Warm tip: This article is reproduced from serverfault.com, please click
integration-testing spring-mvc spring-security spring5

TestRestTemplate and spring security

发布于 2020-11-30 19:45:26

I am learning spring rest. I am slowly building an application. I had full integration testing working well using TestRestTemplate.
However, I just started adding spring security to my application. Literally as soon as I add the spring security dependency, my testing fails.

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

I get these errors like so:

Error while extracting response for type [class [Lcom.myproject.model.viewobjects.AView;] and content type [application/json]; nested exception is org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Cannot deserialize instance of `[Lcom.myproject.model.viewobjects.AView;` out of START_OBJECT token; nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize instance of `[Lcom.myproject.model.viewobjects.AView;` out of START_OBJECT token
 at [Source: (PushbackInputStream); line: 1, column: 1]

When I debug, the object it returns which it is trying deserialize is null. If I put a breakpoint on the rest controller it doesn't even get there.

It seems like just adding the dependency turns a lot of defaults on. How do I test with security on? 1)Can I disable the security for testing somehow?

2)Can I somehow allow no credentials or send acceptable fake credentials? (I did see examples of @WithMockUser but that doesn't work with TestRestTemplate)

Edit: I tried adding a security implementation to my test class to enable anonymous access and permitall:

@EnableWebSecurity
class TestSecurityConfig extends WebSecurityConfigurerAdapter
    {
    @Override
    protected void configure(HttpSecurity http) throws Exception
        {
        http.anonymous().and().authorizeRequests().antMatchers("/**").permitAll();
        }
    }

The result of this is that @GetMapping work. I can trace that the calls reach the controller. But @PostMapping still do not work. The calls never reach the controller. The post calls look like so:

updatedAView = restTemplate.postForObject(create_aview_url, aView, AView.class);

Why would get work but not post??? Also, to make sure there wasn't something else, I again went and removed the spring-boot-starter-security dependency and all the code that relates. Suddenly everything works. So it is definitely the security config that does this.

Questioner
springcorn
Viewed
0
分享
springcorn 2020-12-02 06:12:16

If you include the spring-boot-starter-security dependency, spring security is enabled by default. TestRestTemplate requests will be processed through the security system.

If you want to test without authentication, you can configure a version of WebSecurityConfigurerAdapter with @EnableWebSecurity for testing only that is permissive. You may need to exclude other configurations so they don't override this.

Here is an example:

@EnableWebSecurity
class TestSecurityConfig extends WebSecurityConfigurerAdapter
    {
    @Override
    protected void configure(HttpSecurity http) throws Exception
        {
        http.anonymous().and().csrf().disable().authorizeRequests().antMatchers("/**").permitAll();
        }
    }

This allows you to make requests without user credentials

http.anonymous()

If you don't include the:

csrf().disable()

@GetMapping will work but no PostMapping or requests that change data as that is when csrf comes into play and it is enabled by default.

This permits you to access all the URLs in your application. You can of course limit this if you like:

authorizeRequests().antMatchers("/**").permitAll()

热门帖子

1
[内购终身版限时免费][macOS] Barbee - 拯救你的菜单栏空间(刘海屏快来!
2
关于出镜旅游
3
原来凤凰系统已经倒闭 2 年多了
4
B 站必火推广好假啊
5
Apple TV 经常自动开机
6
推特尼日尼亚去也涨价了,羊毛没了
7
求推荐 3k 左右的烘干机
8
真搞笑, homepod 在 windows 上延迟比在 mac 上还小。。
9
[疑难杂症] 安卓面具求助,拯救楼主的 3000 软 QAQ
10
收个路由器,稳定的。

热门github

1
A multi-platform library for OpenGL, OpenGL ES, Vulkan, window and input
2
Dev tool that writes scalable apps from scratch while the developer oversees the implementation
3
shadcn/ui, but for Svelte. ✨
4
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems.
5
Performance-portable, length-agnostic SIMD with runtime dispatch
6
ZK Credo
7
OpenCodeInterpreter: Integrating Code Generation with Execution and Refinement
8
Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
9
Mamba is a new state space model architecture showing promising performance on information-dense data such as language modeling, where previous subquadratic models fall short of Transformers. It is based on the line of progress on structured state space models, with an efficient hardware-aware design and implementation in the spirit of FlashAttention.
10
This repository contains System Design resources which are useful while preparing for interviews and learning Distributed Systems
11
Curso para aprender el lenguaje de programación Python desde cero y para principiantes. 75 clases, 37 horas en vídeo, código, proyectos y grupo de chat. Fundamentos, frontend, backend, testing, IA...
12
🎓 Path to a free self-taught education in Computer Science!
13
1️⃣🐝🏎️ The One Billion Row Challenge -- A fun exploration of how quickly 1B rows from a text file can be aggregated with Java
14
A collective list of free APIs
15
📚 Freely available programming books