Spring 预授权(hasRole)控制器方法下的单元测试
我正在尝试为此控制器方法编写单元测试Spring 预授权(hasRole)控制器方法下的单元测试,spring,unit-testing,authentication,spring-security,Spring,Unit Testing,Authentication,Spring Security,我正在尝试为此控制器方法编写单元测试 @PreAuthorize("hasRole(#d.code) or hasRole('ROLE_ALL_ACCESS')") @RequestMapping(value = "{department}/{examination}", method = RequestMethod.GET) public String show(ModelMap model, Principal principal, Locale locale, D d) {
@PreAuthorize("hasRole(#d.code) or hasRole('ROLE_ALL_ACCESS')")
@RequestMapping(value = "{department}/{examination}", method = RequestMethod.GET)
public String show(ModelMap model, Principal principal, Locale locale, D d) {
model.addAttribute(service.getItem(d) //THIS CAUSES NULL ON TEST
.addAttribute(new DateTime())
.addAttribute(locale);
return "show";
我试过这个
@Test (expected=AccessDeniedException.class)
public void testShowAccessDenied() {
super.simulateRole("ROLE_STUDENT");
controller.show(new ModelMap(), Helper.getTestPrincipal(), Locale.getDefault(), new D());
但它会在标记行上导致NullPointerException,这意味着测试正在运行该方法,而不是基于错误的角色抛出AccessDeniedException
我的超级测试班是
public class AuthorizeTestBase {
private Mockery jmock = new JUnit4Mockery();
private AuthenticationManager authenticationManager= jmock.mock(AuthenticationManager.class);
@Before
public void setUp() {
jmock.checking(new Expectations() {{ ignoring(anything()); }});
}
protected void simulateRole(String role) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority(role));
PreAuthenticatedAuthenticationToken pat = new PreAuthenticatedAuthenticationToken(Helper.getTestPrincipal(), "", authorities);
SecurityContextHolder.getContext().setAuthentication(authenticationManager.authenticate(pat));
}
我想我在嘲弄authenticationManager方面遗漏了一些东西。救救我 当您尝试呼叫服务时,NPE很高兴。您的类TestBase不知道任何SpringBeans服务/dao等。因此,它应该加载弹簧钢丝配置。下面是一个例子
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@ContextConfiguration(locations = {"classpath:/applicationContext-test.xml",
"classpath:/applicationContext-ABC-test.xml",
"classpath:/applicationContext-DEF-test.xml",
"classpath:/applicationContext-serviceGHI-test.xml",
"classpath:/applicationContext-securityHIJ-test.xml"
})
public class AuthorizeTestBase {
.....
}
另外,请查看-哪一行是标记行?请查看控制器方法代码并在其中进行注释,我可以理解,但是控制器方法不应该首先运行,因为它已@PreAuthorized anotation,并且用户角色错误?@mjgirl-恐怕您还没有理解。如果您在我的回答中看到了评论,那么您的应用程序将如何了解角色和内容?(((“hasRole(#d.code)或hasRole(‘ROLE#u ALL_ACCESS’)如果spring配置未加载?我是这么说的。在这种情况下,我不应该获取NullPointer,但获取它是因为自动验证出错。现在的问题是,我真正的sec配置使用ldap,它在pom中检索其连接属性。xml@mjgirl-而不是-private AuthenticationManager AuthenticationManager=jmock.mock(AuthenticationManager.class);您可以使用MockAuthenticationManager并重试吗?
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@ContextConfiguration(locations = {"classpath:/applicationContext-test.xml",
"classpath:/applicationContext-ABC-test.xml",
"classpath:/applicationContext-DEF-test.xml",
"classpath:/applicationContext-serviceGHI-test.xml",
"classpath:/applicationContext-securityHIJ-test.xml"
})
public class AuthorizeTestBase {
.....
}