0
Ich benutze Spring-Security-oauth2 Version 2.0.5.RELEASE, um oauth2 in meinem Projekt zu implementieren. Da ich verschiedene HTTP-Antwortcodes basierend auf dem Status des Benutzers im System zurückgeben muss, muss ich meinen eigenen WebResponseExceptionTranslator in TokenEndpoint verwenden. In der Version 2.0.5 ist es nicht möglich, Spring Security so zu konfigurieren, dass eigene Ausnahmeübersetzer verwendet werden können. Dies ist jedoch in der neuesten Version 2.0.9 RELEASE möglich.Spring-Sicherheit-oauth2 2.0.6 - Mocking Sicherheit funktioniert nicht nach dem Update von 2.0.5
Aber seit Version 2.0.6 und neuer funktionieren meine Komponententests nicht. Ich bin mit Feder-Sicherheitstest 4.0.3 RELEASE Version Anrufe verspotten wie folgt an die Steuerung:
@SpringApplicationConfiguration(classes = {AuthorizationServer.class, WebSecurityConfig.class, AuthorizationServerConfig.class, SpringSecurityConfiguration.class})
@WebAppConfiguration
@TestExecutionListeners({DependencyInjectionTestExecutionListener.class})
@RunWith(SpringJUnit4ClassRunner.class)
public class SecurityTest {
@Autowired
private WebApplicationContext wac;
@Autowired
private FilterChainProxy filterChainProxy;
private MockMvc mockMvc;
@Before
public void setUp() {
mockMvc = webAppContextSetup(wac)
.addFilters(filterChainProxy)
.build();
}
@Test
public void allowPatientsToAccessSecureData() throws Exception {
mockMvc.perform(get(AUTHORIZATION_SERVER + "/user").with(user("user").roles(PATIENT.toString())).secure(true))
.andExpect(status().isOk());
}
}
Aber ich bekomme Antwort Zugriff verweigert - Protokolle sagen, dass Benutzer anonym ist. Gibt es eine Lösung, damit mein Test wieder funktioniert? Es sieht so aus, als ob sich etwas mit der Filterkettenverarbeitung geändert hat.
2016-04-04 09:34:39.460 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-04-04 09:34:39.463 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-04-04 09:34:39.463 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/users/user'; against '/logout'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.s.o.p.a.BearerTokenExtractor : Token not found in headers. Trying request parameters.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.s.o.p.a.BearerTokenExtractor : Token not found in request parameters. Not an OAuth2 request.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] p.a.OAuth2AuthenticationProcessingFilter : Clearing security context.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] p.a.OAuth2AuthenticationProcessingFilter : No token in request, will continue chain.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-04-04 09:34:39.466 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-04-04 09:34:39.466 DEBUG 8512 --- [ main] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2016-04-04 09:34:39.466 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /oauth/users/user; Attributes: [#oauth2.throwOnError(authenticated)]
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2016-04-04 09:34:39.474 DEBUG 8512 --- [ main] o.s.s.access.vote.AffirmativeBased : Voter: org.sp[email protected]130a6eb9, returned: -1
2016-04-04 09:34:39.479 DEBUG 8512 --- [ main] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
Wenn ich die Bereitstellung der Anwendung Sicherheit funktioniert, so ist es nur MockMvc Problem.