我正在尝试做一些应该非常简单的事情,那就是在我的
CustomUserDetails@WithUserDetails问题是被测试的方法总是用标准的
org.springframework.security.core.userdetails.UserCustomUserDetails我已经实现了我自己的
UserDetailsServiceCustomUserDetailsUser我一生都无法弄清楚为什么。
当我将代码作为应用程序运行时,它运行良好。我只是无法让它与测试用户一起用于我的测试用例。
我的代码是:
自定义用户类
@Data
public class CustomUserDetails extends User {
private ZoneId zoneId;
public CustomUserDetails(String username, String password,
Collection<? extends GrantedAuthority> authorities) {
super(username, password, authorities);
}
public CustomUserDetails(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
}
}
我的测试 userDetailsService 返回 CustomUserDetails 的实例
@Bean
@Primary
public InMemoryUserDetailsManager myUserDetailsService() {
CustomUserDetails basicUser = new CustomUserDetails("[email protected]", "password", true, true, true, true, Arrays.asList(new SimpleGrantedAuthority("ROLE_USER")));
basicUser.setZoneId(ZoneId.of("UTC"));
return new InMemoryUserDetailsManager(basicUser);
}
我的实际测试
@RunWith(SpringRunner.class)
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = SpringSecurityTestConfig.class
)
@AutoConfigureMockMvc(addFilters = false)
class UploadFileTest {
@Autowired
private MockMvc mockMvc;
@Test
@WithUserDetails(value="[email protected]", userDetailsServiceBeanName="myUserDetailsService")
void doValidUploadFileNoParams() throws Exception {
mockMvc.perform(get("/web/uploadFile"))
.andExpect(status().isOk());
}
}
我要测试的服务方法
@GetMapping("/uploadFile")
public String listUploadedFiles(@AuthenticationPrincipal CustomUserDetails userDetails, Model model) {
List<ScanQueryFileUploadDetailsDTO> fileUploadList = storageService.findAllDetails();
//if users timeZone is set and is NOT UTC then change. If UTC then just leave unchanged.
if((userDetails.getZoneId() != null) && (!userDetails.getZoneId().equals(ZoneId.of("UTC")))) {
//convert times to match ZoneID of logged in user
fileUploadList.forEach(f -> f.setUploadDateTime(convertDateTime(f.getUploadDateTime(), userDetails.getZoneId())));
model.addAttribute("files", fileUploadList);
return "uploadForm";
}
通过上述参数
CustomUserDetailsuserDetailsnull如果我将其更改为
org.springframework.security.core.userdetails.UserCustomUserDetails我已确定
myUserDetailsService我发现很奇怪,我用
myUserDetailsServiceCustomUserDetails您使用
InMemoryUserDetailsManagerCustomUserDetailsInMemoryUserDetailsManagerUserloadUserByUsername()要从
CustomUserDetailsloadUserByUsername()UserDetailsService 或 UserDetailsManager自定义实现(这将是现实应用程序中的情况,因为需要保留用户,而不是将用户数据保存在内存中)。
让我们更详细地了解一下配置测试
SecurityContext@WithUserDetails()在执行测试方法之前,新创建的
SecurityContextAuthenticationAuthentionUserDetails 时,UserDetailsServiceloadUserByUsername()@WithUserDetails如果你想验证我所说的是否正确,请查看WithUserDetailsSecurityContextFactory.createSecurityContext()
的实现。到目前为止,一切都很好。
InMemoryUserDetailsManagerUserDetails实现进入
InMemoryUserDetailsManagerMutableUserUserDetailsManager.changePassword()public InMemoryUserDetailsManager(UserDetails... users) {
for (UserDetails user : users) {
createUser(user);
}
}
@Override
public void updateUser(UserDetails user) {
Assert.isTrue(userExists(user.getUsername()), "user should exist");
this.users.put(user.getUsername().toLowerCase(), new MutableUser(user));
}
当您使用
UserDetails检索
loadUserByUsername()UserUserDetails@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserDetails user = this.users.get(username.toLowerCase());
if (user == null) {
throw new UsernameNotFoundException(username);
}
return new User(user.getUsername(), user.getPassword(), user.isEnabled(), user.isAccountNonExpired(),
user.isCredentialsNonExpired(), user.isAccountNonLocked(), user.getAuthorities());
}
催眠般地,如果它知道如何基于初始实例和新密码构建它,它可能会返回任何
UserDetails实现(
这可以通过在实例化管理器时提供工厂来完成)。但由于
InMemoryUserDetailsManager 仅适用于编写简单的演示和探索 UserDetailsManagerInMemoryUserDetailsManager只能给你
org.springframework.security.core.userdetails.UserUserDetailsManager(或
UserDetailsService如果您只想继续尝试 Spring Security 并且暂时不想处理持久性,那么您可以创建自己的内存中实现。
下面是
UserDetailsService实施方式的示例:
public class CustomInMemoryUserDetailsService implements UserDetailsService {
private final Map<String, UserDetails> userByName;
public CustomInMemoryUserDetailsService(UserDetails... users) {
this.userByName = Arrays.stream(users)
.collect(toMap(
UserDetails::getUsername,
Function.identity()
));
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
var user = userByName.get(username);
if (user == null) {
throw new UsernameNotFoundException(username);
}
return user;
}
}
在配置类中将
InMemoryUserDetailsManager替换为
CustomInMemoryUserDetailsService@Bean
UserDetailsService myUserDetailsService() {
var user = new CustomUserDetails(
"[email protected]",
"password",
List.of(new SimpleGrantedAuthority("ROLE_USER"))
);
return new CustomInMemoryUserDetailsService(user);
}
UserDetailsService 更容易实现,因为它只定义了一种方法,但它的能力不如
UserDetailsManagerUserDetailsManager将实现此接口作为家庭作业。