Spring Security 404错误提示404错误提示

osh3o9ms  于 2023-01-26  发布在  Spring
关注(0)|答案(1)|浏览(304)

在通过postman进行的api测试中,api工作正常,但是在通过mockmvc进行的测试中,出现了404错误。
我的控制器类

@RestController
@RequestMapping("/login")
@EnableWebMvc
public class UserController {
    @GetMapping("/hi")
    public ResponseEntity<String> hi(){
        return new ResponseEntity<>("hi", HttpStatus.OK);
    }
}

我的安全配置

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Bean
    protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .headers()
                .addHeaderWriter(new XFrameOptionsHeaderWriter(
                        XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN))
                .and()
                .authorizeHttpRequests(authorize -> authorize
                        .anyRequest().permitAll())
        ;
        return http.build();
    }

我的测试类

@ExtendWith(SpringExtension.class)
@ContextConfiguration(classes = SecurityConfig.class)
@WebAppConfiguration
@WebMvcTest(UserController.class)
class UserControllerTest {
    @Test
    @DisplayName("Get check")
    void getCheck() throws Exception {
        mockMvc.perform(get("/login/hi"))
                .andDo(print())
                .andExpect(status().isOk());
    }
}

我该怎么办?
即使是Spirng安全的文件也不正确。

yebdmbv4

yebdmbv41#

你正在使用一个所谓的“Sping Boot Test Slice”(@WebMvcTest),它只配置与Web层相关的所有内容。这很好。这个Slice将找到你的控制器,也会拾取你的安全配置。
但是,您添加了@ContextConfiguration
{@code @ContextConfiguration}定义了类级别的元数据,用于确定如何为集成测试加载和配置{@link org.springframework.context. ApplicationContext}。
这样,您就有效地禁用了UserController的自动发现,而您只得到了安全配置。MockMVC可能会向您显示一个404错误。
如何修复这个问题?只要删除它:)但是当你这样做的时候,你的自定义Spring Security配置在测试过程中也会消失。
要解决此问题,您有两个选项:您可以在切片上导入其他配置类,如下所示:

@WebMvcTest(includeFilters = @Filter(type = FilterType.ASSIGNABLE_TYPE, classes = SecurityConfig.class))`

或执行如下完整集成测试:

@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.MOCK)

后者将调出所有内容(除了嵌入式服务器,但这也可以做到)。
正如您最初要求的切片,这里是我的建议(注意,您不需要扩展名,也不需要配置的技巧):

package com.example.demo;

import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.annotation.ComponentScan.Filter;
import org.springframework.context.annotation.FilterType;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.test.web.servlet.MockMvc;

@WebMvcTest(includeFilters = @Filter(type = FilterType.ASSIGNABLE_TYPE, classes = SecurityConfig.class))
class UserControllerTest {

    @Autowired
    MockMvc mockMvc;

    @Test
    @DisplayName("Get check")
    void getCheck() throws Exception {
        mockMvc.perform(get("/login/hi"))
            .andDo(print())
            .andExpect(status().isOk());
    }

    @Test
    @WithMockUser("Michael")
    void testWithUser() throws Exception {
        mockMvc.perform(get("/login/ho"))
            .andDo(print())
            .andExpect(status().isOk())
            .andExpect(content().string("hi Michael"));
    }
}

我向控制器添加了第二个方法,并稍微更改了安全配置,以明确如何 * 使用 * 模拟用户进行测试:

package com.example.demo;

import static org.springframework.security.config.Customizer.withDefaults;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Bean
    protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(
                authorize ->
                    authorize
                        .requestMatchers("/login/ho").fullyAuthenticated()
                        .anyRequest().permitAll()
            )
            .formLogin(withDefaults());
        ;
        return http.build();
    }
}

以及控制器:

package com.example.demo;

import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/login")
public class UserController {

    @GetMapping("/hi")
    public ResponseEntity<String> hi() {
        return new ResponseEntity<>("hi", HttpStatus.OK);
    }

    @GetMapping("/ho")
    public ResponseEntity<String> ho(Authentication d) {
        return new ResponseEntity<>("hi " + d.getName(), HttpStatus.OK);
    }
}

还请注意,您真的不应该将@Configuration放在实际实现您的业务的类上,请将它们分开(我指的是将@EnableWebMvc添加到控制器中......此外,无论如何,对于Sping Boot Web MVC启动器,注解本身是多余的)。
完整的pom.xml也可供参考:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.0.2</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.example</groupId>
    <artifactId>demo</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>demo</name>
    <description>Demo project for Spring Boot</description>
    <properties>
        <java.version>17</java.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

相关问题