我在 Scala 中进行 Gatling 测试,想验证解码后的 JWT 令牌中的一些字段。我知道如何对其进行解码,但是不可能/非常慢地将生成的 JSON 映射到杰克逊的实体,就像我在 Java 中所做的那样,以检查值和/或存在。
我做了一些 HTTP 请求并以 JSON 格式获取 JWT 令牌,例如:
{"id_token":"xxxxxxx...."}
令牌是 JWT;我可以对其进行解码以获取另一个 JSON:
JWSObject jwsObject = JWSObject.parse(authorizeToken); // from com.nimbusds.jose.JWTObject
log.info("Decoded JWS object: {}", jwsObject.getPayload().toString());
它让我:
{
"sub": "c3f0d627-4820-4397-af20-1de71b208b15",
"birthdate": "1942-11-08",
"last_purchase_time": 1542286200,
"gender": "M",
"auth_level": "trusted",
"iss": "http:\/\/somehost.com",
"preferred_username": "test6@app.com",
"given_name": "test6",
"middle_name": "test6",
"nonce": "random_string",
"prv_member_id": 146794237,
"aud": "some_issuer",
"nbf": 1546869709,
"is_premium": true,
"updated_at": 1540812517,
"registered_time": 1527677605,
"name": "test6 test6 test6",
"nickname": "test6",
"exp": 1546870708,
"iat": 1546869709,
"family_name": "test6",
"jti": "838bdd3f-1add-46f5-b3a1-cb220d3547a6"
}
在 Java 中,我定义了一个 DTO 并将这个 JSON 转换为 DTO 的一个实例,并使用Assert.assertEquals()或检查每个字段的值。
但是,在加特林,这是不可能的:
- 与杰克逊的转变非常缓慢,这需要我永远。
- 调用是链式的
check(),不能像org.junit.Assert.
我和:
http(...).exec(...)
.check(
header(HttpHeaderNames.ContentType).is("application/json;charset=UTF-8"),
jsonPath("$..id_token") exists,
jsonPath("$..id_token").saveAs("id_token"),
status.is(200),
)
)
.exitHereIfFailed
.exec(session => {
val token = session("id_token").as[String]
log.debug("Token: " + token)
val decodedToken:String = JWSObject.parse(token).getPayload.toString()
val dto:JWTPayloadDTO = JsonUtil.fromJson(decodedToken) // this is very slow
// here verification
log.info("JWT payload: " + dto)
session
}
那么,我能做些什么呢?check()部分不起作用session => {}。
JsonUtil.fromJson():
package xxx.helpers
import com.fasterxml.jackson.databind.{DeserializationFeature, ObjectMapper}
import com.fasterxml.jackson.module.scala.experimental.ScalaObjectMapper
import com.fasterxml.jackson.module.scala.DefaultScalaModule
import scala.collection.mutable.ListBuffer
object JsonUtil {
val mapper = new ObjectMapper() with ScalaObjectMapper
mapper.registerModule(DefaultScalaModule)
mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
def fromJson[T](json: String)(implicit m : Manifest[T]): T = {
mapper.readValue[T](json)
}
}
DTO:
package xxx.dto
import com.fasterxml.jackson.databind.PropertyNamingStrategy
import com.fasterxml.jackson.databind.annotation.JsonNaming
@JsonNaming(classOf[PropertyNamingStrategy.SnakeCaseStrategy])
case class JWTPayloadDTO(
aud: String,
iss: String,
exp: Long,
nbf: Long,
iat: Long,
sub: String,
authLevel: String,
jti: String,
nonce: String,
preferredUsername: String,
name: String,
givenName: String,
familyName: String,
middleName: String,
nickname: String,
profile: String,
picture: String,
website: String,
email: String,
emailVerified: Boolean,
gender: String,
birthdate: String,
zoneInfo: String,
locale: String,
phoneNumber: String,
phoneNumberVerified:Boolean,
mobileNumber: String,
updatedAt: Long,
registeredTime: Long,
prvMemberId: Long,
fbUid: String,
lastPurchaseTime: Long,
isPremium: Boolean,
isStaff: Boolean
)