6

Spring Boot 版本:2.0.4.RELEASE
对于下面的 Spring Boot 测试,测试返回不需要的 401 响应:

“401”状态,“错误”:“未授权”

为测试禁用 Spring Security 的最佳方法是什么?
我尝试添加配置“security.basic.enabled=false”属性,如下所示:

@SpringBootTest(<br>
    webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,<br>
    classes = TestApp.class,<br>
    properties = {
        "security.basic.enabled=false"
})

并将此注释添加到类中:

@AutoConfigureMockMvc(secure = false)

但不幸的是,测试仍然返回“401”未经授权的错误代码。

原始测试

@RunWith(SpringRunner.class)
@SpringBootTest(
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
classes = App.class
)

public class ExampleTest{

@Autowired
public void setup(@LocalServerPort int port) {
    RestAssured.port = port;
}

@Test
public voidtestMethod() {
// This test code is not important to my question.     
given().log().all().get("/resources").then().log().all().statusCode(HttpURLConnection.HTTP_BAD_REQUEST).body("error", equalTo("invalid_request")).body(not(containsString("error_reason")));
}
}

被单元测试的类很简单:

@SpringBootApplication
@RestController
public class App {
@GetMapping("/resources")
public String[] resources(
        @RequestParam("mandatory_param") String mandatory,
        @RequestParam("valid_param") @NotNull String validParam) {
    return new String[]{"1", "2"};
}
...
}

有谁知道如何为测试禁用弹簧安全性?谢谢

4

1 回答 1

5

将两者@SpringBootTest与随机端口一起使用@AutoConfiguration可能是一个问题。你能试一下吗:

@RunWith(SpringRunner.class)
@WebMvcTest(App.class)
@AutoConfigureMockMvc(secure = false)
public class ExampleTest{}

或者

@RunWith(SpringRunner.class)
@SpringBootTest
@EnableAutoConfiguration(exclude = { SecurityAutoConfiguration.class, ManagementSecurityAutoConfiguration.class })
public class ExampleTest{}

您可以添加自定义配置文件(integration_test)并制作:

security:
      basic:
        enabled: false

@RunWith(SpringRunner.class)
@SpringBootTest
@ActiveProfiles(value="integration_test")
public class ExampleTest{}

更新:刚刚在另一个 SO 问题中找到了类似的答案:Disable security for unit tests with spring boot

于 2018-10-26T08:54:46.057 回答