我有注射认证REST服务,我想用mockmvc为它创建一个单元测试验证注入。我RestController类如下:
import java.util.ArrayList;
import java.util.Collection;
import java.util.Set;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import com.blss.security.securityCommon.entities.SecureOperatorDetails;
import com.blss.security.securityGateway.providers.AccAuthenticationProvider;
import lombok.Data;
@RestController
@RequestMapping("/gateway")
public class AuthenticationDetailsRestController {
@RequestMapping(value = "/userdetails", method = RequestMethod.GET)
public UserDetailsResource currentUserName(Authentication authentication) {
ArrayList<String> rolesList = new ArrayList<>();
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
authorities
.forEach(a -> {
if (!a.getAuthority().startsWith(
AccAuthenticationProvider.CAD_TOKEN_AUTHORITY_PREFIX)) {
rolesList.add(a.getAuthority());
}
});
SecureOperatorDetails operator = ((SecureOperatorDetails) authentication.getDetails());
return new UserDetailsResource(
authentication.getName(),
operator.getOperator().getName(),
operator.getOperator().getPermittedRetailerIds(),
operator.getOperator().getStores(),
operator.getOperator().getRetailerId(),
operator.getDefaultStoreId(),
operator.getDeviceId(),
rolesList);
}
@Data
static class UserDetailsResource {
private final String username;
private final String name;
private final Set<String> retailerIds;
private final Set<String> stores;
private final String retailerId;
private final String storeId;
private final String deviceId;
private final ArrayList<String> roles;
}
}
问题
我不知道如何嘲笑认证,并注入它在我的测试类,以避免401 HTTP异常或访问此资源需要完整身份验证。
现在,我将不胜感激,如果有人能帮助我解决这个问题
bypassing authentication?听起来很可疑。 – Takarii