Fatal编程技术网
  • spring/
  • Spring 预授权(hasRole)控制器方法下的单元测试

Spring 预授权(hasRole)控制器方法下的单元测试

spring unit-testing authentication spring-security

Spring 预授权(hasRole)控制器方法下的单元测试,spring,unit-testing,authentication,spring-security,Spring,Unit Testing,Authentication,Spring Security,我正在尝试为此控制器方法编写单元测试 @PreAuthorize("hasRole(#d.code) or hasRole('ROLE_ALL_ACCESS')") @RequestMapping(value = "{department}/{examination}", method = RequestMethod.GET) public String show(ModelMap model, Principal principal, Locale locale, D d) {

我正在尝试为此控制器方法编写单元测试

    @PreAuthorize("hasRole(#d.code) or hasRole('ROLE_ALL_ACCESS')")
@RequestMapping(value = "{department}/{examination}", method = RequestMethod.GET)
public String show(ModelMap model, Principal principal, Locale locale, D d) {
    model.addAttribute(service.getItem(d) //THIS CAUSES NULL ON TEST
            .addAttribute(new DateTime())
            .addAttribute(locale);
    return "show";
我试过这个

@Test (expected=AccessDeniedException.class)
public void testShowAccessDenied() {
super.simulateRole("ROLE_STUDENT");
 controller.show(new ModelMap(), Helper.getTestPrincipal(), Locale.getDefault(), new D());
但它会在标记行上导致NullPointerException,这意味着测试正在运行该方法,而不是基于错误的角色抛出AccessDeniedException

我的超级测试班是

 public class AuthorizeTestBase {

private Mockery jmock = new JUnit4Mockery();
private AuthenticationManager authenticationManager= jmock.mock(AuthenticationManager.class);

@Before
public void setUp() {
 jmock.checking(new Expectations() {{ ignoring(anything()); }});   
}

protected void simulateRole(String role) {
    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    authorities.add(new SimpleGrantedAuthority(role));
    PreAuthenticatedAuthenticationToken pat = new PreAuthenticatedAuthenticationToken(Helper.getTestPrincipal(), "", authorities);
    SecurityContextHolder.getContext().setAuthentication(authenticationManager.authenticate(pat));

}
我想我在嘲弄authenticationManager方面遗漏了一些东西。救救我

当您尝试呼叫服务时,NPE很高兴。您的类TestBase不知道任何SpringBeans服务/dao等。因此,它应该加载弹簧钢丝配置。下面是一个例子

@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@ContextConfiguration(locations = {"classpath:/applicationContext-test.xml",
                                   "classpath:/applicationContext-ABC-test.xml",
                                   "classpath:/applicationContext-DEF-test.xml",
                                   "classpath:/applicationContext-serviceGHI-test.xml",
                                   "classpath:/applicationContext-securityHIJ-test.xml"
})
 public class AuthorizeTestBase {
.....

}
另外,请查看-

哪一行是标记行?请查看控制器方法代码并在其中进行注释,我可以理解,但是控制器方法不应该首先运行,因为它已@PreAuthorized anotation,并且用户角色错误?@mjgirl-恐怕您还没有理解。如果您在我的回答中看到了评论,那么您的应用程序将如何了解角色和内容?(((“hasRole(#d.code)或hasRole(‘ROLE#u ALL_ACCESS’)如果spring配置未加载?我是这么说的。在这种情况下,我不应该获取NullPointer,但获取它是因为自动验证出错。现在的问题是,我真正的sec配置使用ldap,它在pom中检索其连接属性。xml@mjgirl-而不是-private AuthenticationManager AuthenticationManager=jmock.mock(AuthenticationManager.class);您可以使用MockAuthenticationManager并重试吗? 
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@ContextConfiguration(locations = {"classpath:/applicationContext-test.xml",
                                   "classpath:/applicationContext-ABC-test.xml",
                                   "classpath:/applicationContext-DEF-test.xml",
                                   "classpath:/applicationContext-serviceGHI-test.xml",
                                   "classpath:/applicationContext-securityHIJ-test.xml"
})
 public class AuthorizeTestBase {
.....

}