令牌。
*@返回状态为{@code 200(OK)}的{@link ResponseEntity},以及带有全局注销URL和ID令牌的正文。
*/
@后映射(“/api/注销”)
公共响应注销(HttpServletRequest请求,
@AuthenticationPrincipal(expression=“idToken”)OidcIdToken idToken{
String logoutUrl=this.registration.getProviderDetails()
.getConfigurationMetadata().get(“end_session_endpoint”).toString();
Map logoutDetails=newhashmap();
logoutDetails.put(“logoutUrl”,logoutUrl);
logoutDetails.put(“idToken”,idToken.getTokenValue());
request.getSession().invalidate();
返回ResponseEntity.ok().body(logoutDetails);
}
}
package com.mycompany.myapp.web.rest;
import com.mycompany.myapp.JhipsterApp;
import com.mycompany.myapp.config.Constants;
import com.mycompany.myapp.security.AuthoritiesConstants;
import org.junit.Before;
import org.junit.Test;
import org.junit.Ignore;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.MediaType;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
/**
* Integration tests for the {@link LogoutResource} REST controller.
*/
@RunWith(SpringRunner.class)
@SpringBootTest(classes = JhipsterApp.class)
public class LogoutResourceIT {
@Autowired
private ClientRegistrationRepository registrations;
@Autowired
private MappingJackson2HttpMessageConverter jacksonMessageConverter;
private final static String ID_TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9" +
".eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsIm" +
"p0aSI6ImQzNWRmMTRkLTA5ZjYtNDhmZi04YTkzLTdjNmYwMzM5MzE1OSIsImlhdCI6MTU0M" +
"Tk3MTU4MywiZXhwIjoxNTQxOTc1MTgzfQ.QaQOarmV8xEUYV7yvWzX3cUE_4W1luMcWCwpr" +
"oqqUrg";
private MockMvc restLogoutMockMvc;
@Before
public void before() {
LogoutResource logoutResource = new LogoutResource(registrations);
this.restLogoutMockMvc = MockMvcBuilders.standaloneSetup(logoutResource)
.setMessageConverters(jacksonMessageConverter).build();
}
@Test
public void getLogoutInformation() throws Exception {
Map<String, Object> claims = new HashMap<>();
claims.put("groups", "ROLE_USER");
claims.put("sub", 123);
OidcIdToken idToken = new OidcIdToken(ID_TOKEN, Instant.now(),
Instant.now().plusSeconds(60), claims);
String logoutUrl = this.registrations.findByRegistrationId("oidc").getProviderDetails()
.getConfigurationMetadata().get("end_session_endpoint").toString();
restLogoutMockMvc.perform(post("/api/logout")
.with(authentication(createMockOAuth2AuthenticationToken(idToken))))
.andExpect(status().isOk())
.andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8_VALUE))
.andExpect(jsonPath("$.logoutUrl").value(logoutUrl));
}
private OAuth2AuthenticationToken createMockOAuth2AuthenticationToken(OidcIdToken idToken) {
Collection<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority(AuthoritiesConstants.USER));
OidcUser user = new DefaultOidcUser(authorities, idToken);
return new OAuth2AuthenticationToken(user, authorities, "oidc");
}
}
package com.mycompany.myapp.web.rest;
导入com.mycompany.myapp.JhipsterApp;
导入com.mycompany.myapp.config.Constants;
导入com.mycompany.myapp.security.authorities常量;
导入org.junit.Before;
导入org.junit.Test;
导入org.junit.Ignore;
导入org.junit.runner.RunWith;
导入org.springframework.beans.factory.annotation.Autowired;
导入org.springframework.boot.test.context.SpringBootTest;
导入org.springframework.http.MediaType;
导入org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
导入org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
导入org.springframework.security.core.GrantedAuthority;
导入org.springframework.security.core.authority.SimpleGrantedAuthority;
导入org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
导入org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
导入org.springframework.security.oauth2.core.oidc.OidcIdToken;
导入org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
导入org.springframework.security.oauth2.core.oidc.user.OidcUser;
导入org.springframework.security.oauth2.core.user.DefaultOAuth2User;
导入org.springframework.security.oauth2.core.user.OAuth2User;
导入org.springframework.test.context.ContextConfiguration;
导入org.springframework.test.context.junit4.SpringRunner;
导入org.springframework.test.web.servlet.MockMvc;
导入org.springframework.test.web.servlet.setup.MockMvcBuilders;
导入java.time.Instant;
导入java.time.temporal.ChronoUnit;
导入java.time.temporal.TemporalAmount;
导入java.util.ArrayList;
导入java.util.Collection;
导入java.util.HashMap;
导入java.util.Map;
导入静态org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
导入静态org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
导入静态org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
/**
*{@link LogoutResource}REST控制器的集成测试。
*/
@RunWith(SpringRunner.class)
@SpringBootTest(classes=JhipsterApp.class)
公共类LogoutResourceIT{
@自动连线
私人客户端注册存储库注册;
@自动连线
私有映射Jackson2HttpMessageConverter jacksonMessageConverter;
私有最终静态字符串ID_TOKEN=“eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9”+
“.EyjzdwiiixMJ0Nty3ODKwiiIbMfTzSi6IkPvAg4GrG9LiiWiyWrTaw4IonryDwUsim”+
“p0asi6imqznwrmmtrklta5zjytndhmzi04ytkzltdjnmywmzm5mze1osimlhdci6mtu0m”+
“TK3MTU4MYWIZHWIJOXNTQXOTC1MTGZFQ.QaQOarmV8xEUYV7yvWzX3cUE_4W1luMcWCwpr”+
“oqqUrg”;
私有MockMvc restLogoutMockMvc;
@以前
在()之前公开无效{
LogoutResource LogoutResource=新LogoutResource(注册);
this.restLogoutMockMvc=MockMvcBuilders.standaloneSetup(logoutResource)
.setMessageConverters(jacksonMessageConverter).build();
}
@试验
public void getLogoutInformation()引发异常{
Map claims=newhashmap();
声明.声明(“组”、“角色用户”);
索赔。付诸表决(“sub”,123);
OidcIdToken idToken=新的OidcIdToken(ID_TOKEN,Instant.now(),
Instant.now().plusSeconds(60),索赔);
String logoutUrl=this.registrations.findByRegistrationId(“oidc”).getProviderDetails()
.getConfigurationMetadata().get(“end_session_endpoint”).toString();
restLogoutMockMvc.perform(post(“/api/logout”)
.with(身份验证(createMockOAuth2AuthenticationToken(idToken)))
.andExpect(状态().isOk())
.andExpect(content().contentType(MediaType.APPLICATION\u JSON\u UTF8\u VALUE))
.andExpect(jsonPath(“$.logoutUrl”).value(logoutUrl));
}
专用OAuth2AuthenticationToken CreateMockOAuth2Authenticationo
Caused by: java.lang.IllegalArgumentException: tokenValue cannot be empty
at org.springframework.util.Assert.hasText(Assert.java:284)
at org.springframework.security.oauth2.core.AbstractOAuth2Token.<init>(AbstractOAuth2Token.java:55)
at org.springframework.security.oauth2.core.oidc.OidcIdToken.<init>(OidcIdToken.java:53)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:172)