0
私は自分のプロジェクトにoauth2を実装するためにspring-security-oauth2バージョン2.0.5.RELEASEを使用しています。システムのユーザーのステータスに基づいて異なるHTTP応答コードを返す必要があるため、私は自分のWebResponseExceptionTranslatorをTokenEndpointで使用する必要があります。バージョン2.0.5では、独自の例外トランスレータを使用するためにスプリングセキュリティを設定することはできませんが、最新のバージョンである2.0.9 RELEASEでは可能です。Spring-security-oauth2 2.0.6 - 2.0.5からのアップデート後、モッキングセキュリティが動作しない
しかしバージョン2.0.6以降では、私の単体テストが機能しません。
@SpringApplicationConfiguration(classes = {AuthorizationServer.class, WebSecurityConfig.class, AuthorizationServerConfig.class, SpringSecurityConfiguration.class})
@WebAppConfiguration
@TestExecutionListeners({DependencyInjectionTestExecutionListener.class})
@RunWith(SpringJUnit4ClassRunner.class)
public class SecurityTest {
@Autowired
private WebApplicationContext wac;
@Autowired
private FilterChainProxy filterChainProxy;
private MockMvc mockMvc;
@Before
public void setUp() {
mockMvc = webAppContextSetup(wac)
.addFilters(filterChainProxy)
.build();
}
@Test
public void allowPatientsToAccessSecureData() throws Exception {
mockMvc.perform(get(AUTHORIZATION_SERVER + "/user").with(user("user").roles(PATIENT.toString())).secure(true))
.andExpect(status().isOk());
}
}
をしかし、私は、応答アクセスが拒否された取得 - ログはユーザーが匿名であることを言っている:私は次のようにコントローラへの呼び出しを模擬するために、スプリング・セキュリティ・テスト4.0.3リリースバージョンを使用しています。私のテストをやり直す解決策はありますか?あたかもフィルターチェーン処理で何かが変わったかのように見えます。
2016-04-04 09:34:39.460 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-04-04 09:34:39.463 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-04-04 09:34:39.463 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/users/user'; against '/logout'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.s.o.p.a.BearerTokenExtractor : Token not found in headers. Trying request parameters.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.s.o.p.a.BearerTokenExtractor : Token not found in request parameters. Not an OAuth2 request.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] p.a.OAuth2AuthenticationProcessingFilter : Clearing security context.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] p.a.OAuth2AuthenticationProcessingFilter : No token in request, will continue chain.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-04-04 09:34:39.466 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-04-04 09:34:39.466 DEBUG 8512 --- [ main] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2016-04-04 09:34:39.466 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /oauth/users/user; Attributes: [#oauth2.throwOnError(authenticated)]
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2016-04-04 09:34:39.474 DEBUG 8512 --- [ main] o.s.s.access.vote.AffirmativeBased : Voter: org.sp[email protected]130a6eb9, returned: -1
2016-04-04 09:34:39.479 DEBUG 8512 --- [ main] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
私はアプリケーションセキュリティが動作するので、それは単なるMockMvcの問題です。