SpringSecurity + MockMvc写单元测试(包括认证,授权,模拟Cookie)
写在前面
Spring Security 是一个权限控制框架,所有的接口都是基于当前用户角色,身份等,授权访问,在开发时,要先登陆,才能测试需要授权的接口, 但是如何写单元测试,测试授权的接口呢 ?
需要测试依赖,引包,
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
具体使用,包括以下几种测试方式
一、@WithMockUser,基于注解使用
1.1、代码示例
import lombok.SneakyThrows;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.MediaType;
import org.springframework.mock.web.MockMultipartFile;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.context.WebApplicationContext;
import java.io.File;
import java.io.FileInputStream;
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
/** * 单元测试-角色模块接口 * 数据回滚 @Transactional */
//@RunWith(SpringJUnit4ClassRunner.class)
//@ContextConfiguration(classes = Application.class)
//@SpringBootTest
//@FixMethodOrder(MethodSorters.NAME_ASCENDING)
//@Transactional
//@WithMockUser(username = "zx", password = "11111111")
@SpringBootTest
@RunWith(SpringRunner.class)
@Transactional
@AutoConfigureMockMvc
@WithMockUser(username = "as", password = "as")
public class UserControllerTest {
private MockMvc mockMvc;
@Autowired
private WebApplicationContext wac;
@Before
public void setup() {
this.mockMvc = MockMvcBuilders
.webAppContextSetup(wac)
.build();
}
@Test
public void add() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/test/user/add")
.contentType(MediaType.APPLICATION_JSON)
.content("{\n" +
" \"userCode\": \"lss002\",\n" +
" \"userName\": \"ls022\",\n" +
" \"departmentId\": 10,\n" +
" \"email\": \"154@dse.com\",\n" +
" \"station\": \"dep\",\n" +
" \"company\": \"com1\",\n" +
" \"entryTime\": \"2001-12-12\",\n" +
" \"leaveTime\": \"\",\n" +
" \"entranceStatus\": 1\n" +
"}")
.accept(MediaType.APPLICATION_JSON))
.andDo(print());
}
}
二、配置自定义Token
2.1、代码示例
import lombok.SneakyThrows;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.MediaType;
import org.springframework.mock.web.MockMultipartFile;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.context.WebApplicationContext;
import java.io.File;
import java.io.FileInputStream;
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
/** * 单元测试-角色模块接口 * 数据回滚 @Transactional */
//@RunWith(SpringJUnit4ClassRunner.class)
//@ContextConfiguration(classes = Application.class)
//@SpringBootTest
//@FixMethodOrder(MethodSorters.NAME_ASCENDING)
//@Transactional
//@WithMockUser(username = "zx", password = "11111111")
@SpringBootTest
@RunWith(SpringRunner.class)
@Transactional
@AutoConfigureMockMvc
public class UserControllerTest {
private MockMvc mockMvc;
@Autowired
private WebApplicationContext wac;
@Before
public void setup() {
this.mockMvc = MockMvcBuilders
.webAppContextSetup(wac)
.apply(springSecurity()) // 这里配置Security认证
.build();
}
@Test
public void add() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/test/user/add")
.cookie(new Cookie(LoginController.HEADER, "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ6eCIsImV4cCI6MTU4MzQwMzA0NX0.itXLLL8hcjyE-Q13CXl387Xk9-M9PkrmYeayGu-zSa2mZvYUlJx8zNPn81l2Tn9f9Iz1RsyLnf08mH85xD6mkA"))
.contentType(MediaType.APPLICATION_JSON)
.content("{\n" +
" \"userCode\": \"lss002\",\n" +
" \"userName\": \"ls022\",\n" +
" \"departmentId\": 10,\n" +
" \"email\": \"154@dse.com\",\n" +
" \"station\": \"dep\",\n" +
" \"company\": \"com1\",\n" +
" \"entryTime\": \"2001-12-12\",\n" +
" \"leaveTime\": \"\",\n" +
" \"entranceStatus\": 1\n" +
"}")
.accept(MediaType.APPLICATION_JSON))
.andDo(print());
}
}
这里的测试接口方式,就如同页面测试了(从Token中获取用户信息),这里的cookie,如下